|
|
|
|
|
|
by loup-vaillant
1042 days ago
|
|
|
It's tedious, but simple: revoke the old key, rotate to the new one. If you need the old key to revoke it (say you encrypted a disk, or you have wrapped credentials you need to unwrap first), then use the old buggy firmware to do the necessary decryption, then encrypt again with the new one. Writing the migration program that loads the two pieces of firmware (the old, then the new) to the dongle however is a pain in the butt. Especially if you can't restart the device without physically plugging it out and back in again. |
|
|