Home

Nonextractability

Nonextractability refers to the property of a secret material or cryptographic key that cannot be retrieved from the system, device, or module in which it is stored. The aim is to ensure that the key can be used for cryptographic operations without exposing its raw value outside the secure environment. Nonextractability does not prevent use; cryptographic operations such as signing, decryption, or key agreement can be performed inside the secure container, with only the resulting data leaving the module.

In practice, nonextractability is implemented in hardware security modules (HSMs), secure elements, trusted execution environments, and

Limitations include that nonextractable keys may still be vulnerable to side-channel attacks, firmware compromises, or other

Examples include an RSA private key stored in a hardware token used to sign transactions or an

See also: key management, cryptographic module, extractable, secure element, TPM, HSM, WebCrypto.

secure
enclaves,
as
well
as
in
software
interfaces
that
enforce
an
extractable
flag.
For
example,
in
the
Web
Crypto
API
a
key
can
be
created
with
extractable
set
to
false,
meaning
the
key
cannot
be
exported.
Standards
and
regulations
for
cryptographic
modules,
such
as
FIPS
140-2/3,
emphasize
preventing
key
export
and
controlling
how
keys
are
used
and
protected.
failure
modes.
Nonextractability
can
also
complicate
certain
operational
needs,
such
as
backup,
recovery,
or
migration
of
keys,
requiring
secure
wrapping,
provisioning,
or
key
escrow
strategies.
Derived
data
or
certain
outputs
may
still
reveal
information
about
the
key
under
some
circumstances.
AES
key
inside
an
HSM
used
for
decryption
without
exposing
the
key
itself.