Home

nonextractable

Nonextractable describes a security property of secrets, such as cryptographic keys, indicating that the secret cannot be retrieved in plain form from the system or device where it resides. In practice, nonextractability is achieved by isolating the secret in hardware or in a protected software environment that enforces internal operations without exposing the secret material to the host system.

Common implementations include secure elements (SE) in smart cards and smartphones, trusted platform modules (TPMs), and

Nonextractability is not an absolute guarantee of security. It reduces the risk of key theft but does

Overall, nonextractability is a defense-in-depth concept that enhances secrecy by preventing straightforward retrieval of sensitive material,

hardware
security
modules
(HSMs).
These
components
are
designed
to
store
keys
in
tamper-resistant,
isolated
storage
and
to
perform
cryptographic
operations
internally,
often
with
device-bound
credentials
and
attestation
that
proves
the
origin
and
integrity
of
the
environment.
In
the
field
of
cryptocurrencies
and
digital
wallets,
nonextractable
private
keys
are
used
so
that
signing
of
transactions
can
occur
without
exporting
the
key
material
to
the
host
computer,
reducing
exposure
to
malware.
not
eliminate
all
attack
vectors.
Potential
weaknesses
include
side-channel
attacks,
firmware
or
supply
chain
compromises,
misconfigurations,
or
flaws
in
the
cryptographic
protocol
that
could
enable
indirect
leakage
or
misuse.
Some
devices
may
allow
constrained
or
controlled
export
under
specific
conditions,
or
reveal
ancillary
data
such
as
public
keys
or
attestation
evidence,
which
is
different
from
exporting
the
secret
itself.
rather
than
an
imitation
of
universal
security.