You can move out the key from the device using KMIP. I have an implementation that uses a Go-based service to store it in Nitrohsm. I'll clean it up and post a release announcement on Reddit...
You can move out the key from the device using KMIP. I have an implementation that uses a Go-based service to store it in Nitrohsm. I'll clean it up and post a release announcement on Reddit...
That'd be great, as the PyKMIP implementation wasn't very intuitive... (Nor Synology docs...)
Synology actually uses PyKMIP under the hood. They basically use it as a key-value storage for the encryption key, nothing advanced.
I went down the rabbit hole and implemented the KMIP client and server, that pass the tests from OASIS.
Sidenote: please, somebody nuke the OASIS from orbit. To be sure.