Exploiting hardware-backed keys with the new EVP_SKEY API

The Linux on IBM Z (s390x) platform provides hardware-backed keys. These so called protected keys hide the clear keys from the Application and even the Operating System, while the platform provides instructions to do standard cryptographic operations with this key material. The talk gives a brief introduction to this Hardware feature and why it was not possible to exploit it in OpenSSL prior to version 3.5.0. The main part of the talk will focus on how the new EVP_SKEY API changes the game and gives an insight to the implementation. As a summary, the talk gives some arguments why using hardware-backed keys (via the EVP_SKEY API) increases the security of applications.