Skip to main content
SThornell
SThornell
New Member
June 23, 2025
Question

Retrieve ML-KEM keys from an external HSM using KMIP for secure PQC key exchange on IPSEC VPN

  • June 23, 2025
  • 3 replies
  • 764 views

Hi, 

 

Is it possible to retrieve the ML-KEM keys from an external HSM using KMIP? I've been reading this article, Post-Quantum Cryptography for IPsec key exchange NEW | FortiGate / FortiOS 7.6.1 | Fortinet Document...

 

We currently have the ability to retrieve the IPSEC SA key from an external HSM using KMIP, IPsec SA key retrieval from a KMS server using KMIP | FortiGate / FortiOS 7.4.0 | Fortinet Document .... However it would be great to be able to retrieve the ML-KEM keys as well. Is this supported? If so is there a configuration guide or some guidance you could offer?

3 replies

Jean-Philippe_P
Staff & Editor
Jean-Philippe_P
Staff & Editor
June 26, 2025

Hello SThornell, 

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

 

Thanks, 

Jean-Philippe - Fortinet Community Team
Jean-Philippe_P
Staff & Editor
Jean-Philippe_P
Staff & Editor
June 27, 2025

Hello,

 

We are still looking for an answer to your question.

 

We will come back to you ASAP.

 

Thanks,

Jean-Philippe - Fortinet Community Team
Jean-Philippe_P
Staff & Editor
Jean-Philippe_P
Staff & Editor
June 28, 2025

Hello again,

 

I found this solution. Can you tell me if it helps, please?

 

Currently, the provided context does not specify support for retrieving ML-KEM keys from an external HSM using KMIP. The context mentions the ability to retrieve IPsec SA keys from a KMS server using KMIP, but it does not explicitly state support for ML-KEM keys. For further guidance or confirmation, it would be best to consult the latest Fortinet documentation or contact Fortinet support directly.

Jean-Philippe - Fortinet Community Team
Terms & ConditionsAccessibility statement