Trust-anchoring of cryptographic objects

What is claimed is: 1. A method of managing cryptographic objects, the steps being concurrently performed at each client of a set of clients communicating with a respective hardware security module (HSM), the method, at each client, comprising: concurrently at the clients, receiving entropy-based random numbers from one or more certificate authorities; accessing, by a first entity, an entropy-based random number generated by a second entity subsequent to receiving the entropy-based random numbers; instructing to store the random number on the first entity; and based on a deterministic algorithm: interacting with the HSM to generate a seed according to both a reference key of the HSM and the random number, the reference key of the HSM being one of residing in or derived by the HSM, the random number being stored in the HSM; and seeding a random number generator with the generated seed to generate one or more post-quantum secure cryptographic objects that are trust anchored to the reference key of the HSM. 2. The method according to claim 1 , further comprising: using at least one of the one or more cryptographic objects to perform a cryptographic operation; and deleting one or more of the cryptographic objects previously generated. 3. The method according to claim 2 , further comprising: regenerating one or more previously deleted cryptographic objects by: accessing the stored random number; and based on the deterministic algorithm: interacting with the HSM to regenerate the seed according to both the reference key and the previously stored random number; and seeding the random number generator with the regenerated seed, and using one or more of the one or more previously deleted cryptographic objects that were regenerated to perform the cryptographic operation. 4. The method according to claim 1 , further comprising: at the HSM, deriving said reference key based on a key of a deeper key hierarchy level of a key hierarchy in the HSM, prior to generating the seed. 5. The method according to claim 4 , wherein said random number is a first random number, and the method further comprises, prior to generating the seed: accessing a second entropy-based random number; instructing to store the second random number; and interacting with the HSM for it to derive said reference key using both the second random number and the key of the deeper key hierarchy level. 6. The method according to claim 1 , wherein the random number generator is seeded to generate two cryptographic objects including a private key and a public key, and the method further comprises: sending out the public key and using the private key to perform a cryptographic operation. 7. The method according to claim 6 , wherein sending out the public key comprises sending the public key to a certificate authority for it to issue a digital certificate for said public key. 8. The method according to claim 7 , wherein accessing the random number, generating the seed, and seeding the random number generator are performed by a client communicating with said HSM, whereby the public key is sent from the client to the certificate authority. 9. The method according to claim 8 , further comprising: at the client, instructing to store the public key on an external storage system that is distinct from the client. 10. The method according to claim 9 , further comprising: sending said random number to the certificate authority along with the public key for the certificate authority to issue one or more digital certificates for said public key and said random number, and at the client, instructing to store the random number on a storage system distinct from the client. 11. The method according to claim 1 , wherein the steps of accessing the random number, generating the seed, and seeding the random number generator are carried out in a container. 12. The method according to claim 1 , wherein the deterministic algorithm and the random number accessed are the same for each of the clients of the set, whereby the same one or more cryptographic objects are generated at each of the clients of the set. 13. The method according to claim 1 , further comprising: at each of the clients of the set, using one or each of the one or more cryptographic objects generated to perform a cryptographic operation. 14. The method according to claim 13 , further comprising: after using said one or each of the one or more cryptographic objects generated to perform said cryptographic operation, deleting said one or more of the cryptographic objects; and receiving random numbers at the clients from one or more certificate authorities, wherein said random numbers correspond to random numbers as initially accessed by the clients, so as for the clients to be able to regenerate the same one or more cryptographic objects as previously generated. 15. The method according to claim 13 , further comprising: prior to sending said random numbers to the clients, sending, from one or more certificate authorities, public keys of all of the clients to each of the clients, for each client to be able to verify an authenticity of a random number received thereat. 16. The method according to claim 1 , further comprising: prior to accessing said entropy-based random number, instructing to generate said entropy-based random number. 17. The method according to claim 1 , wherein interacting with the HSM comprises: forwarding the random number accessed to the HSM; instructing the HSM to generate the seed according to the random number forwarded to it and the reference key; and receiving the generated seed. 18. The method according to claim 1 , wherein said seed is generated by encrypting the random number using the reference key. 19. The method according to claim 1 , wherein the reference key as used to generate the seed is a key pre-loaded on the HSM. 20. The method according to claim 1 , wherein the HSM further comprises a first key pre-loaded on the HSM as a non-extractable token object, and the method further comprises: importing a second key in a wrapped state in the HSM; using the first key to unwrap the second key; and using the unwrapped key to generate the seed. 21. A computerized system for managing cryptographic objects, the system comprising: a random number generator; storage means storing instructions; and a hardware processing means configured to execute said instructions being concurrently performed at each client of a set of clients communicating with a respective hardware security module (HSM), so as, at each client, to: concurrently at the clients, receive entropy-based random numbers from one or more certificate authorities; access an entropy-based random number as generated by a further computerized system subsequent to receiving the entropy-based random numbers; instruct to store the random number accessed as per said instructions on the computerized system; and based on a deterministic algorithm: interact with the HSM to generate a seed according to a random number accessed as per said instructions and a reference key of the HSM, the reference key of the HSM being one of residing in or derived by the HSM, the random number being stored in the HSM; and seed the random number generator with a seed as generated as per said instructions and generate one or more post-quantum secure cryptographic objects that are trust anchored to the reference key of the HSM. 22. The computerized system acco