Hello everyone!
I could not import a 4096 bit RSA key from a p12 file to Nitrokey Pro so far, but as far as I understand Nitrokey Pro should support 4096 bit keys.
I tried to following methods:
Compiled OpenSC on OSX El Capitan 10.11.2 from the GitHub repository (as the newest OpenSC 0.15 release is too old to support Nitrokey Pro) and if I run “pkcs11-tool -M” it gives the following result:
RSA-X-509, keySize={2048,2048}, hw, decrypt, sign, verify
RSA-PKCS, keySize={2048,2048}, hw, decrypt, sign, verify
...
RSA-PKCS-KEY-PAIR-GEN, keySize={2048,2048}, generate_key_pair
It looks like it only supports 2048 bits, but not 4096.
If I run “pkcs15-init --store-private-key sign4096.privkey.pem --auth-id 3 --id 3” it says the key length is not supported:
Using reader with a card: Nitrokey Nitrokey Pro
Failed to store private key: Key length/algorithm not supported by card
If I try to import the key with “pkcs11-tool -v --write-object sign4096.privkey.der --type privkey --id 02 -l” it also results in error:
[code]Using slot 1 with a present token (0x1)
Logging in to “OpenPGP card (User PIN (sig))”.
Please enter User PIN:
error: PKCS11 function C_CreateObject failed: rv = CKR_GENERAL_ERROR (0x5)
Aborting.
[/code]
Importing 2048 bit RSA keys works with pkcs11-tool and pkcs15-init too.
I tried to import the private key on Windows too with the MiniDriver, but it looks like it cannot import keys at all.
So my question is: if the NitroKey Pro really supports 4096 bit RSA keys, how can I import one from a p12, der or pem format?
It is not a GPG private key, but a private key for a X509 certificate. Is there any chance I can import this key via the GnuPG tool?
Any experience or insights on the topic would be really appreciated!
Thanks!