Hello,
off course…
I have downloaded a C++ project that allows me to send APDU commands to my Nitrokey HSM 2 :
I have generated on it 2 asymmetric keys, a RSA and an EC :
pkcs11-tool.exe -l --pin 981567 --keypairgen --key-type rsa:2048 --id 01
pkcs11-tool.exe -l --pin 981567 --keypairgen --key-type EC:prime256v1 --id 02
Then I use the APDU commands :
First a VERIFY command, with my pin, to maintain authentification state
0020 01 81 06 393831353637 => return '90 00'
Then try to Derive the EC key, with the algorithm ‘98’
8076 02 03 03 985462 => return '6A 81' Function not supported, key derivation not allowed for key referenced in P1
I did not yet managed to create or import a symmetric key, so I tried its derivation on the RSA and EC keys, which is hazardous, I reckon
8078 01 99 05 0102030405 00 => return '6A 81' Function not supported, key does not support algorithm in P2
(same thing for key ‘02’, and algorithms ‘10’ and ‘11’)
But off course I did not set the allowed algorithms on each key, as it is possible to do on the APDU command GENERATE ASYMMETRIC KEY PAIR, or GENERATE SYMMETRIC KEY.
Can it be the cause ?
I will try to work on that.