I’ve just received my Nitrokey HSM and am trying to initialize it. Unfortunately this fails:
user@macbook ~ % sc-hsm-tool --initialize --so-pin 3537363231383830 --pin 648219 -vvv
P:14543; T:0x8001609408 15:42:26.330 [sc-hsm-tool] ctx.c:966:sc_context_create: ===================================
P:14543; T:0x8001609408 15:42:26.330 [sc-hsm-tool] ctx.c:967:sc_context_create: OpenSC version: 0.24.0
P:14543; T:0x8001609408 15:42:26.330 [sc-hsm-tool] ctx.c:968:sc_context_create: Configured for sc-hsm-tool (/opt/homebrew/Cellar/opensc/0.24.0/bin/sc-hsm-tool)
P:14543; T:0x8001609408 15:42:26.330 [sc-hsm-tool] reader-pcsc.c:898:pcsc_init: PC/SC options: connect_exclusive=0 disconnect_action=0 transaction_end_action=0 reconnect_action=0 enable_pinpad=1 enable_pace=1
P:14543; T:0x8001609408 15:42:26.331 [sc-hsm-tool] reader-pcsc.c:1399:pcsc_detect_readers: called
P:14543; T:0x8001609408 15:42:26.331 [sc-hsm-tool] reader-pcsc.c:1412:pcsc_detect_readers: Probing PC/SC readers
P:14543; T:0x8001609408 15:42:26.331 [sc-hsm-tool] reader-pcsc.c:1465:pcsc_detect_readers: Establish PC/SC context
P:14543; T:0x8001609408 15:42:26.340 [sc-hsm-tool] reader-pcsc.c:1348:pcsc_add_reader: Adding new PC/SC reader 'Nitrokey Nitrokey HSM'
P:14543; T:0x8001609408 15:42:26.340 [sc-hsm-tool] reader-pcsc.c:362:refresh_attributes: Nitrokey Nitrokey HSM check
P:14543; T:0x8001609408 15:42:26.341 [sc-hsm-tool] reader-pcsc.c:408:refresh_attributes: current state: 0x00000022
P:14543; T:0x8001609408 15:42:26.341 [sc-hsm-tool] reader-pcsc.c:409:refresh_attributes: previous state: 0x00000000
P:14543; T:0x8001609408 15:42:26.341 [sc-hsm-tool] reader-pcsc.c:464:refresh_attributes: card present, changed
P:14543; T:0x8001609408 15:42:26.342 [sc-hsm-tool] reader-pcsc.c:1566:pcsc_detect_readers: Nitrokey Nitrokey HSM:SCardConnect(SHARED): 0x80100066
P:14543; T:0x8001609408 15:42:26.342 [sc-hsm-tool] reader-pcsc.c:1581:pcsc_detect_readers: returning with: 0 (Success)
P:14543; T:0x8001609408 15:42:26.343 [sc-hsm-tool] sc.c:340:sc_detect_card_presence: called
P:14543; T:0x8001609408 15:42:26.343 [sc-hsm-tool] reader-pcsc.c:472:pcsc_detect_card_presence: called
P:14543; T:0x8001609408 15:42:26.343 [sc-hsm-tool] reader-pcsc.c:362:refresh_attributes: Nitrokey Nitrokey HSM check
P:14543; T:0x8001609408 15:42:26.343 [sc-hsm-tool] reader-pcsc.c:387:refresh_attributes: returning with: 0 (Success)
P:14543; T:0x8001609408 15:42:26.343 [sc-hsm-tool] reader-pcsc.c:480:pcsc_detect_card_presence: returning with: 1
P:14543; T:0x8001609408 15:42:26.343 [sc-hsm-tool] sc.c:351:sc_detect_card_presence: returning with: 1
Using reader with a card: Nitrokey Nitrokey HSM
P:14543; T:0x8001609408 15:42:26.343 [sc-hsm-tool] sc.c:340:sc_detect_card_presence: called
P:14543; T:0x8001609408 15:42:26.343 [sc-hsm-tool] reader-pcsc.c:472:pcsc_detect_card_presence: called
P:14543; T:0x8001609408 15:42:26.343 [sc-hsm-tool] reader-pcsc.c:362:refresh_attributes: Nitrokey Nitrokey HSM check
P:14543; T:0x8001609408 15:42:26.344 [sc-hsm-tool] reader-pcsc.c:387:refresh_attributes: returning with: 0 (Success)
P:14543; T:0x8001609408 15:42:26.344 [sc-hsm-tool] reader-pcsc.c:480:pcsc_detect_card_presence: returning with: 1
P:14543; T:0x8001609408 15:42:26.344 [sc-hsm-tool] sc.c:351:sc_detect_card_presence: returning with: 1
Connecting to card in reader Nitrokey Nitrokey HSM...
P:14543; T:0x8001609408 15:42:26.344 [sc-hsm-tool] card.c:254:sc_connect_card: called
P:14543; T:0x8001609408 15:42:26.344 [sc-hsm-tool] reader-pcsc.c:611:pcsc_connect: called
P:14543; T:0x8001609408 15:42:26.344 [sc-hsm-tool] reader-pcsc.c:362:refresh_attributes: Nitrokey Nitrokey HSM check
P:14543; T:0x8001609408 15:42:26.344 [sc-hsm-tool] reader-pcsc.c:387:refresh_attributes: returning with: 0 (Success)
P:14543; T:0x8001609408 15:42:26.345 [sc-hsm-tool] reader-pcsc.c:634:pcsc_connect: Nitrokey Nitrokey HSM:SCardConnect failed: 0x80100066
P:14543; T:0x8001609408 15:42:26.345 [sc-hsm-tool] card.c:403:sc_connect_card: returning with: -1113 (Unresponsive card (correctly inserted?))
Failed to connect to card: Unresponsive card (correctly inserted?)
Failed to connect to card: Success
P:14543; T:0x8001609408 15:42:26.345 [sc-hsm-tool] ctx.c:1051:sc_release_context: called
P:14543; T:0x8001609408 15:42:26.345 [sc-hsm-tool] reader-pcsc.c:979:pcsc_finish: called
The other command also fails.
user@macbook ~ % pkcs11-tool --module /opt/homebrew/Cellar/opensc/0.24.0/lib/pkcs11/opensc-pkcs11.so --init-token --init-pin --so-pin=3537363231383830 --new-pin=648219 --label="test" --pin=648219
error: PKCS11 function C_GetSlotInfo failed: rv = CKR_DEVICE_ERROR (0x30)
Aborting.
I have exactly the same problem on win10 and win11 pc, on linux(centos7) it works as expected.
I have some doubts about nitrokey hsm2 setup procedure,
i got 2 units and i’m following the start guide at Nitrokey Documentation
i installed opensc OpenSC-0.24.0_win64.msi and also 32 bit version,
but sc-hsm-tool.exe raise this error:
C:\Users\Admin>“C:\Program Files\OpenSC Project\OpenSC\tools\sc-hsm-tool.exe”
Using reader with a card: Nitrokey Nitrokey HSM 0
Connecting to card in reader Nitrokey Nitrokey HSM 0…
Failed to connect to card: Unresponsive card (correctly inserted?)
Failed …
hey @betabrain
Just crosschecked, there has been an update on the smartcard to 4.0 - this might be the reason for this issue - we are looking into it right now - I’ll update you through the support-ticket how to proceed.
Please write us using support(at)nitrokey(dot)com
I’ve veen able to initialize the devices under Debian 12 without issue. I guess something is mission on the other OS though. I’ve tried OSX and OpenBSD.
Yes, we observe this currently under windows and mac only…
I’m not sure why, but now that the HSM is initialized I can talk to it normally on OpenBSD too.
can you confirm that it also works on mac after initialization ?
it looks like this is an OpenSC issue/PR, see this issue here on github
especially the linked post has binaries which should resolve the issue, could you try these and report if this changes something for you?
There are essentially two issues happening here in parallel:
Any Nitrokey HSM2 shipped from beginning of January 2024 until January 20th has an incompatibility with Windows and MacOSX, we have a new firmware in place to fix that, but the device needs to be sent in - if you have such a device and need Windows/MacOSX compatibility, please write us (support (at) nitrokey (dot) com) with your order number (SOxxxxxxx) and we’ll replace your device.
The OpenSC release 0.24 comes with a fresh new bug which also breaks Windows compatibility with many HSM devices (including the Nitrokey HSM2). So please use either 0.23 OR use the binaries you can find in the
thanks for your patience,
1 Like
saper
January 28, 2024, 1:25pm
10
What is different with those Nitrokey? Do you ship with Smartcard-HSM 4.0 chip now?
Hey,
yes, Smartcard 4.0 and an updated firmware, which now got updated again
best
1 Like
saper
January 29, 2024, 3:30pm
12
Cool, if you ask me you could have named this Nitrokey HSM 3, I think the difference is substantial?
1 Like
Hello,
I’m having the same problem. I’ve a NitroKeY HSM that I received last week (May 2024), and I am using opensc 0.26.1 from homebrew on macos Sequoia 15.5
> sc-hsm-tool --initialize --so-pin 3537363231383830 --pin 648219 -vvv
P:15909; T:0x8339611392 13:33:15.916 [sc-hsm-tool] ctx.c:981:sc_context_create: ===================================
P:15909; T:0x8339611392 13:33:15.916 [sc-hsm-tool] ctx.c:982:sc_context_create: OpenSC version: 0.26.1
P:15909; T:0x8339611392 13:33:15.916 [sc-hsm-tool] ctx.c:983:sc_context_create: Configured for sc-hsm-tool (/opt/homebrew/Cellar/opensc/0.26.1/bin/sc-hsm-tool)
P:15909; T:0x8339611392 13:33:15.917 [sc-hsm-tool] reader-pcsc.c:890:pcsc_init: PC/SC options: connect_exclusive=0 disconnect_action=0 transaction_end_action=0 reconnect_action=0 enable_pinpad=1 enable_pace=1
P:15909; T:0x8339611392 13:33:15.921 [sc-hsm-tool] reader-pcsc.c:1390:pcsc_detect_readers: called
P:15909; T:0x8339611392 13:33:15.921 [sc-hsm-tool] reader-pcsc.c:1403:pcsc_detect_readers: Probing PC/SC readers
P:15909; T:0x8339611392 13:33:15.921 [sc-hsm-tool] reader-pcsc.c:1456:pcsc_detect_readers: Establish PC/SC context
P:15909; T:0x8339611392 13:33:15.934 [sc-hsm-tool] reader-pcsc.c:1339:pcsc_add_reader: Adding new PC/SC reader 'Nitrokey Nitrokey HSM'
P:15909; T:0x8339611392 13:33:15.934 [sc-hsm-tool] reader-pcsc.c:364:refresh_attributes: Nitrokey Nitrokey HSM check
P:15909; T:0x8339611392 13:33:15.935 [sc-hsm-tool] reader-pcsc.c:410:refresh_attributes: current state: 0x00000022
P:15909; T:0x8339611392 13:33:15.935 [sc-hsm-tool] reader-pcsc.c:411:refresh_attributes: previous state: 0x00000000
P:15909; T:0x8339611392 13:33:15.935 [sc-hsm-tool] reader-pcsc.c:466:refresh_attributes: card present, changed
P:15909; T:0x8339611392 13:33:17.013 [sc-hsm-tool] reader-pcsc.c:1557:pcsc_detect_readers: Nitrokey Nitrokey HSM:SCardConnect(SHARED): 0x80100066
P:15909; T:0x8339611392 13:33:17.013 [sc-hsm-tool] reader-pcsc.c:1572:pcsc_detect_readers: returning with: 0 (Success)
P:15909; T:0x8339611392 13:33:17.013 [sc-hsm-tool] sc.c:339:sc_detect_card_presence: called
P:15909; T:0x8339611392 13:33:17.014 [sc-hsm-tool] reader-pcsc.c:474:pcsc_detect_card_presence: called
P:15909; T:0x8339611392 13:33:17.014 [sc-hsm-tool] reader-pcsc.c:364:refresh_attributes: Nitrokey Nitrokey HSM check
P:15909; T:0x8339611392 13:33:17.016 [sc-hsm-tool] reader-pcsc.c:389:refresh_attributes: returning with: 0 (Success)
P:15909; T:0x8339611392 13:33:17.016 [sc-hsm-tool] reader-pcsc.c:482:pcsc_detect_card_presence: returning with: 1
P:15909; T:0x8339611392 13:33:17.016 [sc-hsm-tool] sc.c:350:sc_detect_card_presence: returning with: 1
Using reader with a card: Nitrokey Nitrokey HSM
P:15909; T:0x8339611392 13:33:17.016 [sc-hsm-tool] sc.c:339:sc_detect_card_presence: called
P:15909; T:0x8339611392 13:33:17.016 [sc-hsm-tool] reader-pcsc.c:474:pcsc_detect_card_presence: called
P:15909; T:0x8339611392 13:33:17.016 [sc-hsm-tool] reader-pcsc.c:364:refresh_attributes: Nitrokey Nitrokey HSM check
P:15909; T:0x8339611392 13:33:17.017 [sc-hsm-tool] reader-pcsc.c:389:refresh_attributes: returning with: 0 (Success)
P:15909; T:0x8339611392 13:33:17.018 [sc-hsm-tool] reader-pcsc.c:482:pcsc_detect_card_presence: returning with: 1
P:15909; T:0x8339611392 13:33:17.018 [sc-hsm-tool] sc.c:350:sc_detect_card_presence: returning with: 1
Connecting to card in reader Nitrokey Nitrokey HSM...
P:15909; T:0x8339611392 13:33:17.018 [sc-hsm-tool] card.c:254:sc_connect_card: called
P:15909; T:0x8339611392 13:33:17.018 [sc-hsm-tool] reader-pcsc.c:613:pcsc_connect: called
P:15909; T:0x8339611392 13:33:17.018 [sc-hsm-tool] reader-pcsc.c:364:refresh_attributes: Nitrokey Nitrokey HSM check
P:15909; T:0x8339611392 13:33:17.019 [sc-hsm-tool] reader-pcsc.c:389:refresh_attributes: returning with: 0 (Success)
P:15909; T:0x8339611392 13:33:17.021 [sc-hsm-tool] reader-pcsc.c:636:pcsc_connect: Nitrokey Nitrokey HSM:SCardConnect failed: 0x80100066
P:15909; T:0x8339611392 13:33:17.022 [sc-hsm-tool] card.c:403:sc_connect_card: returning with: -1113 (Unresponsive card (correctly inserted?))
Failed to connect to card: Unresponsive card (correctly inserted?)
Failed to connect to card: Success
I have already implement the fix for SmartCardServices from this thread CKR_DEVICE_ERROR for Nitro HSM 2 on Sonoma · Issue #2887 · OpenSC/OpenSC · GitHub and the error doesn’t go away.
Any idea what’s up?
I have the same issue with HSM 2 using both Monterey 12.7.3 and also with Sequoia 15.5 using opensc 0.26.1. Failed to connect to card: Unresponsive card (correctly inserted?)
