Deterministic keypair / Nitrokey HSM


I’m wondering if it’s possible to generate deterministic keypair using the Nitrokey by using a seed and some metadata (i.e BIP32). I need to be able to generate a lot of keys but must be able to retrieve any of these key at any time.

Maybe an approach could be to inject a secret key inside the smart card as an object and use it internally in the key generation function.
Is this approach feasable ?
Do I need to update the firmware for such process ?


I am not sure, what exactly you want to do, but generally the following is granted:

  • keys generated on Nitrokey can not be read out, copied, backuped, guessed
  • keys can be generated outside the Nitrokey and then copied to the Nitrokey. In this case you have a backup and a possibility to “loose” the keys to bad persons.

I know that the key cannot be extract, read out externally, I just would like to implement a deterministic key generation based on master seed inside the HSM to be able to provide public key and signature based on a index.
Example: Generate the n-th public key, or Sign with the n-th private key, but without store all the keys, as the number may increase a lot.


If this concerns Nitrokey HSM, please take a look at Nitrokey HSM2 Firmware update and customization for own solution. Please let me know if that would help.

cc: @sc-hsm

Edit: interesting idea to implement on the Nitrokey Start as well.

1 Like

Yes thanks ! I was thinking about a firmware customization or update.
Do you know how to perform such update ?

Please take a look at my reply in the linked post regarding the update process: Nitrokey HSM2 Firmware update and customization for own solution
The firmware customization would require contact with the smart card vendor: Nitrokey HSM2 Firmware update and customization for own solution

The SmartCard-HSM already supports a scheme to derive EC keys from a master key. The scheme was developed based on a customer request to implement a crypto wallet.

The scheme is described in chapter 2.19 of the user manual:

In order to support an unlimited number of subkeys from a randomly chosen EC private
key, the SmartCard-HSM implements the scalar addition of the private key value with an
externally provided offset. This scheme is loosely based on BIP32 to allow building
hierarchical wallets for crypto currencies.

In the given ECC equation Q = d * G, d is the private key, G the generator point of the
curve and Q the public point. For a transformation d’ = (d + i) mod n, with i the scalar to
add and n the order of the curve, the public key value can be computed as Q’ = (d + i) *
G, which is equal to Q’ = d * G + i * G and Q’ = Q + i * G.

As such an application can easily determine Q’ from Q and use the SmartCard-HSM to
derive a subkey given the scalar offset.

EC key derivation is implemented using the DERIVE KEY (2.19) command.

An example is provided in the deriveECKey.js script that is part of the SmartCard-HSM SDK. It can be downloaded as part of the Starterkit and is contained in the Just unpack the zip, install the Smart Card Shell and select the unzipped folder as workspace. The script is contained in the sc-hsm-sdk-scripts/examples folder.

1 Like