I’m looking for a HSM which can perform plain Ed25519 signing akin to openssl pkeyutl, but I’m unsure which (if any) of the Nitrokey family support this particular use case.
Example of OpenSSL commands for the type of signing I want:
The nitrokey hsm does not support curve25519; see the comparison chart in German or in English.
Importing the key should be possible using Smart Card Shell Script, signing with pkcs#11 (at least both is with a HSM and RSA 2048+4019 keys).
I can’t test that with your key types though, as I only own a HSM that does not support ed25519.
I wasn’t entirely clear which (if any) devices supported Ed25519 signing since the comparison chart references “Curve25519” which can mean several things, however the fact sheet for the Nitrokey 3 explicitly mentioned Ed25519, so I went ahead and ordered one.
Attempting to import the private key using pkcs11-tool fails:
$ pkcs11-tool --login --write-object privkey.der --type privkey --id 1
Using slot 0 with a present token (0x0)
Logging in to "PIV_II".
Please enter User PIN:
error: PKCS11 function C_CreateObject failed: rv = CKR_FUNCTION_NOT_SUPPORTED (0x54)
Aborting.
I tried the “Smart Card Shell”, however that fails to even start:
$ java -jar ~/Downloads/scsh-3.18.59-installer.jar
Command line arguments:
SEVERE: java.lang.ArrayIndexOutOfBoundsException: Index 70131 out of bounds for length 22674
