Ed2551 signing using Nitrokey devices

solemnwarning · October 6, 2025, 12:41pm

Hello,

I’m looking for a HSM which can perform plain Ed25519 signing akin to openssl pkeyutl, but I’m unsure which (if any) of the Nitrokey family support this particular use case.

Example of OpenSSL commands for the type of signing I want:

openssl genpkey -algorithm ED25519 -out key.pem
openssl pkeyutl -in message.bin -rawin -sign -inkey key.pem > message.sig

I would like to be able to generate the Ed25519 private key on an offline machine and then import it into the HSM for signing on other machines.

Could anyone confirm which (if any) of the Nitrokey devices would support this, and what software would be used with them?

Thanks

tino · October 7, 2025, 11:26am

The nitrokey hsm does not support curve25519; see the comparison chart in German or in English.

Importing the key should be possible using Smart Card Shell Script, signing with pkcs#11 (at least both is with a HSM and RSA 2048+4019 keys).
I can’t test that with your key types though, as I only own a HSM that does not support ed25519.

solemnwarning · October 15, 2025, 2:50pm

I wasn’t entirely clear which (if any) devices supported Ed25519 signing since the comparison chart references “Curve25519” which can mean several things, however the fact sheet for the Nitrokey 3 explicitly mentioned Ed25519, so I went ahead and ordered one.

Attempting to import the private key using pkcs11-tool fails:

$ pkcs11-tool --login --write-object privkey.der --type privkey --id 1
Using slot 0 with a present token (0x0)
Logging in to "PIV_II".
Please enter User PIN:
error: PKCS11 function C_CreateObject failed: rv = CKR_FUNCTION_NOT_SUPPORTED (0x54)
Aborting.

I tried the “Smart Card Shell”, however that fails to even start:

$ java -jar ~/Downloads/scsh-3.18.59-installer.jar
Command line arguments:
SEVERE: java.lang.ArrayIndexOutOfBoundsException: Index 70131 out of bounds for length 22674

What software should I be using for this?

Thanks

saper · December 1, 2025, 7:43pm

Smart Card Shell is used best for Nitrokey HSM 2, not for Nitrokey 3 (completely different construction of the device).

What is your java -version ? I was installing https://www.openscdp.org/download/scsh3/scsh-3.18.60-installer.jar end of November 2025 and it worked fine with Java 21.

openssl pkeyutl -in message.bin -rawin -sign -inkey key.pem > message.sig

I wouldn’t do it like this, this may hurt you a lot. Use some proper signature scheme such as CMS openssl cms or something else. Doing raw signatures like this can be insecure.

$ pkcs11-tool --login --write-object privkey.der --type privkey --id 1

For this, the OpenPGP card you have (Nitrokey 3) is not the best choice, you will be able to store at most 3 cryptographic keys with specific functions. You can try gpg-card or gpg2 –edit-card (horrible tools) or openpgp-tool from the opensc package. Or better yet follow the documentation from OpenPGP Card - Nitrokey Documentation

With pkcs11-tool you might want to select the function of the card - see what is available with pkcs11-tool -T

Can’t give examples since my Nitrokey 3 died yesterday…