How to use AES on NitroKey HSM2

Hi, I’m playing with the NitroKey HSM2, and so far I’m able to use the asymmetric part.
The specs list AES among the supported algorithms, and I’ve been able to generate an AES key on the device using the scsh3 GUI.
But now I don’t know how to encrypt with that AES key. Is there any reference/example about that?

Support for AES is available in the sc-hsm-embedded PKCS#11 module. See the aes branch for the current development version.

Examples how to use it are available here and here.

Thanks a lot, that’s indeed what I was looking for


I could generate and use AES keys thanks to sc-hsm-embedded.

I would like to know if there is a way to import an AES key (as it may be done through OpenSC with pkcs15-tool on supported RSA / ECC keys) rather than to generate it on the HSM ?

Kind regards,

Regarding my previous question, please note that if there is a way to backup / restore AES keys with a DKEK, it is also suitable

Ok, I could successfully backup and restore AES keys with a DKEK using the scsh3 GUI.


Please see Weak AES key bug if you plan to use AES in a productive environment.


First of all sorry for the re-float of this post but I am new to Nitrokey HSM 2 and I am having some trouble with everything related to AES. If anyone feels that my question would better be on a new thread I will be happy to create a new one but as I strongly believe the issue is closely related to the this one I decided to re-float it.

So far I have initialized the token and played around with EC and RSA keys but when it comes to AES nothing works. Even when I list the available mechanisms I have nothing about AES. I also read that the Nitrokey HSM 2 cannot generate AES keys which seems to be false according to what I read in this post.

I also tried installing sc-hsm-embedded (in Windows) but when I try to use openSC pkcs11-tool with the sc-hsm-pkcs11.dll I get the follwing errors:

  • "Can`t create: ‘\AppData\Locallow\sc-hsm-embedded\pkcs11-…log’ (even though I have “HOMEDIR” environment variable declared)
  • “No slot with a token was found”

My goal is to be able to create AES keys (128 or 256) and use them to encrypt, decrypt, wrap and unwrap. And for what I have learnt from this post this is possible using the sc-hsm-pkcs11.dll. Sadly I am not able to achieve this goal neither usin OpenSC pkcs11-tool referencing sc-hsm-pkcs11.dll module neither using .NET pkcs11Interop library.

I would really appreciate if someone can shed some light into this.



Hi Josu!

As far as I see SCSH3 is the way to go with AES. See Unable to create a symmetric, or secret key on Nitrokey HSM 2 as well.
About OpenSC support, looking at Github search results for HSM+AES I do not see anything particularly helpful. What OpenSC and OS are you using?

Hi szszszsz,

First of all thanks for your quick response.

Since my last post I kept trying with sc-hsm-embedded. The fail I complaint about was related to using the latest release version. Once I moved to the “aes” branch and compiled myself the “sc-hsm-pkcs11.dll” I was able to get rid of it. Sadly when I tried to use pkcs11-tool to generate the AES key using the compiled module it failed because the mechanism is not available.

On the other hand with the “Smart card shells” key manager I was able to create an AES key as user “tkalkanci” stated in the post your referred. I’m not a big fan of this method, I would rather be able to create it with pkcs11-tool or so but so far so good.

Now the big question is whether encrypting and decrypting with that key is possible. I have read about doing so with APDU commands but it looks like the method requires passing the key as parameter which would be a security issue.

Any hints about this?




I see. By this I understand there is some partial support for that.
@sc-hsm: Hi! Is the aes branch of the sc-hsm-embedded project planned for the merge to master?

SCSH3 is the vendor’s tools’ suite, and as such I expect it to be always up-to-date. As for OpenSC, it may lag with some features, which hopefully will change in the future. Please feel free to create proper tickets to OpenSC.

I would expect this would take the key slot number, not the actual raw secret. I do not know any details about it unfortunately. Please join the CardContact Developer Network, where you should get the specialized help.
Please see following site for more details:


Hello Josu,

indeed I used the APDU command to encrypt some data with my AES key. You only need to give the key identifier (1, 2…), the algorithm you want to use (‘10’ to encrypt for example), and the data you want to encrypt. But not the key.

Then the key can be taken out, and/or in, using the Nitrokey DKEK (made), or XKEK (not tried yet).

1 Like