How to use generated private key inside NitroKey HSM2?

esumit · April 27, 2022, 9:09am

Once via pkcs11-tool - the private/public got created inside NitroKey HSM2? then how it can be used in an application?

It’s like need to write a program e.g. using the PKCS library and then use it? or/and enable the application to use PKCS11 stuff, and that application will access the NitroKey HSM2 via PKCS for created private/public needs?

May you please help on this e.g. from where I should start to think and work correctly on it ?

saper · April 27, 2022, 11:15am

PKCS#11 works as follows:

pick up a driver (for Nitrokey HSM2 you can use both opensc-pkcs11 from OpenSC and sc-hsm-pkcs11
ask PKCS#11 to list available tokens, pick the right one
login to a token
list available keys/certificates
perform operation (sign, encrypt, generate key…) on the key you need. To do this, you will need to tell which so-called mechanism to use. PKCS#11 standard defines lots of them but HSM support only some. Use pkcs11-tool -M to list them.

here is a sample script to generate a signature using elliptic curves with Python PyKCS11 library, it uses CKM_ECDSA mechanism: PyKCS11/ec_signature.py at 1.5.10 · LudovicRousseau/PyKCS11 · GitHub

Supported mechanisms on my Nitrokey HSM2 token:

> pkcs11-tool -M
Using slot 0 with a present token (0x0)
Supported mechanisms:
  SHA-1, digest
  SHA224, digest
  SHA256, digest
  SHA384, digest
  SHA512, digest
  MD5, digest
  RIPEMD160, digest
  GOSTR3411, digest
  ECDSA, keySize={192,521}, hw, sign, verify, EC F_P, EC parameters, EC OID, EC uncompressed
  ECDSA-SHA384, keySize={192,521}, sign, verify
  ECDSA-SHA512, keySize={192,521}, sign, verify
  ECDSA-SHA1, keySize={192,521}, hw, sign, verify, EC F_P, EC parameters, EC OID, EC uncompressed
  ECDSA-SHA224, keySize={192,521}, hw, sign, verify, EC F_P, EC parameters, EC OID, EC uncompressed
  ECDSA-SHA256, keySize={192,521}, hw, sign, verify, EC F_P, EC parameters, EC OID, EC uncompressed
  ECDH1-COFACTOR-DERIVE, keySize={192,521}, hw, derive, EC F_P, EC parameters, EC OID, EC uncompressed
  ECDH1-DERIVE, keySize={192,521}, hw, derive, EC F_P, EC parameters, EC OID, EC uncompressed
  ECDSA-KEY-PAIR-GEN, keySize={192,521}, hw, generate_key_pair, EC F_P, EC parameters, EC OID, EC uncompressed
  RSA-X-509, keySize={1024,4096}, hw, decrypt, sign, verify
  RSA-PKCS, keySize={1024,4096}, hw, decrypt, sign, verify
  SHA1-RSA-PKCS, keySize={1024,4096}, sign, verify
  SHA224-RSA-PKCS, keySize={1024,4096}, sign, verify
  SHA256-RSA-PKCS, keySize={1024,4096}, sign, verify
  SHA384-RSA-PKCS, keySize={1024,4096}, sign, verify
  SHA512-RSA-PKCS, keySize={1024,4096}, sign, verify
  MD5-RSA-PKCS, keySize={1024,4096}, sign, verify
  RIPEMD160-RSA-PKCS, keySize={1024,4096}, sign, verify
  RSA-PKCS-PSS, keySize={1024,4096}, hw, sign, verify
  SHA1-RSA-PKCS-PSS, keySize={1024,4096}, sign, verify
  SHA224-RSA-PKCS-PSS, keySize={1024,4096}, sign, verify
  SHA256-RSA-PKCS-PSS, keySize={1024,4096}, sign, verify
  SHA384-RSA-PKCS-PSS, keySize={1024,4096}, sign, verify
  SHA512-RSA-PKCS-PSS, keySize={1024,4096}, sign, verify
  RSA-PKCS-KEY-PAIR-GEN, keySize={1024,4096}, generate_key_pair

esumit · April 28, 2022, 3:14am

Thanks, @saper Wonderful support. sure I will do as suggested and then update here!

esumit · April 30, 2022, 1:09pm

@saper If we have used n-of-m dkek and then created keypair inside nitrokey hsm, to access a private key it follow same process ?

saper · May 6, 2022, 11:51am

The process works mostly fine on a DKEK (DKEK is not a PKCS#11 feature).

Only when generating keys via PKCS#11 you might need additional attribute to tell which key domain (DKEK) the key should belong to. Please see Smartcard HSM manual for details, it is on the SmartCard-HSM Support (I don’t have a direct link righ now).

For using the key like encrypting and signing you don’t need to worry about DKEK - it will work as long as the DKEK is loaded and decrypted.