HSM1 / OpenSC 0.20 / Can you create a 4096 RSA keypair?

MagellanTX · October 3, 2020, 6:37am

I realize it’s an older HSM but if I list the mechanisms, it does show that it supports RSA keys of up to 4096. However, if I try to generate a key of that size, I get "error: PKCS11 function C_GenerateKeyPair failed: rv = CKR_DATA_INVALID (0x20)"

If I generate one with 2048, it works perfectly fine.

pkcs11-tool --list-token-slots
Available slots:
Slot 0 (0x0): Nitrokey Nitrokey HSM (010000000000000000000000) 00 00
  token label        : 
  token manufacturer : www.CardContact.de
  token model        : PKCS#15 emulated
  token flags        : login required, rng, token initialized, PIN initialized
  hardware version   : 24.13
  firmware version   : 2.5
  serial num         : 
  pin min/max        : 6/15

pkcs11-tool --list-mechanisms
Using slot 0 with a present token (0x0)
Supported mechanisms:
  SHA-1, digest
  SHA224, digest
  SHA256, digest
  SHA384, digest
  SHA512, digest
  MD5, digest
  RIPEMD160, digest
  GOSTR3411, digest
  ECDSA, keySize={192,521}, hw, sign, other flags=0x1d00000
  ECDSA-SHA1, keySize={192,521}, hw, sign, other flags=0x1d00000
  ECDH1-COFACTOR-DERIVE, keySize={192,521}, hw, derive, other flags=0x1d00000
  ECDH1-DERIVE, keySize={192,521}, hw, derive, other flags=0x1d00000
  ECDSA-KEY-PAIR-GEN, keySize={192,521}, hw, generate_key_pair, other flags=0x1d00000
  RSA-X-509, keySize={1024,4096}, hw, decrypt, sign, verify
  RSA-PKCS, keySize={1024,4096}, hw, decrypt, sign, verify
  SHA1-RSA-PKCS, keySize={1024,4096}, sign, verify
  SHA224-RSA-PKCS, keySize={1024,4096}, sign, verify
  SHA256-RSA-PKCS, keySize={1024,4096}, sign, verify
  SHA384-RSA-PKCS, keySize={1024,4096}, sign, verify
  SHA512-RSA-PKCS, keySize={1024,4096}, sign, verify
  MD5-RSA-PKCS, keySize={1024,4096}, sign, verify
  RIPEMD160-RSA-PKCS, keySize={1024,4096}, sign, verify
  RSA-PKCS-PSS, keySize={1024,4096}, hw, sign, verify
  SHA1-RSA-PKCS-PSS, keySize={1024,4096}, sign, verify
  SHA224-RSA-PKCS-PSS, keySize={1024,4096}, sign, verify
  SHA256-RSA-PKCS-PSS, keySize={1024,4096}, sign, verify
  SHA384-RSA-PKCS-PSS, keySize={1024,4096}, sign, verify
  SHA512-RSA-PKCS-PSS, keySize={1024,4096}, sign, verify
  RSA-PKCS-KEY-PAIR-GEN, keySize={1024,4096}, generate_key_pair

pkcs11-tool --login --pin 000000 --keypairgen --key-type rsa:4096 --id 1 --label "test" --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so 
Using slot 0 with a present token (0x0)
error: PKCS11 function C_GenerateKeyPair failed: rv = CKR_DATA_INVALID (0x20)
Aborting.

szszszsz · October 3, 2020, 7:53am

Hi!

I vaguely remember, that RSA4096 was not supported on Nitrokey HSM1, and I believe that listing it here is a bug of OpenSC.

MagellanTX · October 4, 2020, 5:18am

Yes, I believe you’re correct. I found an old datasheet for the HSM1 and it states 2048 is the max keysize.

https://www.nitrokey.com/files/doc/Nitrokey_HSM_1_factsheet.pdf

Funny enough, I have some old HSMs from CardContact and it seems they also suffers from the same bug.

jan · October 4, 2020, 8:03am

That’s right. However it’s not a bug but a lacking feature which was added in HSM 2.