I would like to import a public key for convenience to the NitroKey HSM2, as other keys on the HSM are signed with its private counter part. Unfortunately, I’m struggling with these commands:
> pkcs11-tool -l -p *** --label "test" --type pubkey --module opensc-pkcs11.so --write-object pubkey.der --type pubkey --id 1234
Using slot 0 with a present token (0x0)
Created public key:
Public Key Object; RSA 4096 bits
label: test
ID: 1234
Usage: verify
> pkcs11-tool -r -p *** --label "test" --type pubkey --module opensc-pkcs11.so > pubkey_2.der
Using slot 0 with a present token (0x0)
error: object not found
Aborting.
Is it possible to import pubkeys? What am I doing wrong?
You may have a look if the key is actually stored via
pkcs11-tool -O
Furthermore, I do not know why you are using this ***, being honest. And I do not need the -p flag for reading the pubkey in my case so that I used successfully:
First of all: the -p flag with pin came from “historical reasons” when switching back and forth between the commands / c&p error. Sorry for being lazy And the *** for the pin was a kind of reflex.
The pubkey is not stored at all! I also checked with pkcs15-tool -D To emphasize: I want to write/import only the public part to the key to the HSM! The key was generated elsewhere.