Importing EC Key (PKCS#12) in Nitrokey HSM with Smart Card Shell


I generated an EC Key on another support (before getting an HSM Key).
I try to import this EC Key in Nitrokey HSM.

Steps so far :

  1. I initialize the key
  2. added a DKEK share
  3. converted my EC Key to PKCS#12.
  4. Importing using Smart Card Shell

When i import the key, i got this error

GPError: KeyStore (OBJECT_NOT_FOUND/0) - "Certificate not found" in C:\tools\smartcardshell\scsh3\keymanager\keymanager.js#2097
    at C:\tools\smartcardshell\scsh3\keymanager\keymanager.js#2097
    at C:\tools\smartcardshell\scsh3\keymanager\keymanager.js#2272

I converted EC Key using OpenSSL with option -nocerts : openssl pkcs12 -export -nocerts -inkey privatekey.pem -out privatekey.p12.

@sc-hsm Hi! Could you take a look at this one?

Actually, i already get a response from @sc-hsm on GitHub.

There is currently no direct way of importing an EC key without a certificate. You need to create and store a self-signed certificate first and have that imported as part of the PKCS#12 container.

You could also write your own script based in the keymanager.js,

1 Like