Importing EC Key (PKCS#12) in Nitrokey HSM with Smart Card Shell

ygbillet · December 1, 2020, 6:58pm

Hi,

I generated an EC Key on another support (before getting an HSM Key).
I try to import this EC Key in Nitrokey HSM.

Steps so far :

I initialize the key
added a DKEK share
converted my EC Key to PKCS#12.
Importing using Smart Card Shell

When i import the key, i got this error

GPError: KeyStore (OBJECT_NOT_FOUND/0) - "Certificate not found" in C:\tools\smartcardshell\scsh3\keymanager\keymanager.js#2097
    at C:\tools\smartcardshell\scsh3\keymanager\keymanager.js#2097
    at C:\tools\smartcardshell\scsh3\keymanager\keymanager.js#2272

I converted EC Key using OpenSSL with option -nocerts : openssl pkcs12 -export -nocerts -inkey privatekey.pem -out privatekey.p12.

szszszsz · December 7, 2020, 10:59am

@sc-hsm Hi! Could you take a look at this one?

ygbillet · December 7, 2020, 1:17pm

Actually, i already get a response from @sc-hsm on GitHub.

There is currently no direct way of importing an EC key without a certificate. You need to create and store a self-signed certificate first and have that imported as part of the PKCS#12 container.

You could also write your own script based in the keymanager.js,