Hi,
I am trying to create a certifiacte on the Nitrokey Pro.
I am creating a CSR with the privkey on the Nitrokey:
openssl req -engine pkcs11 -new -key id_3 -keyform engine -out csr.pem
I can see it:
% pkcs11-tool -O -l
Using slot 1 with a present token (0x4)
Logging in to "OpenPGP card (User PIN)".
Please enter User PIN:
Private Key Object; RSA
label: Authentication key
ID: 03
Usage: decrypt, sign, non-repudiation, unwrap
Access: sensitive, always sensitive, never extractable, local
Public Key Object; RSA 2048 bits
label: Authentication key
ID: 03
Usage: encrypt, verify, wrap
Access: none
I somehow get the CSR signed and I have the certificate in PEM and DER.
Now I am failing to write the certificate to the Nitrokey:
% pkcs11-tool --write-object cert.der -l -y cert --id 3 --pin 123456
Using slot 1 with a present token (0x4)
error: PKCS11 function C_CreateObject failed: rv = CKR_PIN_LEN_RANGE (0xa2)
Aborting.
Or
% pkcs11-tool --write-object cert.der -l -y cert --pin 123456
Using slot 1 with a present token (0x4)
error: PKCS11 function C_CreateObject failed: rv = CKR_ARGUMENTS_BAD (0x7)
Aborting.
What would be the recommended way to safe the cert to the Nitrokey?
Thanks a lot
Cornelius