I am trying to sign a CSR using my NitroKey as a root CA. I want to use the M-of-N authentication scheme described in https://devnet.cardcontact.de/documents/7 . I have successfully been able to generate an ECC keypair using the smartcard shell; however, I am unable to get openssl to sign a CSR using the ECC keypair. Additionally, XCA cannot see the private key – even after authenticating successfully using the smart card shell, I am unable to use pkcs11-tool to sign a CSR.
After successfully authorizing in the smart card shell, I receive the following error while attempting to sign using pkcs11-tool:
error: PKCS11 function C_OpenSession failed: rv = CKR_TOKEN_NOT_PRESENT (0xe0)
Can anyone advise as to how to sign a CSR using the M-of-N authentication scheme? I am having issues determining the right path forward so a lot of detail will help here .