Max number of RSA keys?

Hello Nitrokeyers, first time caller long time listener here :-). I am exploring the use of Nitrokey HSM for the key storage in our servers and just getting familiar with the hardware and the opensc utilities. I like it so far. but concerned about the limited number of keys it can store.

What is the maximum number of 2048-bit RSA key pairs I can create on the Nitrokey HSM? The fact sheet says 35, but the maximum I can create is 16. After the 16th key, it returns a CKR_DEVICE_MEMORY error. The command I used is:

# pkcs11-tool --module --login --pin 648219 --keypairgen --key-type rsa:2048 --id $i --label “Test Key $i” --usage-decrypt

Hi santa and a warm welcome as caller :smile:

The given number of 35 RSA key pairs is the absolute maximum (though to say 32 is maybe more accurate, I’ll check this again).
You can only store as much keys if you are not using metadata or certificates to the keys as well. That is to say there are 16 standard slots (as often you will include certs or metadata as well), but you could save 32 RSA keys, if your use-case can make use of it and you indeed only want to save these.

@jan Or did I got something wrong? 32+3 <- the three are the main keys?

Kind regards

Thanks for the response. I ran the above keypairgen command on a freshly initialized Nitrokey HSM. It contains nothing else other than the SO-PIN and the user PIN. Does the above keypairgen command creates extra metadata or certificates? We just need the private/public keys for decrypt, no need for certificates, etc.


okay, as far as I can see you save two things with this command:

  • the private key (1 slot)
  • the public key (1 slot)

Therefore you can only save 16 keypairs, but 32 keys. You can see every slot stored with the command

pkcs15-tool -D

It’s a bit like the three keys on a OpenPGP Cards. Technically you can store 3 keys, but they normally belong to one identity as GnuPG expects two subkeys - one for authentication and one for decryption only.

So it is a bit tricky to keep track here, what the number of keys means for the own use case. One may only saves some rsa keys (or certs) without corresponding pub key or alike, but most will probably save privkey and cert or priv and pub key.

I dunno if you can just remove the pub key (and save it elsewhere), to be honest. Maybe someone else here does.

Kind regards

Generally speaking, see:,-ef-can-be-stored

The public key is generated on the fly and therefore shouldn’t occupy any storage capacity.

I don’t know what you mean with main keys. There is no such concept of main keys for the Nitrokey HSM.

Well the site states that the HSM can store 35, but I thought it is 32 and tried to reason what this could mean. I am probably totally wrong here, so nevermind :wink: But why is it 35 then? Especially as this states 32.

So do I understand right: for @santa it stops on 16 keys as santa used 2048 bit rsa keys and the storage is 35kb? So one can store at least 32 1024 rsa keys or 16 2048 as both is about 35kb?

1 Like

Ok so now I understand it. The key storage space is 35 KB, so it is about 35 x 1024-bit RSA keys and 16 x 2048-bit RSA keys. The fact sheet for Nitrokey HSM is then misleading. It says a max of 35 2048-bit RSA keys. This is a bummer, since we need to store about 24 keys. Are you planning to have an HSM with larger storage? Or the ability to store AES-256 symmetric keys? Otherwise I have to implement a software on top of the HSM to store our keys encrypted by a key from the HSM. Or find another HSM with larger capacity.

I think you are right. I am really sorry. I had a look at the fact sheet and this seems to be false indeed. We will change it accordingly!

@jan can you please adapt the factsheet (p. 3, right collumn)?

As far as I know there will be no different HSM version soon, sorry for that too! @jan could you please confirm this as well?

The statements on our website were outdated and are updated now (factsheet to follow). Correct is that the current Nitrokey HSM can store 31 x ECC-256 keys and/or 20 x RSA-2048 keys. The storage of about 32 KB is shared among certificates (DOs) and keys. Also the storage is not defragmented so the order in which keys are generated and deleted plays an important role. To utilize the maximum capacity you should reset the device and generate keys one ofter the other without deleting in between.

Yes, but no release date yet.

This is not planned for Nitrokey HSM but you can store a AES-256 key in Nitrokey Pro.