Max number of slots supported by NitroKey HSM

volphy · November 24, 2020, 11:40am

Hello,

I cannot find it in the documentation

What is the max number of slots that can be created on a NitroKey HSM 2 device?

In my use case, each slot will contain 2 objects (ECC certificate, ECC private key, ECC public key).

Thanks.

sc-hsm · November 24, 2020, 11:52am

One slot. But you can further separate the slot into key domains, however authentication by PIN or Public Key Authentication always affects all keys.

volphy · November 24, 2020, 12:00pm

Do you mean XKEK Key Domains:

?

If yes, do I understand it correctly that they are not supported by NitroKey HSM 1?

sc-hsm · November 24, 2020, 1:18pm

Both, XKEK and DKEK key domains.

The HSM1 supports only a single DKEK key domain, while the HSM2 allows multiple key domains, even in combination of DKEK and XKEK.

jan · November 27, 2020, 10:39am

Perhaps you mean the amount of keys possible? See Nitrokey HSM factsheet:

Storage capacity: 76 KB EEPROM total, max. 150 xECC-521 keys, max. 300 x ECC/AES-256 keys, max. 19 xRSA-4096 keys, max. 38 x RSA-2048 keys, max. 65536data objects

volphy · November 27, 2020, 10:56am

No, I meant the number of slots. In other words, I meant the number of possible User PIN’s that can be used to protect various certificates.

I understood the previous response:
1 slot -> 1 User PIN
at the same time

saper · December 21, 2020, 2:49pm

There is only one User-PIN.