NitroKey HSM 2 and secp521r1 vs 384

I noticed using the latest version of OpenSC that I can generate P-384 and P-521 EC keys which work just fine. The capabilities don’t seem to list the P-384. I also noticed that I can put the P-384 certs back into the HSM 2 but not the P-521.

Has anyone tested these yet? Maybe I’m missing something obvious.


Somehow related (P-521 in common): Can't import NISTP521 encryption key into Nitrokey Pro 2

What command did you use? I tried opensc-tool --list-algorithms and it showed 384 capabilities. Afaik OpenSC does not show fine grained curve informations, does it?

Can you provide us with explicit commands you used to create the certs and to import them? Then I can try to reproduce and/or debug.

@sc-hsm are there any problems known regarding 521 cert import?

In the published FAQ sheet on the website