Nitrokey HSM 2: Failed to connect to card

mike · March 25, 2019, 10:18pm

We have a couple of Nitrokey HSM 2 devices. When we attempt to use any opensc tool, we receive the following error:

Pkcs15-tool -D returns:
Using reader with a card: Nitrokey Nitrokey HSM (DENK…
Failed to connect to card: Card is invalid or cannot be handled

The dmesg tool identifies the device when we plug it in and provides the product string “Product: Nitrokey HSM.” Our user account has access to USB devices.

We are running Ubuntu 16.04 with the following tool versions (from apt):

opensc 0.15.0-1ubuntu1 amd64
opensc-pkcs11 0.15.0-1ubuntu1 amd64
pcsc-tools is 1.4.25-1 amd64

Are there any other tips, hints, or tricks to try?

jan · March 26, 2019, 7:32am

I believe your OpenSC 0.15 is too old. We provide updated OpenSC packages for Ubuntu here.

mike · March 27, 2019, 12:10pm

You were correct. Thanks!

mike · March 27, 2019, 4:31pm

Hey jan, another quick question. I wrote to the support group about obtaining the SmartCard-HSM SDK. I read here that the SDK would be provided on request.

Is it true that the support team can provide me with a copy of the SDK?

jan · March 27, 2019, 5:03pm

Yes.

mike · March 27, 2019, 6:19pm

Great! Thanks. I sent an email directly to support@nitrokey.com. I’ll await a response.

daubsi · March 17, 2020, 8:30pm

I wrote an email over one month ago already asking for the SDK but did not receive an answer by now. Are there any special pre-requisites I need to provide to obtain the SDK that I might not have considered before asking?

szszszsz · March 18, 2020, 6:56am

Hi @daubsi!

Please register to the CardContact Developer Network (CDN) and download the SDK from there. More information on the HSM vendor’s support page.

sc-hsm · March 18, 2020, 9:21am

We do no longer provide a SDK, but make all the artifacts available in a GIT repository at the CDN. You need to register at the PKI-as-a-Service Portal to obtain a X.509 certificate, from which the key can be used to authenticate via ssh+git.

The following repos are available

scsh-mods - the modules from the scsh directory of a Smart Card Shell installation
sc-hsm-sdk-scripts - the example scripts and test suites from the scripting workspace
pki-as-a-service - the PKI-as-a-Service portal
ocf - the OpenCard Framework (a Java card middleware)
scdp4j - the JavaScript GP scripting framework
scsh3 - the Smart Card Shell
scriptingserver - the OpenSCDP scripting server
sc-hsm-jceprovider - The Java JCE Provider for the SmartCard-HSM
sc-hsm-pgp - A PGP implementation for the SmartCard-HSM
sc-hsm-android-example - an Android example application to access a SmartCard-HSM via USB, NFC or as MicroSD card with embedded SE
sc-hsm-android-library - A library with the requires low level common modules for Android

You can obtain a list of repositories when you connect via

ssh git@devnet.cardcontact.de

The scripting workspace is available as part of the sc-hsm-starterkit.