for backward-support reasons i need to import an existing private/public keypair into the HSM 2.
This pair is present as two seperate .der files and was generated with openSSL some time ago (secp256r1 alias EC:prime256v1).
I had successfully initialized (SO-PIN, PIN, DKEK share) my HSM2 with OpenSC (sc-hsm-tool), went thru the other tools of OpenSC (pkcs11-tool, pkcs15-tool, generating keypairs…).
For the import i have tried:
pkcs11-tool --login --pin PINPIN --write-object private_key.der --type privkey --usage-sign --key-type EC:prime256v1 --id 10
but it failed:
PKCS11 function C_CreateObject failed: rv = CKR_ATTRIBUTE_VALUE_INVALID (0x13)
At another post i have read about to use SmartCardShell, but it requires a pkcs12 ‘container’ (if i got it right). I have also tried to use the nice XCA tool, but it freezes at the point of importing the .der file.
Please help, any advice is welcome !