Hi all,

Getting set up with a Nitrokey HSM. I had it working for a bit - but when trying to register with CardContact (I think?) it seems to no longer have an application on the card.
It may be my tooling changes - trying to get an SSH key working from the card for the CardContact git repo. I’m not sure.

Has anyone else had this happen? Are you able to share any light on what’s going on here?

Here’s some output:
$ sc-hsm-tool
Using reader with a card: Nitrokey Nitrokey HSM
Failed to select application: File not found

$ pkcs11-tool --show-info
Cryptoki version 2.20
Manufacturer OpenSC Project
Library OpenSC smartcard framework (ver 0.19)
No slot with a token was found.

After removing the USB key - this shows that pkcs11-tool is at least talking to the key here?

$ pkcs11-tool --show-info
Cryptoki version 2.20
Manufacturer OpenSC Project
Library OpenSC smartcard framework (ver 0.19)
No slots.

Here is with another HSM - this one is uninitialised fresh out of the bag - same tooling.

$ pkcs11-tool --show-info
Cryptoki version 2.20
Manufacturer OpenSC Project
Library OpenSC smartcard framework (ver 0.19)
Using slot 0 with a present token (0x0)

$ sc-hsm-tool
Using reader with a card: Nitrokey Nitrokey HSM
Version : 2.5
SmartCard-HSM has never been initialized. Please use --initialize to set SO-PIN and user PIN.

@sc-hsm What’s your idea?

In the logs at www.pki-as-a-service.net I can see, that a firmware update was started and then interrupted.

I suspect the process was interrupted when the user switched to apply for a DevNet-CA certificate at the same time. Interrupted firmware updates leave the device in a non-operational state, however there is a recovery procedure described at [1].

The required recovery token is mentioned in the service request’s history.

[1] https://www.smartcard-hsm.com/firmware.html

OK - let me try that.

I clicked the firmware update button but it immediately failed - I was sure I had used it after that, but, perhaps not.

Thanks fro your help so far.

So reading here, how can I get access to the service request history you mention, @sc-hsm?

Can I log in and see it with a different Nitrokey HSM, or does that need to be retrieved by someone privileged?

You can register and login with a different token and see that in your requests (it’s request 390).

If that does not work, I could send you the token by PM.

Hi,

I can only see the requests for the new token, not the old one - as I have registered with a new email address, expecting it to be required to be unique - though I wonder if that really is the case.

If I can register with the same email address twice, is it possible to unregister this new token, and register a new one?

Sorry for all the run around here.

No need to have an unique e-mail per token. You can register as many token as you like for the same e-mail. The e-mail address is your unique account identifier.

Andreas

OK - thanks, I understand.

Can I unregister my second account & token, so I can re-register it to the same account as the first? There doesn’t seem to be a way to re-register a token to a different account.

Unfortunately this is not supported in the current version of the portal.

Ok, thanks.

Are you able to PM me the token for request 390, in that case? I don’t have another HSM with me to register against.