I understand importing a key into the HSM is not a ‘normal’ use case,
but (as others on this board) I have an existing key which has already been used for certificate signing
and I would like to secure it rather than starting over with a new key.
Nitro HSM, using the Smart Card shell tool, on Ubuntu 16.04.
Smart Card Shell 3.15.359
I have initialized the Nitrokey HSM device, defined a SO PIN, User PIN, one DKEK share.
defined a DKEK,
imported the DKEK,
then attempted “Import from PKCS#12” on the smart card shell.
Answered the prompt for the DKEK import file and password,
answered the prompt for the .p12 file,
then got an error
Importing key and certificate... GPError: Card (CARD_INVALID_SW/27264) - "Unexpected SW1/SW2=6A80 (Checking error: Incorrect parameter in the command data field) received" in /home/tony/temp_security3/nitrokey/SmartCardShell/scsh3.15.359/scsh/sc-hsm/SmartCardHSM.js#1238 at /home/tony/temp_security3/nitrokey/SmartCardShell/scsh3.15.359/scsh/sc-hsm/SmartCardHSM.js#1238 at /home/tony/temp_security3/nitrokey/SmartCardShell/scsh3.15.359/scsh/sc-hsm/HSMKeyStore.js#300 at /home/tony/temp_security3/nitrokey/SmartCardShell/scsh3.15.359/keymanager/keymanager.js#1889 at /home/tony/temp_security3/nitrokey/SmartCardShell/scsh3.15.359/keymanager/keymanager.js#2043
And so: what is the best method for import of a PKCS#12 file?
Is there a way around this error, or is there a better method to accomplish this.