[Nitrokey HSM] Cannot use PKCS11 library on my App

Hi there,

I recently bought one NitroHSM2 to use is with my Java App.

I need to perform AES Keygen, Encrypt and Decrypt on the HSM, so I installed make install the sc-hsm-embedded pkcs11 so library.

But when I start my App with library path = /usr/local/lib/libsc-hsm-pkcs11.so and slot = 0 I got this error
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_SLOT_ID_INVALID
at sun.security.pkcs11.wrapper.PKCS11.C_GetSlotInfo(Native Method) ~[jdk.crypto.cryptoki:?]
at sun.security.pkcs11.SunPKCS11.(SunPKCS11.java:370) ~[jdk.crypto.cryptoki:?]
I don’t know what to do …

It work well with opensc pkcs11 library, I can connect to the HSM and do supported operations (only asymmetric ones)

I also enabled pkcs11 debug. I can provide pkcs11 library log if need.

Please help me, I really need to get this working.

Tried some other pkcs11 providers? The Sun’s one is known to have lots of issues…

No I have not, because it worked well with another USB HSM, from another brand I used, with all cryptographic functions.

All the software was doing great, but since I started to use the sc-hsm-embedded pkcs11 shared library, it stoped working completely.

So, I assume the problem must from the sc-hsm-embedded pkcs11 shared library , since the SUN PKCS11 provider work well with at least two other pkcs11 shared library.

@sc-hsm Maybe you can help with that ?

We are not testing integration with the SUN PKCS11 provider as we usually integrate with the OpenSC-JAVA JCE-Provider. We also maintain a dedicated JCE-Provider that works with the SmartCard-HSM natively.

I’d suggest to add PKCS11SPY to figure out what is going wrong at the interface and enable logging in the module.