After deleting a certificate, also the public key is gone. I think the public key should not be dependent directly to the certificate. Any idea what the problem or mistake on my side could be?
Can be reproduced with:
$ sc-hsm-tool --initialize --so-pin 3537363231383830 --pin 648219 --label "Testkey"
Using reader with a card: Nitrokey Nitrokey HSM (DENK01040070000 ) 00 00
$ pkcs11-tool --login --pin 648219 --keypairgen --key-type rsa:1024 --id 11 --usage-sign --label "TestKey 1" --sensitive --private
Using slot 0 with a present token (0x0)
Key pair generated:
Private Key Object; RSA
label: TestKey 1
ID: 11
Usage: sign, unwrap
Access: none
Public Key Object; RSA 1024 bits
label: TestKey 1
ID: 11
Usage: verify, wrap
Access: none
$ openssl req -engine pkcs11 -keyform engine -new -key 11 -nodes -days 35600 -x509 -sha256 -out "id11-cert.pem" -subj "/CN=Test Cert 1" -key "pkcs11:pin-value=648219" engine "pkcs11" set.
$ pkcs11-tool --login --pin 648219 --write-object id11-cert.pem --type cert --id 11
Using slot 0 with a present token (0x0)
Created certificate:
Certificate Object; type = X.509 cert
label: Certificate
subject: DN: CN=Test Cert 1
ID: 11
$ pkcs11-tool --login --pin 648219 --list-objects
Using slot 0 with a present token (0x0)
Private Key Object; RSA
label: Certificate
ID: 11
Usage: sign, unwrap
Access: sensitive, always sensitive, never extractable, local
Certificate Object; type = X.509 cert
label: Certificate
subject: DN: CN=Test Cert 1
ID: 11
Public Key Object; RSA 1024 bits
label: Certificate
ID: 11
Usage: encrypt, verify
Access: local
$ pkcs11-tool --login --pin 648219 --delete-object --type cert --id 11
Using slot 0 with a present token (0x0)
$ pkcs11-tool --login --pin 648219 --list-objects
Using slot 0 with a present token (0x0)
Private Key Object; RSA
label: Certificate
ID: 11
Usage: sign, unwrap
Access: sensitive, always sensitive, never extractable, local
Versions:
$ opensc-tool --info
OpenSC 0.20.0 [gcc 9.2.1 20200123]
Enabled features: locking zlib readline openssl pcsc(libpcsclite.so.1)
$ pkcs11-tool -I | head
Using slot 0 with a present token (0x0)
Cryptoki version 2.20
Manufacturer OpenSC Project
Library OpenSC smartcard framework (ver 0.20)