[Nitrokey HSM] ECC secp256k1 key generation and usage

Nitrokeys Misc
1

Hi,
I would like to generate EC key pair (secp256k1) on HSM. And export public key to publish.
And then i will sign a payload digest (SHA256).
At client side i will verify signed payload.
Client side is an embedded device. I will use micro-ecc (https://github.com/kmackay/micro-ecc)

  1. How can I create EC key pair on HSM programmaticaly. I use JavaScript / NodeJS / Ubuntu or .Net Core / Ubuntu. Any sample code?
  2. Is it possible to export public key from HSM?
  3. In Micro-ECC project public key represented as only 64 bytes long byte array. It looks like has no any format. I saw public key represented in some formats. How can i translate a public key into 64 byte length byte array?
    BR
2

You can use pkcs11-tool from OpenSC to generate an EC key pair and yes, you can export the public key.

If the public key is 64 bytes, then it is the x and y coordinate of the public point on the curve (each with 256 bit). Just discard the leading ‘04’ from the public key as exported by pkcs11-tool and you’re done.