When trying to use pkcs11-tool or sc-hsm-tool, the HSM2 ios not being recognized as a SC reader.
A check of lsusb shows that HSM to be plugged in.
Output of pkcs11-tool -I:
Cryptoki version 3.0
Manufacturer OpenSC Project
Library OpenSC smartcard framework (ver 0.22)
No slots.
I did recently update GnuPG (building from source) to be able to use OpenPGP cards v3.4 (no prebuilt options that support 4096 bit RSA keys). Read another poster stating that OpenSC is somewhat incompatible with GNuPG. Since there is a module opensc-pkcs11.so that gets loads with the pkcs11-tools command, would that mean that the openssl engine is getting used with this command?
What is the equivalent engine in GNuPG builds then?
There is also that fact OpenSSL is building their own SC module so OpenSC has stopped development on their SSL engine.
Tried doing reinstall of opensc & opensc-pkcs11, but still have same error.
(Sorry if parts make no sense. I’m just starting to learn about this and not a developer.)
Sorry, I have made a mistake in that listing. It should be systemctl restart there, not systemctl stop. Can you check again?
Can you check if the Nitrokey is listed in the system log?
$ dmesg | grep Nitrokey -C4
Regarding other questions:
Since there is a module opensc-pkcs11.so that gets loads with the pkcs11-tools command, would that mean that the openssl engine is getting used with this command?
Yes, OpenSSL can use OpenSC libraries as an engine.
What is the equivalent engine in GNuPG builds then?
I believe the GnuPG does not share any engine library. There is a proxy library, which allows to use HSM as an OpenPGP smartcard, however I do not recall its name unfortunately.
First thing did it I had tried starting the pcscd service again when testing myself, but I did overlook starting the socket again.
So I’m essentially limited to using one or the other modules unless manually starting stopping gpg and pcscd services?
SInce the RSA 4096 keys were not able to be stored until OpenPGP card v3.4 and the Nitrokey HSM 2 uses 4096 keys and it’s basically a SC and SC reader combined, why shouldn’t the same engine read my v3.4 SC?
Are the 4096 keys not being implemented the same as in both scenario (i.e. natively) or have I just been to lazy to try to get my SCs setup without a GUI (Kleopatra)?