Hi Guys,
i have some issues connecting a Nitrokey HSM to a virtual machine. My setup currently looks this way:
VMware host: Windows 10 with VMware Workstation 12 Player
VMware guest (virtual machine): CentOS 7 (all the latest updates, kernel 3.10.0-514.6.2.el7.x86_64)
USB passthrough works in general, i could verify that with standard USB disks and an USB based HSM by another vendor, both worked fine. When i connect the Nitrokey HSM to the virtual machine, it is also shown as USB device Clay Logic (see ** ** in the following output)
[root@server ~]# lsusb
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
** Bus 002 Device 004: ID 20a0:4230 Clay Logic**
Bus 002 Device 003: ID 0e0f:0002 VMware, Inc. Virtual USB Hub
Bus 002 Device 002: ID 0e0f:0003 VMware, Inc. Virtual Mouse
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
But when i try to access the HSM, either with sc-hsm-tool or pkcs11-tool, both tell me that there is no token available.
[root@server ~]# opensc-tool -l
No smart card readers found.
[root@server ~]# pkcs11-tool --module /usr/lib64/opensc-pkcs11.so -I
Cryptoki version 2.20
Manufacturer OpenSC (www.opensc-project.org)
Library Smart card PKCS#11 API (ver 0.0)
No slot with a token was found.
OpenSC is installed in version 0.14.0 (latest availlable version via yum), sc-hsm driver (i guess this should be the right driver) should be enabled.
[root@server ~]# opensc-tool -i
OpenSC 0.14.0 [gcc 4.8.5 20150623 (Red Hat 4.8.5-11)]
Enabled features: zlib readline openssl pcsc(libpcsclite.so.1)
[root@server ~]# opensc-tool -D
Configured card drivers:
cardos Siemens CardOS
flex Schlumberger Multiflex/Cryptoflex
cyberflex Schlumberger Cyberflex
gpk Gemplus GPK
gemsafeV1 driver for the Gemplus GemSAFE V1 applet
miocos MioCOS 1.1
mcrd MICARDO 2.1 / EstEID 1.0 - 3.0
asepcos Athena ASEPCOS
starcos STARCOS SPK 2.3/2.4
tcos TCOS 3.0
openpgp OpenPGP card
jcop JCOP cards with BlueZ PKCS#15 applet
oberthur Oberthur AuthentIC.v2/CosmopolIC.v4
authentic Oberthur AuthentIC v3.1
iasecc IAS-ECC
belpic Belpic cards
ias IAS
incrypto34 Incard Incripto34
acos5 ACS ACOS5 card
akis TUBITAK UEKAE AKIS
entersafe entersafe
epass2003 epass2003
rutoken Rutoken driver
rutoken_ecp Rutoken ECP driver
westcos WESTCOS compatible cards
myeid MyEID cards with PKCS#15 applet
sc-hsm SmartCard-HSM
dnie DNIe: Spanish eID card
setcos Setec cards
muscle MuscleApplet
atrust-acos A-Trust ACOS cards
piv PIV-II for multiple cards
itacns Italian CNS
default Default driver for unknown cards
Could you give me a hint what the problem could be? Thanks a lot in advance!