Nitrokey HSM Token Label


#1

When creating a token label during the initialisation of a Nitrokey HSM with pkcs11-tool, the token label specified on the command line is preceded by “UserPIN (” and terminated with a “)” when displayed from a call to pkcs11-tool with the -M option. So my label of “mylabel” is stored as “UserPIN (mylabel)” on the token. Is there a way to avoid the addition of these extraneous characters?

Thanks,

Andrew Twigger


#2

Hi,

this is new to me, what exact command did you use?

Kind regards
Alex


#3

Hi Alex,

Here are the commands and output that show the additional text in the token label:

sc-hsm-tool --initialize --so-pin 3537363231383830 --pin Andrew12345 --label "Nitrokey_Twysoft_01"

	pkcs11-tool --module /usr/local/lib/opensc-pkcs11.so -L

Available slots:

Slot 0 (0x0): Nitrokey Nitrokey HSM

token label : UserPIN (Nitrokey_Twysoft_01)

token manufacturer : www.CardContact.de

token model : PKCS#15 emulated

token flags : login required, rng, token initialized, PIN initialized

hardware version : 24.13

firmware version : 2.6

serial num : DENK0101507

pin min/max : 6/15

It seems that the UserPIN (….) has been added by sc-hsm-tool.

Kind regards,

Andrew


#4

Hi,

this is “normal” behaviour and is the same for other cards (like OpenPGP Card). Thus, this is a OpenSC thing, which is not actually saved on your HSM, but just represented this way by OpenSC’s command. I don’t know, why it is done this way, but a general change in OpenSC would be needed to get rid of it.

The label is saved correctly though.

Kind regards
Alex