When creating a token label during the initialisation of a Nitrokey HSM with pkcs11-tool, the token label specified on the command line is preceded by “UserPIN (” and terminated with a “)” when displayed from a call to pkcs11-tool with the -M option. So my label of “mylabel” is stored as “UserPIN (mylabel)” on the token. Is there a way to avoid the addition of these extraneous characters?
this is new to me, what exact command did you use?
Here are the commands and output that show the additional text in the token label:
sc-hsm-tool --initialize --so-pin 3537363231383830 --pin Andrew12345 --label "Nitrokey_Twysoft_01"
pkcs11-tool --module /usr/local/lib/opensc-pkcs11.so -L
Slot 0 (0x0): Nitrokey Nitrokey HSM
token label : UserPIN (Nitrokey_Twysoft_01)
token manufacturer : www.CardContact.de
token model : PKCS#15 emulated
token flags : login required, rng, token initialized, PIN initialized
hardware version : 24.13
firmware version : 2.6
serial num : DENK0101507
pin min/max : 6/15
It seems that the UserPIN (….) has been added by sc-hsm-tool.
this is “normal” behaviour and is the same for other cards (like OpenPGP Card). Thus, this is a OpenSC thing, which is not actually saved on your HSM, but just represented this way by OpenSC’s command. I don’t know, why it is done this way, but a general change in OpenSC would be needed to get rid of it.
The label is saved correctly though.