Nitrokey HSM2 4K: Unwrap not working after firmware update 3.3 to 3.5

mstein · November 24, 2021, 7:21am

Hi,

I first made a backup with wrap, then updated the Nitrokey HSM2 from firmware 3.3 to 3.5. Then initialized the Nitrokey with:

sc-hsm-tool --initialize --so-pin xxxxxxxx --pin yyyyyyy -s 1
sc-hsm-tool --import-dkek-share ..\dkek-share-1.pbe
sc-hsm-tool --unwrap-key backup.bin --key-reference 1

Then it shows:

Using reader with a card: Nitrokey Nitrokey HSM 0
Wrapped key contains:
  Key blob
  Private Key Description (PRKD)
Enter User PIN :
Key successfully imported

After pkcs15-tool -D there is only UserPIN and SOPIN visible.

Even pkcs15-tool -k shows no key
Using reader with a card: Nitrokey Nitrokey HSM 0

When I try to import again, I get:
Found existing private key description in EF with fid c401. Please remove key first, select unused key reference or use --force.

So seems the key is already present.

I also tried to import the related certificate and intermediate certificate, but still there is no private key shown.

What am I doing wrong?

I remember creating a backup token with 3.3 with this way successfully. But no more after the update to 3.5.

Best regards,
Markus

saper · November 28, 2021, 11:58pm

Can you try the following commands (I show them below with the sample output of one of the Nitrokeys I have):

> opensc-explorer
OpenSC Explorer version 0.21.0
Using reader with a card: Nitrokey Nitrokey HSM (DENK01037780000         ) 00 00
OpenSC [3F00]> cd aid:E82B0601040181C31F0201
OpenSC [E82B/0601/0401/81C3/1F02/01]> ls
FileID	Type  Size
 2F02 	 wEF   462
 C401 	 wEF    32
 CE01 	 wEF   759
 C402 	 wEF   109
 CE02 	 wEF  1077
 C403 	 wEF    62
 CE03 	 wEF   657
 CE04 	 wEF   490
 C404 	 wEF    46
 CE05 	 wEF   490
 C405 	 wEF    42
 CC00 	 wEF     0
 CC01 	 wEF     0
 CC02 	 wEF     0
 CC03 	 wEF     0
 CC04 	 wEF     0
 CC05 	 wEF     0
OpenSC [E82B/0601/0401/81C3/1F02/01]> asn1 c401
30 SEQUENCE (30 bytes)
   30 SEQUENCE (7 bytes)
      0C UTF8String (5 bytes): Key01
   30 SEQUENCE (7 bytes)
      04 OCTET STRING (1 byte): 01 .
      03 BIT STRING (2 bytes): 101110
   A1 Context 1  (10 bytes)
      30 SEQUENCE (8 bytes)
         30 SEQUENCE (2 bytes)
            04 OCTET STRING (0 bytes)
         02 INTEGER (2 bytes): 2048

can you show how are you trying to execute these steps? the trick might be to make sure they have the same IDs that match the private key IDs.

mstein · December 6, 2021, 7:11am

Hi,

that’s the output after import:

OpenSC [3F00]> cd aid:E82B0601040181C31F0201
OpenSC [E82B/0601/0401/81C3/1F02/01]> ls
FileID  Type  Size
 2F02    wEF   462
 CA00    wEF  1195
 C800    wEF    55
 CA01    wEF  1533
 C801    wEF    39
 C401    wEF  1533
 CC00    wEF     0
 CC01    wEF     0

I’m doing the import this way (replaced the pins):

sc-hsm-tool --initialize --so-pin xxxxxxxxxxxxxxxx --pin yyyyyy -s 1
sc-hsm-tool --import-dkek-share ..\dkek-share-1.pbe
sc-hsm-tool --unwrap-key backup.bin --key-reference 1
pkcs11-tool -l --write-object ..\Intermediate1.der --type cert
pkcs11-tool -l --write-object ..\mycertfile.der --type cert --label "MyCodeSignCert"

saper · December 17, 2021, 10:36pm

What does asn1 c401 say in the opensc explorer?

I think your private key got imported correctly, the only problem is that the certificate will not be matched.

Can you try to import the certificate by right clicking they key in the scsh Smart-Card shell?

mstein · December 20, 2021, 11:47am

asn1 c401 reports something like a certificate.

30 SEQUENCE (1529 bytes)
   30 SEQUENCE (1249 bytes)
      A0 Context 0  (3 bytes)
         02 INTEGER (1 byte): 2
...

It has 2.5.4.10, O with organization name.
2.5.4.3, CN with common name
…

  30 SEQUENCE (110 bytes)
     31 SET (11 bytes)
        30 SEQUENCE (9 bytes)
           06 OBJECT IDENTIFIER (3 bytes):  2.5.4.6, C
           13 PrintableString (2 bytes): BE
     31 SET (25 bytes)
        30 SEQUENCE (23 bytes)
           06 OBJECT IDENTIFIER (3 bytes):  2.5.4.10, O
           13 PrintableString (16 bytes): GlobalSign nv-sa
     31 SET (68 bytes)
        30 SEQUENCE (66 bytes)
           06 OBJECT IDENTIFIER (3 bytes):  2.5.4.3, CN
           13 PrintableString (59 bytes): GlobalSign Extended Validation CodeSigning CA - SHA256 - G3
  30 SEQUENCE (30 bytes)
     17 UTCTIME (13 bytes): 19-10-29 15:06:17 UTC
     17 UTCTIME (13 bytes): 22-10-29 15:06:17 UTC

even contains the validity dates. Do you need anything specific?

Can you try to import the certificate by right clicking they key in the scsh Smart-Card shell?

In the Smart-Card shell I can see (replaced id)

DKEK with KCV XXXXXXXXXXX 
--> undefined (1)
   --> Subject Key Identifier: XXXXXXXXXXXXXX

Rightlick is only possible on DKEK with KCV XXXXXXXXX but there I only have:

Delete Key Encryption Key
Delete Key Domain

I used the Keymanager in the Smart-Card shell.

On the already imported intermediate certificate I can dump or export this, but no import button.

On the root node (SmartCard-HSM) I can:

Initialize Device
Create DKEK Share
Export Device ID

Where should be the import button?
Using scsh 3.17.548

saper · December 20, 2021, 8:33pm

One thing which is I think is wrong is that you are doing --write-object without giving pkcs11-tools any details about the IDs of the object to import.

Your keys were obviously generated somewhere else. Has the desired X.509 certificate been already imported before you did the backup of a wrapped key? Or just the key got generated?

Strange, C401 should be so-called “private key information object” and should not contain the
certificate. Is CA01 containing the same information?

Can you please ONLY do the following:

sc-hsm-tool --initialize --so-pin xxxxxxxxxxxxxxxx --pin yyyyyy -s 1
sc-hsm-tool --import-dkek-share ..\dkek-share-1.pbe
sc-hsm-tool --unwrap-key backup.bin --key-reference 1

and then do the following again:

start opensc-explorer

cd aid:E82B0601040181C31F0201
ls
asn1 c401
asn1 ce01

Please DO NOT try to import any certificates yet.

mstein · December 21, 2021, 9:44am

Here the results after your three suggested commands (initialize, import, unwrap key):

OpenSC [3F00]> cd aid:E82B0601040181C31F0201
OpenSC [E82B/0601/0401/81C3/1F02/01]> ls
FileID  Type  Size
 2F02    wEF   462
 C401    wEF  1533
 CC00    wEF     0
 CC01    wEF     0

now

asn1 c401

still looks the same with CN, O …

But the next command:

OpenSC [E82B/0601/0401/81C3/1F02/01]> asn1 ce01
Unable to select file: File not found

sc-hsm · December 21, 2021, 10:58am

The problem seems to be with the original key blob. Apparently OpenSC things that the blob contains the key and the PRKD, but no certificate:

Using reader with a card: Nitrokey Nitrokey HSM 0
   Wrapped key contains:
     Key blob
     Private Key Description (PRKD)
   Enter User PIN :

The PRKD goes into C4xx, but in your case the PRKD contains the certificate. I’ve no idea how the certificate could end up in PRKD. How did you create the key blob ? With sc-hsm-tool --wrap-key ? Which version of OpenSC ?

On the SmartCard-HSM, the certificate is always hard-linked to the key and written to CExx. The key is referenced by CCxx, the PRKD by C4xx and the linked certificate by CExx.

Certificates without a private key on the device are written to CAxx, where xx is dynamically allocated in the range 00 to FF. The certificate meta data is written to C8xx.

As long as the wrapped key is fine, it should be possible to reconstruct the PRKD. But we first need to find out how this happened.

mstein · December 21, 2021, 11:26am

The backup was done with I think with 0.20 or 0.21.

Yes, using

sc-hsm-tool --wrap-key C:\Temp\wrap-key.bin --key-reference 1

to backup.

I’m using on my local windows 10 computer 0.22 and as I can see it is exactly: OpenSC-0.22.0-rc1
I wonder why I got a RC. Filedate is 10.08.2021. Maybe file version (remove rc1) was not changed after release, as on github the 0.22 was released exactly on that date.

I currently have one device with old firmware and works fine (in production) where I also created a backup (wrap key) again, but this didn’t help on the new firmware on the current device, too.

My main intention was:
Update firmware to fix vulnerabilities, install key + certificate again.

sc-hsm · December 21, 2021, 11:27am

Can you run the following script in the Smart Card Shell ?

var File = require("scsh/file/File").File;
var f = new File("Joe Doe (RSA2048)(1).wky");
var bin = f.readAllAsBinary();
f.close();
print(new ASN1(bin));

That should output the content of the key blob, which should contain three elements like the example below:

SEQUENCE SIZE( 2008 )
  ### Wrapped key
  OCTET-STRING SIZE( 971 )
    0000  FB 0F 2D 5D E9 4A 75 BB 06 00 0A 04 00 7F 00 07  ..-].Ju.........
    --- lot of wrapped key here
    03C0  C8 14 4D 5D 95 02 09 4C 4A F8 C8                 ..M]...LJ..
  ### PRKD
  SEQUENCE SIZE( 61 )
    SEQUENCE SIZE( 19 )
      UTF8-STRING SIZE( 17 )
        0000  4A 6F 65 20 44 6F 65 20 28 52 53 41 32 30 34 38  Joe Doe (RSA2048
        0010  29                                               )
    SEQUENCE SIZE( 26 )
      OCTET-STRING SIZE( 20 )
        0000  FA A1 11 8A EF 19 2B E1 2A 63 4F 50 50 D1 E4 23  ......+.*cOPP..#
        0010  51 60 03 26                                      Q`.&
      BIT-STRING SIZE( 2 )
        0000  02 74                                            .t
    A1 [ CONTEXT 1 ] IMPLICIT SEQUENCE SIZE( 10 )
      SEQUENCE SIZE( 8 )
        SEQUENCE SIZE( 2 )
          OCTET-STRING SIZE( 0 )
        INTEGER SIZE( 2 )
          0000  08 00                                            ..
  ### Certificate
  SEQUENCE SIZE( 966 )
    SEQUENCE SIZE( 686 )
      A0 [ CONTEXT 0 ] IMPLICIT SEQUENCE SIZE( 3 )
        INTEGER SIZE( 1 )
          0000  02                                               .
      INTEGER SIZE( 8 )
        0000  6F CB 96 26 0B C4 A0 63                          o..&...c
      SEQUENCE SIZE( 13 )
        OBJECT IDENTIFIER = { sha256WithRSAEncryption }
        NULL SIZE( 0 )
      SEQUENCE SIZE( 67 )
        SET SIZE( 11 )
          SEQUENCE SIZE( 9 )
            OBJECT IDENTIFIER = { id-at-countryName }
            PRINTABLE-STRING SIZE( 2 )
              0000  44 45                                            DE
        SET SIZE( 20 )
          SEQUENCE SIZE( 18 )
            OBJECT IDENTIFIER = { id-at-organizationName }
            UTF8-STRING SIZE( 11 )
              0000  43 61 72 64 43 6F 6E 74 61 63 74                 CardContact
        SET SIZE( 30 )
          SEQUENCE SIZE( 28 )
            OBJECT IDENTIFIER = { id-at-commonName }
            UTF8-STRING SIZE( 21 )
              0000  43 61 72 64 43 6F 6E 74 61 63 74 20 44 65 6D 6F  CardContact Demo
              0010  20 43 41 20 31                                    CA 1
      SEQUENCE SIZE( 30 )
        UTC SIZE( 13 )
          0000  32 31 31 32 32 31 31 31 31 38 31 39 5A           211221111819Z
        UTC SIZE( 13 )
          0000  32 34 31 32 32 30 31 31 31 38 31 39 5A           241220111819Z
      SEQUENCE SIZE( 95 )
        SET SIZE( 11 )
          SEQUENCE SIZE( 9 )
            OBJECT IDENTIFIER = { id-at-countryName }
            PRINTABLE-STRING SIZE( 2 )
              0000  44 45                                            DE
        SET SIZE( 20 )
          SEQUENCE SIZE( 18 )
            OBJECT IDENTIFIER = { id-at-organizationName }
            UTF8-STRING SIZE( 11 )
              0000  43 61 72 64 43 6F 6E 74 61 63 74                 CardContact
        SET SIZE( 30 )
          SEQUENCE SIZE( 28 )
            OBJECT IDENTIFIER = { id-at-organizationalUnitName }
            UTF8-STRING SIZE( 21 )
              0000  43 61 72 64 43 6F 6E 74 61 63 74 20 44 65 6D 6F  CardContact Demo
              0010  20 43 41 20 31                                    CA 1
        SET SIZE( 26 )
          SEQUENCE SIZE( 24 )
            OBJECT IDENTIFIER = { id-at-commonName }
            UTF8-STRING SIZE( 17 )
              0000  4A 6F 65 20 44 6F 65 20 28 52 53 41 32 30 34 38  Joe Doe (RSA2048
              0010  29                                               )
      SEQUENCE SIZE( 290 )
        SEQUENCE SIZE( 13 )
          OBJECT IDENTIFIER = { rsaEncryption }
          NULL SIZE( 0 )
        BIT-STRING SIZE( 271 )
          0000  00 30 82 01 0A 02 82 01 01 00 C6 CC 74 1F BF 65  .0..........t..e
          0010  C1 89 39 74 89 97 D2 72 00 F0 8C F3 48 3F C3 89  ..9t...r....H?..
          ...
          00F0  0B 06 78 CF 2C 8A DA 2E E4 B0 7A EE 62 B0 FC 0E  ..x.,.....z.b...
          0100  EC B6 12 C2 BF A3 86 4D E6 8D 02 03 01 00 01     .......M.......
      A3 [ CONTEXT 3 ] IMPLICIT SEQUENCE SIZE( 161 )
        SEQUENCE SIZE( 158 )
          SEQUENCE SIZE( 29 )
            OBJECT IDENTIFIER = { id-ce-subjectKeyIdentifier }
            OCTET-STRING SIZE( 22 )
              0000  04 14 FA A1 11 8A EF 19 2B E1 2A 63 4F 50 50 D1  ........+.*cOPP.
              0010  E4 23 51 60 03 26                                .#Q`.&
          SEQUENCE SIZE( 31 )
            OBJECT IDENTIFIER = { id-ce-authorityKeyIdentifier }
            OCTET-STRING SIZE( 24 )
              0000  30 16 80 14 CB A2 1D 7F EB 65 D1 E4 44 64 98 2A  0........e..Dd.*
              0010  16 04 7A 57 D4 65 F4 7B                          ..zW.e.{
          SEQUENCE SIZE( 12 )
            OBJECT IDENTIFIER = { id-ce-basicConstraints }
            BOOLEAN SIZE( 1 )
              0000  FF                                               .
            OCTET-STRING SIZE( 2 )
              0000  30 00                                            0.
          SEQUENCE SIZE( 14 )
            OBJECT IDENTIFIER = { id-ce-keyUsage }
            BOOLEAN SIZE( 1 )
              0000  FF                                               .
            OCTET-STRING SIZE( 4 )
              0000  03 02 05 A0                                      ....
          SEQUENCE SIZE( 31 )
            OBJECT IDENTIFIER = { id-ce-subjectAltName }
            OCTET-STRING SIZE( 24 )
              0000  30 16 81 14 6A 6F 65 2E 64 6F 65 40 6F 70 65 6E  0...joe.doe@open
              0010  65 68 69 63 2E 6F 72 67                          ehic.org
          SEQUENCE SIZE( 29 )
            OBJECT IDENTIFIER = { id-ce-extKeyUsage }
            OCTET-STRING SIZE( 22 )
              0000  30 14 06 08 2B 06 01 05 05 07 03 02 06 08 2B 06  0...+.........+.
              0010  01 05 05 07 03 04                                ......
    SEQUENCE SIZE( 13 )
      OBJECT IDENTIFIER = { sha256WithRSAEncryption }
      NULL SIZE( 0 )
    BIT-STRING SIZE( 257 )
      0000  00 1B 0B A2 0D 44 E9 7D A8 65 A3 FE 88 65 1B 03  .....D.}.e...e..
      ...
      00F0  78 84 C3 C3 A2 48 69 62 E5 F5 39 8B 52 AA A5 57  x....Hib..9.R..W
      0100  E2                                               .

mstein · December 21, 2021, 11:34am

Das System kann die angegebene Datei nicht finden) (C:\Users\Markus.Stein\Downloads\scsh3.17.548-noinstall\scsh3.17.548\scsh\file\File.js#124
    at C:\Users\Markus.Stein\Downloads\scsh3.17.548-noinstall\scsh3.17.548\scsh\file\File.js#124
    at C:\Users\Markus.Stein\Downloads\scsh3.17.548-noinstall\scsh3.17.548\scsh\file\File.js#151
>>GPError: ASN1 (INVALID_TYPE/0) - "Argument must be of type ByteString" in shell#0

sc-hsm · December 21, 2021, 11:42am

Did you save the lines to a script file and fixed the name in File("…") to match your file ? The file must be located in the workspace (i.e. the directory selected when starting the shell).

mstein · January 25, 2022, 3:17pm

Hi @sc-hsm,

now it was possible to read that file.

I checked both backups, the old one and a backup I created recently from a still working nitrokey hsm with firmware 3.3.

I cut off several parts. Here’s the output:

SEQUENCE SIZE( 2508 )
  OCTET-STRING SIZE( 971 )
    0000  4D 8A A2 50 6C 0E E2 34 06 00 0A 04 00 7F 00 07  M..Pl..4........
...
    03C0  B7 17 77 C3 49 5C 36 EF 71 20 B6                 ..w.I\6.q .
  SEQUENCE SIZE( 1529 )
    SEQUENCE SIZE( 1249 )
      A0 [ CONTEXT 0 ] IMPLICIT SEQUENCE SIZE( 3 )
        INTEGER SIZE( 1 )
          0000  02                                               .
      INTEGER SIZE( 12 )
        0000  56 35 10 0E 1B A5 5F 7F 7D 7A 23 58              V5...._.}z#X
      SEQUENCE SIZE( 13 )
        OBJECT IDENTIFIER = { sha256WithRSAEncryption }
        NULL SIZE( 0 )
      SEQUENCE SIZE( 110 )
        SET SIZE( 11 )
          SEQUENCE SIZE( 9 )
            OBJECT IDENTIFIER = { id-at-countryName }
            PRINTABLE-STRING SIZE( 2 )
              0000  42 45                                            BE
        SET SIZE( 25 )
          SEQUENCE SIZE( 23 )
            OBJECT IDENTIFIER = { id-at-organizationName }
            PRINTABLE-STRING SIZE( 16 )
              0000  47 6C 6F 62 61 6C 53 69 67 6E 20 6E 76 2D 73 61  GlobalSign nv-sa
        SET SIZE( 68 )
          SEQUENCE SIZE( 66 )
            OBJECT IDENTIFIER = { id-at-commonName }
            PRINTABLE-STRING SIZE( 59 )
              0000  47 6C 6F 62 61 6C 53 69 67 6E 20 45 78 74 65 6E  GlobalSign Exten
              0010  64 65 64 20 56 61 6C 69 64 61 74 69 6F 6E 20 43  ded Validation C
              0020  6F 64 65 53 69 67 6E 69 6E 67 20 43 41 20 2D 20  odeSigning CA - 
              0030  53 48 41 32 35 36 20 2D 20 47 33                 SHA256 - G3
      SEQUENCE SIZE( 30 )
        UTC SIZE( 13 )
          0000  31 39 31 30 32 39 31 35 30 36 31 37 5A           191029150617Z
        UTC SIZE( 13 )
          0000  32 32 31 30 32 39 31 35 30 36 31 37 5A           221029150617Z
      SEQUENCE SIZE( 301 )
        SET SIZE( 29 )
          SEQUENCE SIZE( 27 )
            OBJECT IDENTIFIER = { 2 5 4 15 }
            UTF8-STRING SIZE( 20 )
              0000  50 72 69 76 61 74 65 20 4F 72 67 61 6E 69 7A 61  Private Organiza
              0010  74 69 6F 6E                                      tion
        SET SIZE( 19 )
          SEQUENCE SIZE( 17 )
            OBJECT IDENTIFIER = { id-at-serialNumber }
            PRINTABLE-STRING SIZE( 10 )
...
        SET SIZE( 19 )
          SEQUENCE SIZE( 17 )
            OBJECT IDENTIFIER = { 1 3 6 1 4 1 311 60 2 1 3 }
            PRINTABLE-STRING SIZE( 2 )
              0000  44 45                                            DE
        SET SIZE( 35 )
          SEQUENCE SIZE( 33 )
            OBJECT IDENTIFIER = { 1 3 6 1 4 1 311 60 2 1 2 }
            PRINTABLE-STRING SIZE( 18 )
...
        SET SIZE( 20 )
          SEQUENCE SIZE( 18 )
            OBJECT IDENTIFIER = { 1 3 6 1 4 1 311 60 2 1 1 }
            PRINTABLE-STRING SIZE( 3 )
...
        SET SIZE( 11 )
          SEQUENCE SIZE( 9 )
            OBJECT IDENTIFIER = { id-at-countryName }
            PRINTABLE-STRING SIZE( 2 )
              0000  44 45                                            DE
        SET SIZE( 27 )
          SEQUENCE SIZE( 25 )
            OBJECT IDENTIFIER = { id-at-stateOrProvinceName }
            PRINTABLE-STRING SIZE( 18 )
...
        SET SIZE( 19 )
          SEQUENCE SIZE( 17 )
            OBJECT IDENTIFIER = { id-at-localityName }
            PRINTABLE-STRING SIZE( 10 )
...
        SET SIZE( 25 )
          SEQUENCE SIZE( 23 )
            OBJECT IDENTIFIER = { 2 5 4 9 }
            PRINTABLE-STRING SIZE( 16 )
...
        SET SIZE( 20 )
          SEQUENCE SIZE( 18 )
            OBJECT IDENTIFIER = { id-at-organizationName }
            PRINTABLE-STRING SIZE( 11 )
...
        SET SIZE( 20 )
          SEQUENCE SIZE( 18 )
            OBJECT IDENTIFIER = { id-at-commonName }
            PRINTABLE-STRING SIZE( 11 )
...
        SET SIZE( 33 )
          SEQUENCE SIZE( 31 )
            OBJECT IDENTIFIER = { id-emailAddress }
            IA5-STRING SIZE( 18 )
...
      SEQUENCE SIZE( 290 )
        SEQUENCE SIZE( 13 )
          OBJECT IDENTIFIER = { rsaEncryption }
          NULL SIZE( 0 )
        BIT-STRING SIZE( 271 )
          0000  00 30 82 01 0A 02 82 01 01 00 AF 2C A6 D3 8F 02  .0.........,....
...
          0100  26 E2 D0 F0 59 87 A0 97 7B 09 02 03 01 00 01     &...Y...{......
      A3 [ CONTEXT 3 ] IMPLICIT SEQUENCE SIZE( 468 )
        SEQUENCE SIZE( 464 )
          SEQUENCE SIZE( 14 )
            OBJECT IDENTIFIER = { id-ce-keyUsage }
            BOOLEAN SIZE( 1 )
              0000  FF                                               .
            OCTET-STRING SIZE( 4 )
              0000  03 02 07 80                                      ....
          SEQUENCE SIZE( 160 )
            OBJECT IDENTIFIER = { id-pe-authorityInfoAccess }
            OCTET-STRING SIZE( 147 )
              0000  30 81 90 30 4E 06 08 2B 06 01 05 05 07 30 02 86  0..0N..+.....0..
              0010  42 68 74 74 70 3A 2F 2F 73 65 63 75 72 65 2E 67  Bhttp://secure.g
              0020  6C 6F 62 61 6C 73 69 67 6E 2E 63 6F 6D 2F 63 61  lobalsign.com/ca
              0030  63 65 72 74 2F 67 73 65 78 74 65 6E 64 63 6F 64  cert/gsextendcod
              0040  65 73 69 67 6E 73 68 61 32 67 33 6F 63 73 70 2E  esignsha2g3ocsp.
              0050  63 72 74 30 3E 06 08 2B 06 01 05 05 07 30 01 86  crt0>..+.....0..
              0060  32 68 74 74 70 3A 2F 2F 6F 63 73 70 32 2E 67 6C  2http://ocsp2.gl
              0070  6F 62 61 6C 73 69 67 6E 2E 63 6F 6D 2F 67 73 65  obalsign.com/gse
              0080  78 74 65 6E 64 63 6F 64 65 73 69 67 6E 73 68 61  xtendcodesignsha
              0090  32 67 33                                         2g3
          SEQUENCE SIZE( 85 )
            OBJECT IDENTIFIER = { id-ce-certificatePolicies }
            OCTET-STRING SIZE( 78 )
              0000  30 4C 30 41 06 09 2B 06 01 04 01 A0 32 01 02 30  0L0A..+.....2..0
              0010  34 30 32 06 08 2B 06 01 05 05 07 02 01 16 26 68  402..+........&h
              0020  74 74 70 73 3A 2F 2F 77 77 77 2E 67 6C 6F 62 61  ttps://www.globa
              0030  6C 73 69 67 6E 2E 63 6F 6D 2F 72 65 70 6F 73 69  lsign.com/reposi
              0040  74 6F 72 79 2F 30 07 06 05 67 81 0C 01 03        tory/0...g....
          SEQUENCE SIZE( 9 )
            OBJECT IDENTIFIER = { id-ce-basicConstraints }
            OCTET-STRING SIZE( 2 )
              0000  30 00                                            0.
          SEQUENCE SIZE( 69 )
            OBJECT IDENTIFIER = { id-ce-cRLDistributionPoints }
            OCTET-STRING SIZE( 62 )
              0000  30 3C 30 3A A0 38 A0 36 86 34 68 74 74 70 3A 2F  0<0:.8.6.4http:/
              0010  2F 63 72 6C 2E 67 6C 6F 62 61 6C 73 69 67 6E 2E  /crl.globalsign.
              0020  63 6F 6D 2F 67 73 65 78 74 65 6E 64 63 6F 64 65  com/gsextendcode
              0030  73 69 67 6E 73 68 61 32 67 33 2E 63 72 6C        signsha2g3.crl
          SEQUENCE SIZE( 29 )
            OBJECT IDENTIFIER = { id-ce-subjectAltName }
            OCTET-STRING SIZE( 22 )
...
          SEQUENCE SIZE( 19 )
            OBJECT IDENTIFIER = { id-ce-extKeyUsage }
            OCTET-STRING SIZE( 12 )
              0000  30 0A 06 08 2B 06 01 05 05 07 03 03              0...+.......
          SEQUENCE SIZE( 31 )
            OBJECT IDENTIFIER = { id-ce-authorityKeyIdentifier }
            OCTET-STRING SIZE( 24 )
...
          SEQUENCE SIZE( 29 )
            OBJECT IDENTIFIER = { id-ce-subjectKeyIdentifier }
            OCTET-STRING SIZE( 22 )
...
    SEQUENCE SIZE( 13 )
      OBJECT IDENTIFIER = { sha256WithRSAEncryption }
      NULL SIZE( 0 )
    BIT-STRING SIZE( 257 )
      0000  00 9C 78 7B BB F5 9D 50 05 38 64 C9 D0 39 42 B1  ..x{...P.8d..9B.
...
      0100  6B                                               k

saper · January 26, 2022, 9:34pm

Looks like it contains the X.509 certificate indeed instead of the PRKD

mstein · January 27, 2022, 6:05am

I did the wrap key with 0.21 and unwrap with 0.22.
Can I do something wrong with the wrap key?

sc-hsm-tool --wrap-key C:\Temp\wrap-key.bin --key-reference 1

But I think with 0.20 or 0.19 it worked … (at least with the version where I initially created the token and backup token)
So should I downgrade OpenSC?

Edit: Tried to unwrap the key with OpenSC 0.19 but even no success. Seems the certificate was again not imported automatically from the unwrap and the key will nowhere be shown.

Any suggestions how to restore a backup on the token with the firmware update?

saper · January 27, 2022, 11:10pm

As @sc-hsm said, it should be possible to restore PRKD and make your key work again as before. I don’t know how to approach it since I am not working for neither Nitrokey nor CardContact and doing that kind of support is above my “pay grade”.

sc-hsm · February 1, 2022, 4:04pm

I’ve created a script that aims at fixing the issue with the missing PRKD section in the backup file.

The script named repair-prkd.js is located in sc-hsm-workspace/sc-hsm-sdk-scripts/examples. The workspace is contained in the StarterKit in the sc-hsm-workspace-20220201.zip archive.

Unzip the Starterkit and then unzip the contained workspace. Start the Smart Card Shell and select the sc-hsm-workspace folder as workspace. Then run the repair-prkd.js script using either CTRL-R or by entering

>load("sc-hsm-sdk-scripts/examples/repair-prkd.js")

The script will prompt for a backup file (*.wky) and then output public information from that file. If the PRKD section is missing, then you are prompted to provide a key label, the key size in bits and the key id (CKA_ID at the PKCS#11) interface. Use ‘01’ or similar if unsure what id should be used. The fixed backup files is stored under a filename composed of the original filename, appended with a “-fixed” suffix.

You will also find the script in the sc-hsm-sdk-scripts git repository in the CDN.

mstein · February 2, 2022, 12:11pm

Hi @sc-hsm,

Thanks! That solved the problem.
I was able to unwrap the (fixed) key so the private key and certificate was successfully imported and it WORKS!!!