Hi,
I first made a backup with wrap, then updated the Nitrokey HSM2 from firmware 3.3 to 3.5. Then initialized the Nitrokey with:
sc-hsm-tool --initialize --so-pin xxxxxxxx --pin yyyyyyy -s 1
sc-hsm-tool --import-dkek-share ..\dkek-share-1.pbe
sc-hsm-tool --unwrap-key backup.bin --key-reference 1
Then it shows:
Using reader with a card: Nitrokey Nitrokey HSM 0
Wrapped key contains:
Key blob
Private Key Description (PRKD)
Enter User PIN :
Key successfully imported
After pkcs15-tool -D there is only UserPIN and SOPIN visible.
Even pkcs15-tool -k shows no key
Using reader with a card: Nitrokey Nitrokey HSM 0
When I try to import again, I get:
Found existing private key description in EF with fid c401. Please remove key first, select unused key reference or use --force.
So seems the key is already present.
I also tried to import the related certificate and intermediate certificate, but still there is no private key shown.
What am I doing wrong?
I remember creating a backup token with 3.3 with this way successfully. But no more after the update to 3.5.
Best regards,
Markus