Nitrokey HSM2: Trying to update firmware

Nitrokeys Misc
1

After successful registration with the www.pki-as-a-service.net portal, the upgrade could not proceed - very early in the process I could see the following in the ocf-cc.jar log:

de.cardcontact.opencard.service.remoteclient.RemoteUpdateServiceNotAvailableException: IO error during connection to https://www.pki-as-a-service.net/rt/paas/wizard(opencard.core.service.CardServiceException: No data received from server. HTTP code 204 No Content)

Now, when trying to login the portal says after entering the PIN

Authentication Failed

The card in your reader or the attached USB-Token is not a valid SmartCard-HSM.

Fortunately smartcard shell can still connect to the device:

SmartCard-HSM Version 3.3 on JCOP 3 Free memory 83840 byte

2

I have restored the keys I’ve had, and probably some kind of reset (opensc-tool --atr, maybe) made it possible to log in to the portal again and complete the upgrade.

I forgot to re-initialize the HSM, but the upgrade did proceed anyway (with 5 key domains or so).

1 Like
3

I can see in the logs, that command and response APDUs got out of sync and thus authentication in that session became impossible.

This issue is related to the server code and should have been disappeared after closing the browser or after session timeout.

We have a fix in the pipeline that is soon to be rolled out.

1 Like