Nitrokey Storage 2 EC Keys Problems

unb0rn · January 18, 2020, 10:03am

Hello! I think there are some problems with ECC on Nitrokey Storage 2 (Firmware v0.54)
I am using GPG v2.2.19 and OpenSC 0.20 on Arch Linux
First, I was trying to generate GPG keys and copy them to card. NIST P-384 works fine, but NIST P-521 gives me an error “Invalid value”. Just like in this post:
Nitrokey Support

**gpg: KEYTOCARD failed: Invalid value**

Additionaly, I am able to generate NIST P-521 curve-based keys directly on card, but the next problem persists, regardless of curve type. (Although, I’ve never tried using Brainpool curves, looks like they’re not supported by OpenSSH)

Second, I was trying to set up those EC keys to work with OpenSSH through OpenSC PKCS11 module.
I am able to list and read all the keys from the crypto token with pkcs15-tool:

pkcs15-tool --list-keys
Using reader with a card: Nitrokey Nitrokey Storage (0000000000000) 00 00
Private EC Key [Signature key]
	Object Flags   : [0x03], private, modifiable
	Usage          : [0x20C], sign, signRecover, nonRepudiation
	Access Flags   : [0x1D], sensitive, alwaysSensitive, neverExtract, local
	FieldLength    : 0
	Key ref        : 0 (0x00)
	Native         : yes
	Auth ID        : 01
	ID             : 01
	MD:guid        : 017a9f15-2c68-ad5e-12d1-00407af06829

Private EC Key [Encryption key]
	Object Flags   : [0x03], private, modifiable
	Usage          : [0x22], decrypt, unwrap
	Access Flags   : [0x1D], sensitive, alwaysSensitive, neverExtract, local
	FieldLength    : 0
	Key ref        : 1 (0x01)
	Native         : yes
	Auth ID        : 02
	ID             : 02
	MD:guid        : 250550b6-fb76-8e76-294e-a44fc8d0e445

Private EC Key [Authentication key]
	Object Flags   : [0x03], private, modifiable
	Usage          : [0x222], decrypt, unwrap, nonRepudiation
	Access Flags   : [0x1D], sensitive, alwaysSensitive, neverExtract, local
	FieldLength    : 0
	Key ref        : 2 (0x02)
	Native         : yes
	Auth ID        : 02
	ID             : 03
	MD:guid        : 3281a6a6-167a-76eb-33c7-c000af63b6e3


pkcs15-tool --read-public-key 3
Using reader with a card: Nitrokey Nitrokey Storage (0000000000000) 00 00
-----BEGIN PUBLIC KEY-----
MHEwCwYHKoZIzj0CAQUAA2IABE+dm3v2tYPaS2jfosey7Kc+6MiUmYu40vdRU84c
CurIla87/3hIkaCvvn+UhU1SChsggtgyrZP1V/9A6k/CrdwBOh8g3B90FhWvOuDF
pEJJkUQYs/mqY4k8ry9FhWsBlg==
-----END PUBLIC KEY-----

But I am unable to convert them to SSH-usable form neither with pkcs15-tool --read-ssh-key nor with ssh-keygen -D:

pkcs15-tool --read-ssh-key 3
Using reader with a card: Nitrokey Nitrokey Storage (0000000000000) 00 00
Unsupported curve

or

ssh-keygen -D /usr/lib/opensc-pkcs11.so 
C_GetAttributeValue failed: 18
failed to fetch key
C_GetAttributeValue failed: 18
failed to fetch key
Enter PIN for 'OpenPGP card (User PIN)': 
C_GetAttributeValue failed: 18
failed to fetch key
C_GetAttributeValue failed: 18
failed to fetch key
C_GetAttributeValue failed: 18
failed to fetch key
Enter PIN for 'OpenPGP card (User PIN (sig))': 
C_GetAttributeValue failed: 18
failed to fetch key
cannot read public key from pkcs11

I have already opened an issue on OpenSC’s GitHub and Doug Engert of OpenSC’s team suggested it may be a Nitro code bug.
GitHub

I am unable to get Pubkey info with OpenSSL (both P384 and P521)

pkcs15-tool --read-public-key 03 | openssl pkey -pubin -text
Using reader with a card: Nitrokey Nitrokey Storage (0000000000000) 00 00
unable to load Public Key
140500963497216:error:100DC08E:elliptic curve routines:eckey_type2param:decode error:crypto/ec/ec_ameth.c:124:
140500963497216:error:100D7010:elliptic curve routines:eckey_pub_decode:EC lib:crypto/ec/ec_ameth.c:151:
140500963497216:error:0B09407D:x509 certificate routines:x509_pubkey_decode:public key decode error:crypto/x509/x_pubkey.c:125:
140500963497216:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:crypto/pem/pem_oth.c:33:

Should I also open an issue on Storage 2 formware’s GitHub project?

szszszsz · January 20, 2020, 3:37pm

Hi!

Nitrokey Pro 2 and Storage 2 models are using OpenPGP v3.3 smart cards underneath. It should support the P521 curve:

Specification: https://gnupg.org/ftp/specs/OpenPGP-smart-card-application-3.3.pdf (see 4.4.3.8 Supported algorithms)
source code: https://github.com/Nitrokey/openpgp-card/blob/master/PGP_V3_Full_free.BAS (search for P521)

Looking at the mentioned and now updated OpenSC#1906 ticket it seems like the cause is in the OpenSC’s driver file card-openpgp.c. I am not familiarized with their code enough to make a quick fix, sorry. I can support this case with re-tests though.

Still the first problem exist with generating the P-521 key. Perhaps it would be indirectly fixed with the solution to the mentioned issue. I will try to reproduce it and see where it goes.

One question: have you tried to generate the keys with the OpenSC tools and use it later? Maybe the GnuPG tooling is flawed.

cc @nitroalex

unb0rn · January 20, 2020, 7:40pm

Of course it supports P521, as I’ve already said, I was able to generate the keys (P521) directly on card, but it’s a bit annoying I was unable to push pre-generated ones.
I’ve never tried generating ECC keys via OpenSC I can try if you think it’ll indicate something, but I doubt it-GPG generating works, why OpenSC wouldn’t =)

nitroalex · January 23, 2020, 12:10pm

Regarding the SSH key: You can get it via GnuPG, too.

gpg --export-ssh-key <key-handle>

As both, OpenSC and GnuPG, should use slot 3 for SSH this at least can help you for now to get a SSH key if OpenSC can not do this yet.

I will further look into the details of the problem in OpenSC.