Hi,
I just started using my Nitrokey HSM. I intend to use it for both GnuPG and OpenSC due to project requirements. As of now, I have the following tools installed for Linux:
OpenSC:
$ sudo apt list opensc
Listing... Done
opensc/focal,now 0.20.0-3 amd64 [installed]
GnuPG:
$ gpg --version
gpg (GnuPG) 2.2.19
libgcrypt 1.8.5
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: /home/osboxes/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
OpenPGP:
$ openpgp-tool --version
openpgp-tool - OpenPGP card utility version 0.20.0
Copyright (c) 2012-18 Peter Marschall <peter@adpm.de>
Licensed under LGPL v2
I followed the instructions for setting up my own SO and USR pins via OpenSC. The pkcs11-tool
shows the Nitrokey as an available slot:
$ pkcs11-tool -L
Available slots:
Slot 0 (0x0): Nitrokey Nitrokey HSM (DENK01031250000 ) 00 00
token label : CST-HSM-DEMO (UserPIN)
token manufacturer : www.CardContact.de
token model : PKCS#15 emulated
token flags : login required, rng, token initialized, user PIN count low, PIN initialized
hardware version : 24.13
firmware version : 3.3
serial num : DENK0103125
pin min/max : 6/15
But when attempting to use gpg to create a key, I get the error not an OpenPGP card
:
$ gpg --card-edit
Reader ...........: Nitrokey Nitrokey HSM (DENK01031250000 ) 00 00
Application ID ...: 44454E4B30313033313235
Application type .: Unknown
gpg/card> admin
Admin commands are allowed
gpg/card> generate
gpg: key operation not possible: not an OpenPGP card
Since this HSM is new, I figured I could just try to restore it and start over. However, the Nitrokey App does not detect the card, and I cannot erase with OpenPGP tool due to the following error:
$ openpgp-tool --erase
Using reader with a card: Nitrokey Nitrokey HSM (DENK01031250000 ) 00 00
Failed to connect to card: Reader in use by another application
error: failed to connect to card: Reader in use by another application
Aborting.
Can I get some feedback as to why GnuPG is not working? Is this due to OpenSC, GnuPG and OpenPGP failing to cooperate?
Thanks,
Cory