Nk 3c nfc generating keypair through pkcs tool

Hi there,

I have nk 3c nfc with firmware v1.6.0 (nitropy nk3 version).
I have to generate keypair:
pkcs11-tool --login-type so --pin 12345678 --keypairgen --key-type rsa:2048 --label "rsakey0"
this command took about 8-9 minutes and then I have the output about successful generation of key pair with label rsakey0.
But when I want to see my keys by:
pkcs11-tool -O --login --login-type user I have only a key with --id 03.

Is it ok?

Looks not bad. Can you try pkcs11-tool -O --login without --login-type user and post the output.

Also what does openpgp-tool -K say?

Nitrokey 3 OpenPGP card can have only 3 keys onboard.

pkcs11-tool -O --login
Using slot 0 with a present token (0x0)
Logging in to "OpenPGP card (User PIN)".
Please enter User PIN: 
Private Key Object; RSA 
  label:      Authentication key
  ID:         03
  Usage:      decrypt, sign, non-repudiation, unwrap
  Access:     sensitive, always sensitive, never extractable, local
Public Key Object; RSA 2048 bits
  label:      Authentication key
  ID:         03
  Usage:      encrypt, verify, wrap
  Access:     none
Profile object 771446512
  profile_id:          CKP_PUBLIC_CERTIFICATES_TOKEN (4)
 openpgp-tool -K
Using reader with a card: Nitrokey Nitrokey 3 [CCID/ICCD Interface] 00 00
Aut Algorithm:   RSA2048
Aut Create Date: 2024-01-31 12:31:14
Aut Fingerprint: 44:ae:2c:00:18:26:56:d4:79:a6:95:31:ee:6c:f5:91:8b:53:e1:42
Dec Algorithm:   RSA2048
Dec Create Date: 1970-01-01 00:00:00
Dec Fingerprint: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
Sig Algorithm:   RSA2048
Sig Create Date: 1970-01-01 00:00:00
Sig Fingerprint: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

AFAIR on OpenPGP cards one can only populate slots 01 02 03. I think with older OpenSC 02 is not supported.
As far as I see openpgp-tool seems to be a better tool for this job (it has key generation too).

1 Like