Also this option hung sc-hsm-tool --initialize --so-pin 3537363231383830 --pin 648219
Check with certutil also hung
C:\Windows\System32\certutil.exe -scinfo
Die Microsoft Smartcard-Ressourcenverwaltung wird ausgeführt.
Aktueller Leser-/Kartenstatus:
Leser: 1
0: Nitrokey Nitrokey HSM 0
— Leser: Nitrokey Nitrokey HSM 0
— Status: SCARD_STATE_PRESENT | SCARD_STATE_INUSE
— Status: Die Smartcard wird von einem anderen Prozess verwendet.
— Karte: SmartCard-HSM 4K
— ATR:
3b de 96 ff 81 91 fe 1f c3 80 31 81 54 48 53 4d ;…1.THSM
31 73 80 21 40 81 07 92 1s.!@…
=======================================================
Karte im Leser wird analysiert: Nitrokey Nitrokey HSM 0
“C:\Program Files\OpenSC Project\OpenSC\tools\sc-hsm-tool”
Using reader with a card: Nitrokey Nitrokey HSM 0
Failed to connect to card: Generic reader error
Failed to connect to card: Success
Hello, a quick question: “is this actually an official Nitrokey support forum or a user helping user forum”?
Is there another way to get direct Nitrokey support?
I have uninstalled the hole yubikey and opensc stuff, then installed opensc 25.1 and now iam a step forward, can create a keypair but cannot export the public key.
There is a lot about PKCS15 in the log, maybe I’ll say what I really need:
I have to use Nitrokey to create a CSR encrypted with RSA4096 for GlobalSign.
I then receive a certificate for this CSR, which I want to import onto Nitrokey.
At the end, our programs should be signed with codesign and nitrokey.
Then I’d suggest to create the CSR using the Smart Card Shell or XCA. Struggling with low-level OpenSSL commands is probably not the user experience you want.
Regarding the error: I can’t see why OpenSC does not locate the public key. What is the output of
Short answer “no” where can i find this Informationen?
Sorry, but it is a nightmare, hours and hours searching the Internet and in forums, also before with a yubikey ending with “yk5hsm cannot create piv csr with rsa4096”
So you are saying, that you initialize the device with sc-hsm-tool, generate the key pair with the pkcs11-tool statement you describe above and when you list objects on the device none are reported ?
But do all the other commands complete without error ?
That would be something I’ve never seen before and I’m certainly interested why and how that happens.
Can you create a full trace of the three command invocations (sc-hsm-tool, pkcs11-tool --key-pair-gen, pkcs11-tool --read-object) and send it to web@cardcontact.de ?
i have installed Smart Card Shell, it shows on the left
Running setup script config.js ...
Smart Card Shell Scripting Engine (scdp4j) 3.18.18
----------------------------------------------------------------------------
(c) 2005-2021 CardContact Systems GmbH, Minden, Germany (www.cardcontact.de)
Enter 'help' for a command overview or 'quit' to close the shell
>_scsh3.setProperty("reader","Nitrokey Nitrokey HSM 0");
>load("keymanager/keymanager.js");
SmartCard-HSM Version 4.1 on JCOP 4 Free memory 125380 byte
Issuer Certificate : CVC id-SC-HSM DICA CAR=DESRCACC100001 CHR=DEDINK0300001 CED=November 7, 2022 CXD=November 6, 2030
Device Certificate : CVC id-SC-HSM Device CAR=DEDINK0300001 CHR=DENK030175900000 CED=April 29, 2024 CXD=November 6, 2030
Default Key Domain : 49B8F3DF41BACDC0754720173D1DB104442ED2F3D58DB54384ECAE3A46D652EA
Creating outline...
Does not seem to be a certificate(undefined)
-------------------------------------------------------------------
Please right-click on nodes in the outline to see possible actions.
For most operations you will need to authenticate first using a
mechanism from the User PIN context menu.
>```
Login with User Pin
```>GPError: Card (CARD_COMM_ERROR/0) - "Card communication error: CardException in transmit(): sun.security.smartcardio.PCSCException: Unknown error 0x7a" in H:\cert\CardContact\scsh\scsh-3.18.34\scsh\sc-hsm\SmartCardHSM.js#1491
at H:\cert\CardContact\scsh\scsh-3.18.34\scsh\sc-hsm\SmartCardHSM.js#1491
at H:\cert\CardContact\scsh\scsh-3.18.34\keymanager\keymanager.js#973
at H:\cert\CardContact\scsh\scsh-3.18.34\keymanager\keymanager.js#2986
