Reader not visible in smart card shell

I try to use a Nitrokey HSM 2 to store certificates, private keys and public keys. I found the documentation Importing Keys And Certificates - Nitrokey Documentation.

I could create a DKEK share, see Desaster Recovery for your SmartCard-HSM.

However the smartcard shell gui does not show the Nitrokey. sc-hsm-tool returns this information

sc-hsm-tool
Using reader with a card: Nitrokey Nitrokey HSM (DENK04002550000 ) 00 00
Version : 4.1
Config options :
User PIN reset with SO-PIN enabled
SO-PIN tries left : 15
User PIN tries left : 3
DKEK shares : 1
DKEK key check value : E834…

What can I do, to get the Nitrokey working within smartcard shell?

Greets
Jens

Hi. What OS are you using? Did you try using elevated permissions like sudo on Linux oder as Administrator on Windows?

Maybe another application is already accessing the HSM.

I use linux, I will try with sudo. But why should elevated privileges be needed, if creating the DKEK works without elevated privileges works?

Just to rule out one error possibility.

It should work as regular user but there are so many Linux distributions that might need additional configuration that a regular user has access to the token.

In a shell some users tend to switch to root and when a GUI application then runs as regular user there could be one difference that might cause the issue.

If the device is working using native commands like sc-hsm-tool, but is not visible in Java applications, then most of the time it is a problem with the Java installation looking for libpcsclite.so at the wrong places.

Try and locate libpcsclite.so.1 on your system and add

-Dsun.security.smartcardio.library=<path_to_lib_location>/libpcsclite.so.1

in scsh3gui.

Using the additonal parameter -Dsun.security.smartcardio.library=... seems to have solved the problem.

Thank you very much :slight_smile: