Reference data not found when importing key into HSM 2

Hello,

I’m trying to import keys into my Nitrokey HSM. I generated a p12 containers as follows:

openssl req -x509 -newkey rsa:4096 -keyout myKey.pem -out cert.pem -days 365 -nodes
openssl pkcs12 -export -out keyStore.p12 -inkey myKey.pem -in cert.pem

Now I open the Smart Card Shell and do the following steps:

1. Load keymanager.js
2. Log in with User PIN
3. Import from PKCS#12
4. 1 DKEK share with password
5. Select PKCS#12. Blank pasword
6. Select key
7. Same key name for import
8. Error:

Running setup script config.js ...

Smart Card Shell Scripting Engine (scdp4j) 3.17.401
----------------------------------------------------------------------------
(c) 2005-2021 CardContact Systems GmbH, Minden, Germany (www.cardcontact.de)
Enter 'help' for a command overview or 'quit' to close the shell

>load("keymanager/keymanager.js");

SmartCard-HSM Version 3.4 on JCOP 3          Free memory 77596 byte
Issuer Certificate : CVC id-SC-HSM DICA CAR=DESRCACC100001 CHR=DEDINK0200001 CED=May 29, 2017 CXD=May 28, 2025 
Device Certificate : CVC id-SC-HSM Device CAR=DEDINK0200001 CHR=DENK020058900000 CED=March 28, 2021 CXD=May 28, 2025 
Default Key Domain : 1EB2A70CCA6AF4686C0E7514C94370375412A571D899A0F9BD05F6ED06CC45D6
Retrieved SO-PIN from profile
Retrieved User-PIN from profile
-------------------------------------------------------------------
Please right-click on nodes in the outline to see possible actions.
For most operations you will need to authenticate first using a
mechanism from the User PIN context menu.
>Derive DKEK share encryption key (Step 1 of 3)...
Derive DKEK share encryption key (Step 2 of 3)...
Derive DKEK share encryption key (Step 3 of 3)...
  [0]         Version: 3
         SerialNumber: 455188736050466571718185461635760655276335408392
             IssuerDN: C=AU,ST=Some-State,O=Internet Widgits Pty Ltd
           Start Date: Sun Mar 28 17:35:10 UTC 2021
           Final Date: Mon Mar 28 17:35:10 UTC 2022
            SubjectDN: C=AU,ST=Some-State,O=Internet Widgits Pty Ltd
           Public Key: RSA Public Key [47:45:47:63:c7:dc:37:e5:34:0c:7d:08:7c:ff:f5:b4:90:40:ac:53]
            modulus: cb8832cb2da3f2996abfaf3d065d9015a14719803c021f48fab3fe275b1769f362a2d924078d94bf668b625c16175c3ec2dec2d7874ad6f1bf7d93a07ebc236ad9d6a0d1463f0ed676f93540cfa32f4beaa07f0e2207bed3892b63521db58f7512a2688292d6e52e97c4dae4ed545ce281dca86473c0f74267d1030a17f2ea05db988571e1f7fe766f5f5a396e22e9185bfbd3d936fd2dff2e3a5d4940aa752bf6943601bd6a3962c8fd53da09b8bb9f8e1b1597a9892c4a06765151cc9524e0f8c1439645cb48dc57145f7f2765e6134271449e1bc54d6fe240b414bbea269ba779fda5dbceadaaba355ee3d56d2b7aa4903934f8f881465499381a7c6cef6ccdaee753883918206e0387953ec4382c382309f0c82e3f297cc4ff2a70200094bb6d0efa89c39115e0db054040ebe7a0abaae7f1a0ffbd2c57b36cc025414fbb9d08d82c91e0cc8bc5e3701cdd6a2583d480a2b3764915b2046db69d76d75d8f100858623a67901cf19dbf54862cc84938dbf70947fbffb4becb07fbdc64d119f3b924351f6bc0440c59059bc1858407905fe2e23a84d21d09351588388cf3a6f331bf851285f8bba4e4e01e8360717bb91b5d261ce2f54a2e029ebfdbbe7d6e08e2989a8be13b3fba58bf8b00038787ab6bd89ee82bb5a92a88d7d564cdc8ea946a3197b10e726e685ac223df5b02518df01b8af7a5f870e672ab937cdcb03f
    public exponent: 10001

  Signature Algorithm: SHA256WITHRSA
            Signature: 02b63c347a070cd98b77bb6aa3ee9e798e36eb82
                       026ddf6795550076afdf7ef60a0870088357f1c7
                       afc29664f12e711b1bdeba610b0565c78cfd21d9
                       f476d671c0a2b5a4d509b8a9639aedd26f7e15a3
                       cad93829f2a9846841e48d530aa04080b2d1d3ca
                       6be72d7e094935f2ea138b1a237536ab20f91818
                       26b07c29cc40cd62d746bbc2d742e8587867c28a
                       e9039156a701fe52feae4f7e773aec189079ce93
                       f4c718c178d864a89db8b3ca0518a64532468854
                       5b8089e6f88d87342dca3e1b1199660dd97b1aa1
                       3c9bfbec444ac40abe76ede10061050a3fdedb30
                       c088600d6b1b7361743adbe193c43b28b6103e4c
                       faef0a0ffcf04e3300872e62984d70be9957d7de
                       dccd8bcdd2c71c32f1ed3d93e0ee3ca87ed91a14
                       d94530cbea554f35eed45923e3d89c43f139edfa
                       896939be144852a0dfdd5bdd9abc35864bbcd7cf
                       080a8fed3890875ba1eb9dd989d1d0448cdd786a
                       ea62f49b76c8b322d91bd7f2d38c32ca5bab5bd2
                       c57890cfee44b9768f7f8d556201fe02ce960d5e
                       5d1f0f3e328b1e409cf5cb97a7aa16913635621c
                       9096ea4eebcab5597d58dea1dffeaf5d9d2e8928
                       be37b8908bdcb58c676f6a0ed1c593736547ba21
                       21f7b0829239e388a6b67e8ff71de1d44524b6cf
                       6319c1ee5932c7bc06b698d037e0a8b08b5a6a2c
                       2f6ea398451c06ab2567ef1f3fc22da88d365584
                       5be7aeb2dd1e9ca209e7c5a0
       Extensions: 
                       critical(false) 2.5.29.14 value = DER Octet String[20] 

                       critical(false) 2.5.29.35 value = Sequence
    Tagged [0] IMPLICIT 
        DER Octet String[20] 

                       critical(true) BasicConstraints: isCa(true)

Importing key and certificate...
GPError: Card (CARD_INVALID_SW/27272) - "Unexpected SW1/SW2=6A88 (Checking error: Reference data not found) received" in /home/ubuntu/CardContact/scsh3/scsh/sc-hsm/SmartCardHSM.js#1372
    at /home/ubuntu/CardContact/scsh3/scsh/sc-hsm/SmartCardHSM.js#1372
    at /home/ubuntu/CardContact/scsh3/scsh/sc-hsm/HSMKeyStore.js#306
    at /home/ubuntu/CardContact/scsh3/keymanager/keymanager.js#2196
    at /home/ubuntu/CardContact/scsh3/keymanager/keymanager.js#2350

The trace says:

Daemon waiting on port 27001...
CD C: 00 20 00 81 - VERIFY      Le=0 
   R: SW1/SW2=6D00 (Checking error: Invalid instruction (0)) Lr=0
CD C: 00 A4 04 04 - SELECT Lc=11 
      0005  E8 2B 06 01 04 01 81 C3 1F 02 01                 .+.........
   R: SW1/SW2=9000 (Normal processing: No error) Lr=12
      0000  62 0A 82 01 78 85 05 00 21 05 03 04              b...x...!...
CD C: 00 B1 2F 02 - READ BINARY Lc=4 Extended
      0007  54 02 00 00                                      T...
      Le=0 Extended
   R: SW1/SW2=9000 (Normal processing: No error) Lr=462
      0000  7F 21 81 E4 7F 4E 81 9D 5F 29 01 00 42 0D 44 45  .!...N.._)..B.DE
      0010  44 49 4E 4B 30 32 30 30 30 30 31 7F 49 4F 06 0A  DINK0200001.IO..
      0020  04 00 7F 00 07 02 02 02 02 03 86 41 04 1E B2 A7  ...........A....
      0030  0C CA 6A F4 68 6C 0E 75 14 C9 43 70 37 54 12 A5  ..j.hl.u..Cp7T..
      0040  71 D8 99 A0 F9 BD 05 F6 ED 06 CC 45 D6 A8 60 11  q..........E..`.
      0050  22 4F 3D F7 8F 42 52 6C 91 89 1D FB D2 BC A4 90  "O=..BRl........
      0060  A9 05 4C 3C 7B CD A2 E7 E4 09 0F AE BE 5F 20 10  ..L<{........_ .
      0070  44 45 4E 4B 30 32 30 30 35 38 39 30 30 30 30 30  DENK020058900000
      0080  7F 4C 10 06 0B 2B 06 01 04 01 81 C3 1F 03 01 01  .L...+..........
      0090  53 01 00 5F 25 06 02 01 00 03 02 08 5F 24 06 02  S.._%......._$..
      00A0  05 00 05 02 08 5F 37 40 4F E1 85 E9 01 AF 15 46  ....._7@O......F
      00B0  4D 5B A9 DE 58 B0 75 CF F5 23 3C 90 5F 7B 58 F0  M[..X.u..#<._{X.
      00C0  4A D7 A4 B7 D9 7D 63 44 27 D4 9C 84 0C 69 82 9D  J....}cD'....i..
      00D0  A4 0F 7F 5C F9 58 7C C6 26 BB 5C 65 B2 75 EB 79  ...\.X|.&.\e.u.y
      00E0  7C 2E 9B BD D1 15 11 C1 7F 21 81 E2 7F 4E 81 9B  |........!...N..
      00F0  5F 29 01 00 42 0E 44 45 53 52 43 41 43 43 31 30  _)..B.DESRCACC10
      0100  30 30 30 31 7F 49 4F 06 0A 04 00 7F 00 07 02 02  0001.IO.........
      0110  02 02 03 86 41 04 45 1A C3 C0 B2 CE 59 43 78 F0  ....A.E.....YCx.
      0120  F2 3D 7A 26 53 43 2F 8D DF 46 1E 5C 10 AF 8E B6  .=z&SC/..F.\....
      0130  44 19 79 D1 3F 3E 59 F6 5B 5A 2B 16 F4 6C 21 00  D.y.?>Y.[Z+..l!.
      0140  43 82 49 26 DD 2A A9 DB B2 09 91 23 B9 AD D6 BC  C.I&.*.....#....
      0150  ED 27 09 2D 9F 64 5F 20 0D 44 45 44 49 4E 4B 30  .'.-.d_ .DEDINK0
      0160  32 30 30 30 30 31 7F 4C 10 06 0B 2B 06 01 04 01  200001.L...+....
      0170  81 C3 1F 03 01 01 53 01 80 5F 25 06 01 07 00 05  ......S.._%.....
      0180  02 09 5F 24 06 02 05 00 05 02 08 5F 37 40 A7 0B  .._$......._7@..
      0190  5F CD 8E 80 B1 69 FB 2F 3D BC BF 9E 16 FC CF 82  _....i./=.......
      01A0  64 10 68 FE 12 65 E0 B7 25 5D 1F 28 C8 05 8A CE  d.h..e..%].(....
      01B0  9E 03 56 F7 79 53 06 3C 51 DC 1C 42 A8 6F 07 BF  ..V.yS.<Q..B.o..
      01C0  1A B3 D1 91 85 0E EB 6E B0 DF 9E 8F 3F D1        .......n....?.
CD C: 00 B1 2F 02 - READ BINARY Lc=4 Extended
      0007  54 02 01 CE                                      T...
      Le=0 Extended
   R: SW1/SW2=9000 (Normal processing: No error) Lr=0
Device Certificate    : CVC id-SC-HSM Device CAR=DEDINK0200001 CHR=DENK020058900000 CED=March 28, 2021 CXD=May 28, 2025 
Device Issuer CA      : CVC id-SC-HSM DICA CAR=DESRCACC100001 CHR=DEDINK0200001 CED=May 29, 2017 CXD=May 28, 2025 
SmartCard-HSM Root CA : CVC id-SC-HSM SRCA CAR=DESRCACC100001 CHR=DESRCACC100001 CED=November 9, 2012 CXD=November 8, 2032 
CD C: 80 50 00 00 - INITIALIZE UPDATE      Le=0 
   R: SW1/SW2=9000 (Normal processing: No error) Lr=9
      0000  00 21 00 01 2F 1C 05 03 04                       .!../....
CD C: 00 A4 00 04 - SELECT Lc=2 
      0005  CB 00                                            ..
      Le=0 
   R: SW1/SW2=6A82 (Checking error: File not found) Lr=0
CD C: 00 20 00 81 - VERIFY      Le=0 
   R: SW1/SW2=63C3 (Warning processing: Counter at 3) Lr=0
CD C: 00 20 00 81 - VERIFY      Le=0 
   R: SW1/SW2=63C3 (Warning processing: Counter at 3) Lr=0
CD C: 00 20 00 81 - VERIFY      Le=0 
   R: SW1/SW2=63C3 (Warning processing: Counter at 3) Lr=0
CD C: 80 54 00 00 - MANAGE PUBLIC KEY AUTHENTICATION      Le=0 
   R: SW1/SW2=6D00 (Checking error: Invalid instruction (0)) Lr=0
CD C: 00 20 00 88 - VERIFY      Le=0 
   R: SW1/SW2=63CF (Warning processing: Counter at 15) Lr=0
CD C: 00 20 00 85 - VERIFY      Le=0 
   R: SW1/SW2=6A88 (Checking error: Reference data not found) Lr=0
CD C: 00 20 00 86 - VERIFY      Le=0 
   R: SW1/SW2=6A88 (Checking error: Reference data not found) Lr=0
CD C: 80 52 00 00 - MANAGE KEY DOMAIN      Le=0 
   R: SW1/SW2=9000 (Normal processing: No error) Lr=10
      0000  01 01 00 00 00 00 00 00 00 00                    ..........
CD C: 80 52 00 01 - MANAGE KEY DOMAIN      Le=0 
   R: SW1/SW2=6A86 (Checking error: Incorrect P1-P2) Lr=0
CD C: 80 58 00 00 - ENUMERATE OBJECTS      Le=0 Extended
   R: SW1/SW2=9000 (Normal processing: No error) Lr=4
      0000  2F 02 CC 00                                      /...
CD C: 80 58 00 00 - ENUMERATE OBJECTS      Le=0 Extended
   R: SW1/SW2=9000 (Normal processing: No error) Lr=4
      0000  2F 02 CC 00                                      /...
CD C: 00 20 00 81 - VERIFY Lc=15 
      *** Sensitive Information Removed ***
   R: SW1/SW2=9000 (Normal processing: No error) Lr=0
CD C: 00 20 00 81 - VERIFY      Le=0 
   R: SW1/SW2=9000 (Normal processing: No error) Lr=0
CD C: 00 20 00 81 - VERIFY      Le=0 
   R: SW1/SW2=9000 (Normal processing: No error) Lr=0
CD C: 80 54 00 00 - MANAGE PUBLIC KEY AUTHENTICATION      Le=0 
   R: SW1/SW2=6D00 (Checking error: Invalid instruction (0)) Lr=0
CD C: 00 20 00 88 - VERIFY      Le=0 
   R: SW1/SW2=63CF (Warning processing: Counter at 15) Lr=0
CD C: 00 20 00 85 - VERIFY      Le=0 
   R: SW1/SW2=6A88 (Checking error: Reference data not found) Lr=0
CD C: 00 20 00 86 - VERIFY      Le=0 
   R: SW1/SW2=6A88 (Checking error: Reference data not found) Lr=0
CD C: 80 52 00 00 - MANAGE KEY DOMAIN      Le=0 
   R: SW1/SW2=9000 (Normal processing: No error) Lr=10
      0000  01 01 00 00 00 00 00 00 00 00                    ..........
CD C: 80 52 00 01 - MANAGE KEY DOMAIN      Le=0 
   R: SW1/SW2=6A86 (Checking error: Incorrect P1-P2) Lr=0
CD C: 80 58 00 00 - ENUMERATE OBJECTS      Le=0 Extended
   R: SW1/SW2=9000 (Normal processing: No error) Lr=4
      0000  2F 02 CC 00                                      /...
CD C: 80 58 00 00 - ENUMERATE OBJECTS      Le=0 Extended
   R: SW1/SW2=9000 (Normal processing: No error) Lr=4
      0000  2F 02 CC 00                                      /...
CD C: 80 74 01 93 - UNWRAP KEY Lc=1099 Extended
      0007  B7 93 2F 77 24 F1 CA 8D 05 00 0A 04 00 7F 00 07  ../w$...........
      0017  02 02 02 01 02 00 00 00 00 00 00 3E E3 B2 7C BD  ...........>..|.
      0027  8E 0B CD DB 5A E3 96 7D F9 A1 9E 81 21 03 AD 9A  ....Z..}....!...
      0037  BD 81 15 09 8E 2F 5A CF 28 45 A0 CF 43 61 1E 4E  ...../Z.(E..Ca.N
      0047  FC C2 B5 B3 B2 24 77 63 A3 9B 3D 37 FA 2F 96 37  .....$wc..=7./.7
      0057  C7 27 51 63 63 E5 B1 B8 76 D5 DE AD EE F0 32 6E  .'Qcc...v.....2n
      0067  9A FD 44 59 82 10 D7 10 4D DF CA 7C 40 EE FC FC  ..DY....M..|@...
      0077  D0 22 52 0C A1 82 FF C9 63 6D 03 93 B5 4F 8A 6A  ."R.....cm...O.j
      0087  4C 10 23 99 66 F6 B2 94 32 63 50 4F 04 04 83 EF  L.#.f...2cPO....
      0097  26 D9 73 A2 F7 1E 0A BD B4 3B 0C 36 88 7E 51 44  &.s......;.6.~QD
      00A7  FA 3A C7 87 90 23 9B EA 82 1E 9F 41 58 61 54 A9  .:...#.....AXaT.
      00B7  A2 05 90 95 2B 2A 38 22 88 A8 3E F2 29 72 27 8B  ....+*8"..>.)r'.
      00C7  7D 7C 9F 3B 42 7B DB B6 CA 16 7E 82 26 39 3B 99  }|.;B{....~.&9;.
      00D7  D9 A2 4C 46 BE AB A0 5B F3 E1 76 0D 0A FF 39 B4  ..LF...[..v...9.
      00E7  2D 64 73 45 3E C3 48 45 74 AC 80 EF E3 14 89 23  -dsE>.HEt......#
      00F7  2C 3F 17 88 E1 9F 2E 56 A5 32 B7 12 F5 99 13 43  ,?.....V.2.....C
      0107  93 14 BA 05 51 53 26 5E C6 13 A5 93 4D 54 DD 86  ....QS&^....MT..
      0117  60 05 00 DC 62 E6 98 59 46 D2 0B E2 A8 42 82 25  `...b..YF....B.%
      0127  0A 95 4C FE 2D 81 EC A5 63 7D C5 AE E1 D8 5F F4  ..L.-...c}...._.
      0137  3D 70 FE 6B 63 22 6B D5 5C FA B6 75 E3 83 E5 2D  =p.kc"k.\..u...-
      0147  6A F0 45 43 A8 DB 44 54 B3 A1 0B 10 B0 56 94 DE  j.EC..DT.....V..
      0157  49 C7 7C 50 E0 B0 C8 70 C8 A3 B8 53 C4 9B 2C E6  I.|P...p...S..,.
      0167  7D 2C C7 5C 28 62 3C CA 80 A9 5D 66 E6 29 EB 2D  },.\(b<...]f.).-
      0177  B8 87 64 4C 50 81 50 81 78 56 75 5C 73 89 2E B5  ..dLP.P.xVu\s...
      0187  88 5B 9E 86 E8 F3 9A B5 68 D1 13 2F CD 7F 88 B9  .[......h../....
      0197  A8 C9 C8 BC CC 18 5F FC 19 DA 10 6B 28 35 56 3B  ......_....k(5V;
      01A7  22 CB D4 AF 29 BA 2A 87 10 E8 53 CD 6B 49 E2 04  "...).*...S.kI..
      01B7  12 66 A6 7E 20 82 31 CA D8 67 A6 F2 ED 8C E4 31  .f.~ .1..g.....1
      01C7  76 23 B5 6F 74 C6 BC B3 59 72 74 0A BE 9E 6A 7D  v#.ot...Yrt...j}
      01D7  14 B7 FD 2E 81 EB 64 9A 2E B1 E5 56 C7 17 F4 15  ......d....V....
      01E7  09 78 8A E5 32 BC 3A 1D EB F7 6C 8F E2 B2 CB FA  .x..2.:...l.....
      01F7  D3 04 BD A0 C9 CF FB 7C 58 BE B1 C9 58 F7 A4 7C  .......|X...X..|
      0207  F8 32 A8 85 96 37 9C 33 D0 11 3D 32 B9 C6 2C A4  .2...7.3..=2..,.
      0217  40 14 9F BD 45 32 B0 EC C8 A2 F3 AD 39 26 E0 67  @...E2......9&.g
      0227  F7 9D 87 FE 34 35 BE 0A 95 11 5B BA CD 4B 1D 01  ....45....[..K..
      0237  13 8C D0 C7 FC 93 DA 61 F2 79 2E 49 B1 C7 62 95  .......a.y.I..b.
      0247  FD 72 8A 82 1A D1 10 F0 EB 32 D2 71 55 D4 D4 D4  .r.......2.qU...
      0257  13 EB 8F 13 3F 6C 8E 4D 0C BC E2 5F 90 A2 46 72  ....?l.M..._..Fr
      0267  3E B8 48 64 AD 98 12 DA 8C E1 24 41 01 0A 36 A5  >.Hd......$A..6.
      0277  2E 2E CD C9 DA 33 9B 7E 52 4C 85 19 61 42 5C 2C  .....3.~RL..aB\,
      0287  8F B6 BC 75 8E 47 AA D0 7B 10 5D 3A 1A 1B 79 98  ...u.G..{.]:..y.
      0297  E3 62 85 CD A7 03 C7 B4 9C 9C F3 E7 BB E2 33 2D  .b............3-
      02A7  52 D9 28 A1 34 00 99 A8 39 80 E3 BE 6C 81 34 76  R.(.4...9...l.4v
      02B7  2A 5C 5A B8 30 00 B8 DE 2F 28 0C 8F 66 B2 59 32  *\Z.0.../(..f.Y2
      02C7  39 74 8A 04 32 51 FE C6 85 EC BB E8 CC EF F7 6F  9t..2Q.........o
      02D7  C6 C9 27 A9 18 4B 4D 71 6E 00 E3 4B 13 38 14 56  ..'..KMqn..K.8.V
      02E7  8E C5 D4 FF 15 D3 33 4E 85 48 49 3B B3 46 4B B3  ......3N.HI;.FK.
      02F7  B9 91 91 76 87 C0 DE 46 E1 70 70 ED B1 4D BE D7  ...v...F.pp..M..
      0307  44 4D B7 F5 2B 17 14 94 DE 2E 6E D6 4F 3B 29 AD  DM..+.....n.O;).
      0317  EB 5F 61 C0 32 87 0D 0E F5 75 95 1F 79 62 0B 9E  ._a.2....u..yb..
      0327  66 0D EA C4 7F 1D 06 12 9E C2 D1 CF 35 5E C2 D4  f...........5^..
      0337  A5 AA F2 9A 30 0B 6B EB DC C3 9D 54 EF 2D BE 3E  ....0.k....T.-.>
      0347  85 9D 5B 31 BA 16 6E 8F 87 F0 7D 68 7B 07 46 18  ..[1..n...}h{.F.
      0357  7A BB 44 6C 45 4B C6 4A 19 4B 23 15 E3 CC 93 2C  z.DlEK.J.K#....,
      0367  EB 2C B9 73 9C 76 3F CE 91 56 35 30 BF 68 E1 F1  .,.s.v?..V50.h..
      0377  27 0B 4E 10 36 FA 8D 08 AA CE 8D 0A 8F 8A D1 26  '.N.6..........&
      0387  14 B9 A5 CD AB 6C 20 9C CB 1F 75 E4 75 FC 63 FB  .....l ...u.u.c.
      0397  E2 0A F0 E8 BD EC EF 33 9E B9 BF 08 A3 39 26 AA  .......3.....9&.
      03A7  E8 4C 80 3B 2D C5 EA 9E 09 C8 3A 29 62 B2 F1 92  .L.;-.....:)b...
      03B7  2D 9C 59 1C 0D C6 AA 06 20 78 9E 71 D1 0C BE 6B  -.Y..... x.q...k
      03C7  44 B5 E0 2C 8B 09 6E 32 15 34 3E E4 B3 D8 05 26  D..,..n2.4>....&
      03D7  89 02 90 54 C2 38 FA 7A F9 99 A1 B5 0B A6 88 F4  ...T.8.z........
      03E7  8B E4 A3 75 14 0A 88 B3 4A 1B 55 01 92 FE 6F 27  ...u....J.U...o'
      03F7  79 D9 D3 59 B1 92 79 BB 70 B8 BB 19 0A D2 F5 78  y..Y..y.p......x
      0407  0C A7 67 90 5E F5 F4 46 2A E5 48 5D 56 A1 2C A9  ..g.^..F*.H]V.,.
      0417  46 91 B0 F3 61 AB 48 23 3F 0A 00 69 24 7B 40 08  F...a.H#?..i${@.
      0427  58 FC DC AA 92 22 CD 31 13 8F 22 D2 3D 6C B5 B7  X....".1..".=l..
      0437  68 E9 01 85 01 48 51 29 96 99 10 29 F5 C8 9C 27  h....HQ)...)...'
      0447  1D 99 0A 13 82 BF FA 47 0E E4 35                 .......G..5
   R: SW1/SW2=6A88 (Checking error: Reference data not found) Lr=0

What am I doing wrong?

@sc-hsm: Could you help me out?

I guess what is missing, is to prepare the HSM with a matching DKEK setup.

The SmartCard-HSM allows only an encrypted key import, which means, that the key encryption key (DKEK) must be present on the device and outside in the tooling.

The error reported by the HSM means, that it does not have a key domain that was setup with the same Key Check Value of the DKEK you used to transform the PKCS#11 key into a wrapped format for the device.

What you need to do in advance: Initialize the device and select “Key Domains” in the “Select Device Key Encryption scheme” dialog (User “DKEK Shares” if you have a HSM1). Then enter “1” to create one Key Domain.

After that, in the outline right-click for the context menu on “Key domain 0 not created” and select “Create DKEK Key Domain”. After that import the DKEK share from your step 4 into the device.

Then repeat the import process.

Thanks a lot! That solves the issue