Removing private key also remove public key and certificate on HSM using pkcs11-tool

Massimiliano_Cialdi · September 14, 2023, 11:02am

Hi,
I have a Nitrokey HSM containing many items including:

$ pkcs11-tool -l --list-objects
Using slot 0 with a present token (0x0)
Logging in to "powersoft-test-token (UserPIN)".
Please enter User PIN: 
[...]
Private Key Object; RSA 
  label:      SRK2_test
  ID:         03
  Usage:      decrypt, sign, unwrap
  Access:     sensitive, always sensitive, never extractable, local
Certificate Object; type = X.509 cert
  label:      SRK2_test
  subject:    DN: CN=SRK2_sha256_2048_65537_v3_ca
  serial:     1234567B
  ID:         03
Public Key Object; RSA 2048 bits
  label:      SRK2_test
  ID:         03
  Usage:      encrypt, verify
  Access:     local
[...]

I delete the private key like this:

pkcs11-tool --delete-object --slot=0 --label="SRK2_test" --pin=****** --login --type=privkey

and this operation also causes the public key and certificate to be deleted.
I tried deleting by pointing instead to pubkey and nothing happens, instead pointing to cert deletes the certificate and the public key but not the private one.
It is as if there is a hierarchy.

Is this normal behavior? What is it due to?

In this case I still had to delete everything, but if I really wanted to delete only the private key, how should I do it?

regards
Max

sc-hsm · September 14, 2023, 2:20pm

That is the desired behavior.

The HSM internally associates the private key and the related certificate. If you remove the key, you also remove the certificate.

You can of course have additional certificates (e.g. CA certificates), but those are not related to a private key.

This is somewhat different from the PKCS#15 model, where you have separate objects for the private key, the public key and the certificate. In the HSM the public key object is always retrieved from the certificate, there is no separate object internally.

That brings up the interesting question, how the public key is stored internally before the certificate is issued ? That is where public key attestation enters the scene: The public key of a key pair generated on the HSM is directly internally signed by the Device Authentication Key to form a CVC-Req as defined by TR-03110. That CVC-Req is treated as a certificate in the middleware, so that in the absence of the final certificate, the public key is retrieved from the CVC-Req.

The beauty of this approach is, that one could extract the CVC-Req and pass that to a certification authority to validate key attestation. That is what we do in the PKI-as-a-Service Portal to assure, that only keys generated on a HSM are certified.