I am trying to use sc-hsm-pgp.jar as described here: Using the SmartCard-HSM with PGP
However, it fails with:
$ java -jar sc-hsm-pgp.jar --export --key test-key --id "Alice <alice@example.com>" --output alice.pem --pin 123456
Getting key for alias test-key...
illegal object in getInstance: org.bouncycastle.asn1.DLSequence
java.lang.IllegalArgumentException: illegal object in getInstance: org.bouncycastle.asn1.DLSequence
at org.bouncycastle.asn1.ASN1ObjectIdentifier.getInstance(Unknown Source)
at org.bouncycastle.openpgp.operator.jcajce.JcaPGPKeyConverter.getPGPPublicKey(Unknown Source)
at org.bouncycastle.openpgp.operator.jcajce.JcaPGPKeyConverter.getPGPPublicKey(Unknown Source)
at de.cardcontact.pgp.export.PublicKeyExporter.writePublicKeyToFile(PublicKeyExporter.java:123)
at de.cardcontact.pgp.SmartCardHSMPGP.executeExport(SmartCardHSMPGP.java:363)
at de.cardcontact.pgp.SmartCardHSMPGP.execute(SmartCardHSMPGP.java:251)
at de.cardcontact.pgp.SmartCardHSMPGP.main(SmartCardHSMPGP.java:128)
This looks similar to this crash: Nitrokey HSM and Java - #6 by weydstone. There, @sc-hsm mentioned that:
That is why I recommended to use the native JCE Provider
However, since sc-hsm-pgp.jar is compiled by CardContact, I don’t think this applies here? I can’t switch the JCE Provider that sc-hsm-pgp.jar uses, can I?
System Information
- Debian 13 (Trixie)
- Java 21
$ java -version
openjdk version "21.0.10" 2026-01-20
OpenJDK Runtime Environment (build 21.0.10+7-Debian-1deb13u1)
OpenJDK 64-Bit Server VM (build 21.0.10+7-Debian-1deb13u1, mixed mode, sharing)
Debian 13 does not ship with Java 17 or older. So I also tried it on Ubuntu 25.10: I installed Java 8, and update-alternatives to it. But even with Java 8, I get the same crash.