Sc-hsm-pgp.jar fails with "illegal object in getInstance"

thgoebel · February 8, 2026, 1:44pm

I am trying to use sc-hsm-pgp.jar as described here: Using the SmartCard-HSM with PGP

However, it fails with:

$ java -jar sc-hsm-pgp.jar --export --key test-key --id "Alice <alice@example.com>" --output alice.pem --pin 123456

Getting key for alias test-key...
illegal object in getInstance: org.bouncycastle.asn1.DLSequence
java.lang.IllegalArgumentException: illegal object in getInstance: org.bouncycastle.asn1.DLSequence
	at org.bouncycastle.asn1.ASN1ObjectIdentifier.getInstance(Unknown Source)
	at org.bouncycastle.openpgp.operator.jcajce.JcaPGPKeyConverter.getPGPPublicKey(Unknown Source)
	at org.bouncycastle.openpgp.operator.jcajce.JcaPGPKeyConverter.getPGPPublicKey(Unknown Source)
	at de.cardcontact.pgp.export.PublicKeyExporter.writePublicKeyToFile(PublicKeyExporter.java:123)
	at de.cardcontact.pgp.SmartCardHSMPGP.executeExport(SmartCardHSMPGP.java:363)
	at de.cardcontact.pgp.SmartCardHSMPGP.execute(SmartCardHSMPGP.java:251)
	at de.cardcontact.pgp.SmartCardHSMPGP.main(SmartCardHSMPGP.java:128)

This looks similar to this crash: Nitrokey HSM and Java - #6 by weydstone. There, @sc-hsm mentioned that:

That is why I recommended to use the native JCE Provider

However, since sc-hsm-pgp.jar is compiled by CardContact, I don’t think this applies here? I can’t switch the JCE Provider that sc-hsm-pgp.jar uses, can I?

System Information

Debian 13 (Trixie)
Java 21

$ java -version

openjdk version "21.0.10" 2026-01-20
OpenJDK Runtime Environment (build 21.0.10+7-Debian-1deb13u1)
OpenJDK 64-Bit Server VM (build 21.0.10+7-Debian-1deb13u1, mixed mode, sharing)

Debian 13 does not ship with Java 17 or older. So I also tried it on Ubuntu 25.10: I installed Java 8, and update-alternatives to it. But even with Java 8, I get the same crash.

thgoebel · February 8, 2026, 10:03pm

EC key

I realised what the problem is: I used an EC:secp256r1 key pair. P-256 has been in PGP libraries since 2019 and has been standardised for OpenPGP since 2024. I’ve been using ECC for my e-mail since 2019, hence my mistake.

With an RSA:4096 key sc-hsm-pgp.jar works as expected.

Being able to use an EC key with PGP and Nitrokey HSM would be great, since RSA keys are a lot slower (for the equivalent security level).

SHA-1

When I sc-hsm-pgp.jar --export the certificate and put it in Sequoia, it complains about SHA-1 being used:

$ sq inspect alice.pem 
alice.pem: OpenPGP Certificate.

      Fingerprint: D7D9B81C1B657E49D24A63ABA7ADA971EBAA497C
                   Invalid: No binding signature at time 2026-02-08T14:06:42Z: Policy rejected non-revocation signature (GenericCertification) requiring second pre-image resistance, because SHA1 is not considered secure since 2023-02-01T00:00:00Z
  Public-key algo: RSA
  Public-key size: 4096 bits
    Creation time: 1970-01-01 00:00:00 UTC

           UserID: Alice <alice@example.com>
                   Invalid: Policy rejected non-revocation signature (GenericCertification) requiring second pre-image resistance
                   because: SHA1 is not considered secure since 2023-02-01T00:00:00Z

RNP has been rejecting SHA-1 since 2022 and Seqoia since 2023.

It would be nice if sc-hsm-pgp.jar upgraded to SHA-256.
With SHA-1, the output of sc-hsm-pgp.jar cannot be used with the sq CLI at all. sq will reject any attempt to mark the cert as trusted or to use it for verifying signed messages.