No need to have a license from Oracle. You can still use OpenJDK which is released under GPL with class path exception. We do not use any of the Oracle proprietary extensions.
As a beginner with this kind of devices I want to understand what I have to do (step-by-step) to update the Nitrokey HSM.
Update: So I succeeded with the following flow
- Laptop with OpenSuSE 15.1 KDE, opensc installed, java available
- Nitrokey HSMv1, Firmware 2.5, already initialized
- opensc-pkcs11.so in Firefox configured - Nitrokey is detected
- Download https://www.openscdp.org/ocf/ocf-cc.jar and start by
java -jar ocf-cc.jar -v - Register https://www.pki-as-a-service.net/
Enter PIN when requested
Error message “the token is not registered yet” --> To register: enter valid e-mail address!
Enter my e-mail address, receive an activation by this e-mail address, enter the activation code. Them I am logged in.
Request a certificate by “Home / Request DevNet Certificate”
Store this certificate on the HSM (is this necessary?) - Request a Firmware Update
Error Message “SmartCard-HSM contains keys. Please remove keys first”. - re-initialize the Nitrokey:
sc-hsm-tool --initialize --so-pin XXXXXXXXXXXXXXXXX --pin YYYYYY - Request a Firmware Update
now the update to firmware succeeded.
After the update, the Nitrokey was again unitialized and had even a different serial number.
2 Likes
Hello, my Nitrokey HSM 2 is up to date, but I cannot generate a symmetric key… I am trying with the APDU commands from the manual, or with pkcs11-tool.
On windows, I type the command :
pkcs11-tool.exe -l --pin 981567 --keygen --key-type aes:128 --id 1
error: Generate Key mechanism not supported
Can someone describe the steps to use to generate the key ?
Edit: moved to Unable to create a symmetric, or secret key on Nitrokey HSM 2
Please create a separate discussion for your question.
OK, I will.