When I try to sign a SHA with
pkcs11-tool.exe --sign --input-file tempfile.sha -m ECDSA --output-file signature.bin -v --label {private_key_label}
The SHA is always signed with the first key stored on the HSM.
it works fine when using:
pkcs11-tool.exe --sign --input-file tempfile.sha -m ECDSA --output-file signature.bin -v --id {private_key_id}
As a workaround I first lookup the ID of the label and use the latter command line.
We want to use the espressif idf.py / espsecure.py tool to sign our code with the HSM but this is not possible as for this tooling you need to supply the label and not the ID