Hello, my Nitrokey HSM 2 is up to date, but I cannot generate a symmetric key… I am trying with the APDU commands from the manual,
or with pkcs11-tool :
pkcs11-tool.exe -l --pin 981567 --keygen --key-type aes:128 --id 1
error: Generate Key mechanism not supported
or with pkcs15-init :
pkcs15-init.exe --store-secret-key aes_key.txt --secret-key-algorithm aes/128 --auth-id 01 --id 03 --pin 981567
Using reader with a card: Nitrokey Nitrokey HSM 0
Failed to store secret key: Key length/algorithm not supported by card
Can someone describe the steps to use to generate the key ?
Hi!
Confirmed this behavior occurs on Fedora 30 with OpenSC 0.19 on older smart card, HSM v2.0.https://www.smartcard-hsm.com/features.html .https://www.openscdp.org/scsh3/download.html
@nitroalex Could you check this on HSM v3?@sc-hsm
Hi,
No, I did not try the SCSH yet. I opened it, but did not understand how to use it…
I will look into it.
Thank you.
Hello szszszsz,
It works with the “Smart Card Shell”, by loading the key manager.
For now, it is the only way I succeed doing it, I do not know if it is normal, but it is ok, as long as I found a way…
Thank you.
1 Like
tkalkanci:
It works with the “Smart Card Shell”, by loading the key manager.
For now, it is the only way I succeed doing it, I do not know if it is normal, but it is ok, as long as I found a way…
Please look at: Importing private key fail on HSM2 :
Yes,
I know what it is not possible to import a key on the Nitrokey, except by unwrapping it, if it has already been wrapped with the same DKEK or XKEK.
But I expected to be able to generate a new AES Symmetric key. The APDU command to do so exists, and the pkcs11-tool should do it also.
Something must be missing…
