Unable to store signed certificate on nitrokey start


#1

Hi,
after receiving the signed certificate from CA and trying to import it on the key I have the errors:

Using gpg (v2.2.5)
gpg/card> writecertificate 3 < cert_crt.der
gpg: error writing certificate to card: General error

Using pkcs15-init (opensc 0.17.0-3):
pkcs15-init --store-certificate cert_crt.pem --id 3
Using reader with a card: Nitrokey Nitrokey Start (FSIJ-1.2.6-67141547) 00 00
Security officer PIN [Admin PIN] required.
Please enter Security officer PIN [Admin PIN]:
Failed to store certificate: Transmit failed

Keys are 2048RSA generated on the stick. Any suggestion? All other gpg activity work perfect.
The target here is to use the key for the openvpn client.
Thanks.


#2

Hi enrico,

could reproduce. Looks like a bug. I am not sure, if it is on OpenSC’s site or Gnuk (underlying firmware of NK Start), thus I opened an issue at OpenSC project page. We’ll see what they say.

The command is working fine for other Nitrokeys (e. g. Pro), but somehow it is not working for Start :thinking:

Kind regards
Alex


Failed to write x509 cert to Nitrokey Start
#3

BTW: What system are you working on?

It would be great, if you have a look to the github discussion and help fixing there, if you like. :blush:


#4

Hi,
Crossposting here from the github issue, Debian Testing with opensc (0.17.0-3) GnuPG (2.2.5-1).
Thanks