Unable to store signed certificate on nitrokey start

enrico · March 6, 2018, 1:16pm

Hi,
after receiving the signed certificate from CA and trying to import it on the key I have the errors:

Using gpg (v2.2.5)
gpg/card> writecertificate 3 < cert_crt.der
gpg: error writing certificate to card: General error

Using pkcs15-init (opensc 0.17.0-3):
pkcs15-init --store-certificate cert_crt.pem --id 3
Using reader with a card: Nitrokey Nitrokey Start (FSIJ-1.2.6-67141547) 00 00
Security officer PIN [Admin PIN] required.
Please enter Security officer PIN [Admin PIN]:
Failed to store certificate: Transmit failed

Keys are 2048RSA generated on the stick. Any suggestion? All other gpg activity work perfect.
The target here is to use the key for the openvpn client.
Thanks.

nitroalex · March 8, 2018, 9:27am

Hi enrico,

could reproduce. Looks like a bug. I am not sure, if it is on OpenSC’s site or Gnuk (underlying firmware of NK Start), thus I opened an issue at OpenSC project page. We’ll see what they say.

The command is working fine for other Nitrokeys (e. g. Pro), but somehow it is not working for Start

Kind regards
Alex

nitroalex · March 8, 2018, 3:54pm

BTW: What system are you working on?

It would be great, if you have a look to the github discussion and help fixing there, if you like.

enrico · March 8, 2018, 4:09pm

Hi,
Crossposting here from the github issue, Debian Testing with opensc (0.17.0-3) GnuPG (2.2.5-1).
Thanks