Using AES:256 with Nitrokey HSM 2

notthetup · July 3, 2025, 3:39am

Hello,

I am trying to use the NitroKey HSM 2 to do AES encryption/decryption.

@sc-hsm firstly thank you for the clear examples you gave here

In the example you create an AES-128 (AES:16) bit key using --keygen --key-type AES:16 on the Nitrokey.

Is it possible to use a 256 bit key (AES-256) instead? I saw some documentation for using --keygen --key-type AES:256 which doesn’t seem to work on the HSM2

$ pkcs11-tool --module ../sc-hsm-embedded/src/pkcs11/.libs/libsc-hsm-pkcs11.so --keygen --key-type AES:256 --label "aeskey"
Using slot 0 with a present token (0x1)
error: PKCS11 function C_GenerateKey failed: rv = CKR_TEMPLATE_INCONSISTENT (0xd1)
Aborting.

Using --keygen --key-type AES:32 does give a key which seems to be 32cbytes in length (“Secret Key Object; AES length 32”), but does the encryption/decryption logic use that key correctly?

sc-hsm · July 3, 2025, 12:28pm

That’s an oddity of the pkcs11-tool from OpenSC. Instead of specifying the key size in bits, you need to give the number of bytes. So AES:32 is correct for a 256 bit AES.

Encryption should work with 128,196 and 256 bit. The block size is always 16 byte.