Using AES with Nitrokey HSM

Nitrokeys HSM
1

Hi,
I would love to use the Nitrokey HSM to generate, store, and use AES keys. First of all, is that possible?
Running pkcs11-tool -M does not show any AES mechanism for encryption:

(venv_cloud_secrets) wola@WATTNUX2:~/cloud_secrets/sc-hsm-embedded$ pkcs11-tool -M
Using slot 0 with a present token (0x0)
Supported mechanisms:
  SHA-1, digest
  SHA224, digest
  SHA256, digest
  SHA384, digest
  SHA512, digest
  MD5, digest
  RIPEMD160, digest
  GOSTR3411, digest
  ECDSA, keySize={192,521}, hw, sign, verify, EC F_P, EC parameters, EC OID, EC uncompressed
  ECDSA-SHA384, keySize={192,521}, sign, verify
  ECDSA-SHA512, keySize={192,521}, sign, verify
  ECDSA-SHA1, keySize={192,521}, hw, sign, verify, EC F_P, EC parameters, EC OID, EC uncompressed
  ECDSA-SHA224, keySize={192,521}, hw, sign, verify, EC F_P, EC parameters, EC OID, EC uncompressed
  ECDSA-SHA256, keySize={192,521}, hw, sign, verify, EC F_P, EC parameters, EC OID, EC uncompressed
  ECDH1-COFACTOR-DERIVE, keySize={192,521}, hw, derive, EC F_P, EC parameters, EC OID, EC uncompressed
  ECDH1-DERIVE, keySize={192,521}, hw, derive, EC F_P, EC parameters, EC OID, EC uncompressed
  ECDSA-KEY-PAIR-GEN, keySize={192,521}, hw, generate_key_pair, EC F_P, EC parameters, EC OID, EC uncompressed
  RSA-X-509, keySize={1024,4096}, hw, decrypt, sign, verify
  RSA-PKCS, keySize={1024,4096}, hw, decrypt, sign, verify
  SHA1-RSA-PKCS, keySize={1024,4096}, sign, verify
  SHA224-RSA-PKCS, keySize={1024,4096}, sign, verify
  SHA256-RSA-PKCS, keySize={1024,4096}, sign, verify
  SHA384-RSA-PKCS, keySize={1024,4096}, sign, verify
  SHA512-RSA-PKCS, keySize={1024,4096}, sign, verify
  MD5-RSA-PKCS, keySize={1024,4096}, sign, verify
  RIPEMD160-RSA-PKCS, keySize={1024,4096}, sign, verify
  RSA-PKCS-PSS, keySize={1024,4096}, hw, sign, verify
  SHA1-RSA-PKCS-PSS, keySize={1024,4096}, sign, verify
  SHA224-RSA-PKCS-PSS, keySize={1024,4096}, sign, verify
  SHA256-RSA-PKCS-PSS, keySize={1024,4096}, sign, verify
  SHA384-RSA-PKCS-PSS, keySize={1024,4096}, sign, verify
  SHA512-RSA-PKCS-PSS, keySize={1024,4096}, sign, verify
  RSA-PKCS-KEY-PAIR-GEN, keySize={1024,4096}, generate_key_pair

Do I have to install sc-hsm-pkcs11 module from the sc-hsm-embedded project? What are the prerequisites to build it from source? I am a bit lost in the “getting started” documentation…

Best regards

2

OpenSC does not provide support for AES keys on a SmartCard-HSM. You need to
use the PKCS#11 module from sc-hsm-embedded.

For Windows the latest version is provided as msi installer, for Linux a sequence of

autoreconf -fis
./configure
make
sudo make install

should work. You can combine OpenSC and sc-hsm-pkcs11, as they are compatible.

3

Thank you!

For reference, as I am using Ubuntu 22.04, I had to install a few packages to make it work:

apt install autoconf libtool libpcsclite-dev
4

Another question, does Nitrokey HSM support AES encrypt? It does not show in pkcs11-tool options

pkcs11-tool: unrecognized option '--encrypt'
5

It does support that:

asc@caprese:~$ echo "Hello World. How are you today?" >plain
asc@caprese:~$ pkcs11-tool --module /usr/local/lib/libsc-hsm-pkcs11.so -O --login --pin 648219 --id 05d18a56eff4070e --encrypt --mech AES-CBC --input-file plain --output-file cipher
Using slot 0 with a present token (0x1)
Secret Key Object; AES length 16
  label:      AES
  ID:         05d18a56eff4070e
warning: PKCS11 function C_GetAttributeValue(VERIFY_RECOVER) failed: rv = CKR_ATTRIBUTE_TYPE_INVALID (0x12)

  Usage:      encrypt, decrypt
  Access:     sensitive, always sensitive, never extractable, local
  uri:        pkcs11:model=SmartCard-HSM;manufacturer=CardContact%20%28www.cardcontact.de%29;serial=;token=SmartCard-HSM;id=%05d18a56eff4070e;object=AES;type=secret-key
Using encrypt algorithm AES-CBC
asc@caprese:~$ hexdump cipher 
0000000 8c77 a1cd 51fc 2b96 0384 71fe e3d2 8c3b
0000010 b8ec 319a df01 51e5 cd8f 48eb 2745 68b6
0000020
asc@caprese:~$ pkcs11-tool --module /usr/local/lib/libsc-hsm-pkcs11.so -O --login --pin 648219 --id 05d18a56eff4070e --decrypt --mech AES-CBC --input-file cipherUsing slot 0 with a present token (0x1)
Secret Key Object; AES length 16
  label:      AES
  ID:         05d18a56eff4070e
warning: PKCS11 function C_GetAttributeValue(VERIFY_RECOVER) failed: rv = CKR_ATTRIBUTE_TYPE_INVALID (0x12)

  Usage:      encrypt, decrypt
  Access:     sensitive, always sensitive, never extractable, local
  uri:        pkcs11:model=SmartCard-HSM;manufacturer=CardContact%20%28www.cardcontact.de%29;serial=;token=SmartCard-HSM;id=%05d18a56eff4070e;object=AES;type=secret-key
Using decrypt algorithm AES-CBC
Hello World. How are you today?

The input length must be a multiple of 16, as the HSM does not support padding internally.

6

@sc-hsm can you provide step by step instruction how to create aes key on hsm 2 ?

7

Could this be an issue of a version of pkcs11-tool? mine does not show --encrypt:

(venv_cloud_secrets) wola@WATTNUX2:~/cloud_secrets$ pkcs11-tool --module /usr/local/lib/libsc-hsm-pkcs11.so -O --login --pin 648219 --id 05d18a56eff4070e --encrypt --mech AES-CBC --input-file plain --output-file cipher
pkcs11-tool: unrecognized option '--encrypt'
Usage: pkcs11-tool [OPTIONS]
Options: [...]
8

Sure

pkcs11-tool --module /usr/local/lib/libsc-hsm-pkcs11.so --login --pin 648219 --keygen --key-type AES:16 --label AES

to generate an AES-128 key.

9

What version of OpenSC are you using ?

10

Im testing sc-hsm-middleware-x64-2.12.msi from Releases · CardContact/sc-hsm-embedded but for some reason, when I execute it, it terminates suddenly ?

I’m using windows 11.

11

The MSI does not generate any output. It just copies the dll into windows/system32.

12

Thank you, would be helpful to know the name of dll file that was copied, so I can reference it.

13

sc-hsm-pkcs11.dll

The installer also installs the sc-hsm-pkcs11-test.exe and sc-hsm-minidriver-test.exe in CardContact/SmartCard-HSM Middleware.