Make sure you use a Nitrokey HSM 2 and not any other model. In that case there are no default PINs and during initialization you define both PINs with the command you just showed. Of course you should use different PINs than used in this example.
Yeah, I just learned about this the hard way. I bought the wrong item - Nitrokey 3. If I’m interested in running PKI and wanting to store my root CA keys, which product should I use?
And does Nitrokey allow full refund of the wrong item? What’s the procedure? I emailed the support and there’s no response yet.
Thanks for sharing your use case. You had some more questions.
SO PIN and PIN difference.
A HSM follows a model where you have split responsibilities. Someone may prepare you a HSM and needs to authenticate as Security Officer while you use your Personal Identification Number.
Do you need multiple Nitrokey HSMs
It depends. I possess multiple HSMs. Usually I buy most security hardware three times. One I use, one backup, one for development/update tests/procedure rehearsals. Even for products I just evaluate/tinker with. As IT professional I see this part of a dedicated education budget.
Do you need multiple just for testing? I would say yes, when you would like to spread a Security Domain between two hardware HSMs. Backups/m-of-n schemes can be tested with a single one as the HSM encrypts just files for downloading to your PC.
Do you need a hardware HSM for testing? I would say yes. You could work with a SoftHSM and could do most things but real use of a physical HSM is slightly different.
Do you need multiple HSMs for productive use? I would say yes. One for at least 3 trustworthy Security Officers. And additionally a backup as files. Why? Redundancy and 3-2-1 backup applied to the HSM. Also consider the costs of a HSM. Nitrokey HSM - while being entry level - are quite affordable. Beware that some users might lack features that can be found in more expensive solutions (like pure on device encryption/decryption of data as the smartcard is not designed for such compute heavy workloads.)
Yes, they all look quite identical. There is a nice overview to see what the differences are.
If your usecase is PKI, then Nitrokey HSM is the right hardware.
If you still need to learn whether it is the right thing, you could use SoftHSM to learn whether a HSM is what you need. This software is intended for development and is not a replacement for a hardware token.