Any suggestions why pkcs11-tool, fails to chat to NitroHSM [note there are two smart cards plugged in] ?
openssl version
OpenSSL 3.0.1 14 Dec 2021 (Library: OpenSSL 3.0.1 14 Dec 2021)
D:\Development\openssl>"C:\Program Files (x86)\OpenSC Project\OpenSC\tools\opensc-tool" -l
# Detected readers (pcsc)
Nr. Card Features Name
0 Yes Gemalto USB SmartCard Reader 0
1 Yes Nitrokey Nitrokey HSM 0
D:\Development\openssl>"C:\Program Files (x86)\OpenSC Project\OpenSC\tools\pkcs15-tool" --reader 1 --version
OpenSC-0.22.0-rc1-74-gc902e199, rev: c902e199, commit-time: 2021-08-10 11:09:03 +0200
D:\Development\openssl>openssl engine dynamic -pre ID:pkcs11 -pre SO_PATH:D:\Development\openssl\pkcs11.dll -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:D:\Development\openssl\opensc-pkcs11.dll
(dynamic) Dynamic engine loading support
[Success]: ID:pkcs11
[Success]: SO_PATH:D:\Development\openssl\pkcs11.dll
[Success]: LIST_ADD:1
[Success]: LOAD
[Success]: MODULE_PATH:D:\Development\openssl\opensc-pkcs11.dll
Loaded: (pkcs11) pkcs11 engine
D:\Development\openssl>"C:\Program Files (x86)\OpenSC Project\OpenSC\tools\pkcs11-tool" --module "C:\Program Files (x86)\OpenSC Project\OpenSC\pkcs11\opensc-pkcs11.dll" --list-objects --pin 648219
error: PKCS11 function C_GetSlotInfo failed: rv = CKR_DATA_LEN_RANGE (0x21)
Aborting.
D:\Development\openssl>"C:\Program Files (x86)\OpenSC Project\OpenSC\tools\pkcs15-tool" --reader 1 -D
PKCS#15 Card [SmartCard-HSM]:
Version : 0
Serial number : DENK0106188
Manufacturer ID: www.CardContact.de
Flags :
PIN [UserPIN]
Object Flags : [0x03], private, modifiable
Auth ID : 02
ID : 01
Flags : [0x812], local, initialized, exchangeRefData
Length : min_len:6, max_len:15, stored_len:0
Pad char : 0x00
Reference : 129 (0x81)
Type : ascii-numeric
Path : e82b0601040181c31f0201::
Tries left : 3
PIN [SOPIN]
Object Flags : [0x01], private
ID : 02
Flags : [0x9A], local, unblock-disabled, initialized, soPin
Length : min_len:16, max_len:16, stored_len:0
Pad char : 0x00
Reference : 136 (0x88)
Type : bcd
Path : e82b0601040181c31f0201::
Tries left : 15
Private RSA Key [38cf54946028d893f6d14b462d71e4c8ed9bed57]
Object Flags : [0x01], private
Usage : [0x2E], decrypt, sign, signRecover, unwrap
Access Flags : [0x1D], sensitive, alwaysSensitive, neverExtract, local
Algo_refs : 0
ModLength : 4096
Key ref : 1 (0x01)
Native : yes
Auth ID : 01
ID : 01
MD:guid : b0c55d7a-57c1-7984-7805-e760635db0ea
Private EC Key [CA_private2]
Object Flags : [0x03], private, modifiable
Usage : [0x10C], sign, signRecover, derive
Access Flags : [0x1D], sensitive, alwaysSensitive, neverExtract, local
Algo_refs : 0
FieldLength : 256
Key ref : 2 (0x02)
Native : yes
Auth ID : 01
ID : 10
MD:guid : 195731c7-84d8-3dd9-65d7-d8773754f3aa
Public EC Key [CA_private2]
Object Flags : [0x00]
Usage : [0x40], verify
Access Flags : [0x02], extract
FieldLength : 256
Key ref : 0 (0x00)
Native : no
ID : 10
DirectValue : <present>
X.509 Certificate [38cf54946028d893f6d14b462d71e4c8ed9bed57]
Object Flags : [0x00]
Authority : no
Path : ce01
ID : 01
Encoded serial : 02 09 008610DAE1CDEBF726