Hi, I tried to connect two HSM2 USB Nitrokeys to the same PC and then to use it in two different Virtual Machines running at this PC. My host computer has Windows 10, first VM is Ubuntu 22.04, second - Windows 10. I want first Nitrokey to be connected to Ubuntu VM, and second - to Windows VM. How could I reach it? If it is possible?
I do not think the question is specific about nitrokey, but more about how your VM works. You will therefore ask for help in a forum for either hyperV or Virtual Box or VMware. I can tell you about how it works in KVM/qemu I think that should be similar to VirtualBox. You have to define either a direct and automated passthrough for the VM (in Linux you do this via “SPICE” )or you have to define a fixed rule for a specified device in the virtual machine manager. You cannot(!) use a usb device contemporarily on both (host and guest) in the same moment. So if you have two HSM you have to define a rule for the one you wish to use in the VM and NOT for the other and deactivate the automatic recognition (at least in KVM/qemu you are running now in one problem: when you start your VM it will search for the fixed linked USB device and will not start if it is not present at start up. If your server has long uptimes that might be acceptable to you.
My advice would be to ask in the forum of the respective producer of the VM manager, that is for build in VM manager of Windows for hyperV.
Regards.
1 Like
My question is more about how to distinguish between these two devices of the same manufacturer, and is it possible to work at the same computer with connected two devices.
Use the serial of the HSM.
See this example for nitrokey 3 Automatic Screen Lock at Removal script - #9 by bernd
The HSM has also a unique serial, but they start with ‘DENK’.
Thank you @bernd for your response.
And how should I sign in my program, using specific device, for example: pkcs11-tool.exe -d 1 -s -p " + token " + "-m ECDSA -f openssl -i " + hashFile + " -o " + signFile ?
Which parameter should I add for serial?
So, you have an answer how to attach one HSM to one VM via its serial?
Selecting one HSM out of many (if they are all attached and visible to the same OS), should be done with --slot, or not?
It’s not a problem, I can select the desired USB device for pass-through from Host. I just wanted to be sure to select the correct device before setting it to VM.
Thank you again, I’ll add --slot parameter.