Wrapping an AES key from Nitrokey HSM2

notthetup · July 4, 2025, 4:00am

Hello again,

I am trying to backup an AES key that I created on a Nitrokey HSM using the DKEK share method.

Firstly I initialized the Nitrokey HSM2 using

$ sc-hsm-tool --initialize --dkek-shares 1 --label "myhsm"

Then, I created the dkek, and imported it using

$ sc-hsm-tool --create-dkek-share myhsm.pbe
$ sc-hsm-tool --import-dkek-share myhsm.pbe

I created the key using the method shown here.

The HSM has the DKEK and also the key

$ sc-hsm-tool
Using reader with a card: Nitrokey Nitrokey HSM (<HSM_ID>         ) 00 00
Version              : 4.1
Config options       :
  User PIN reset with SO-PIN enabled
SO-PIN tries left    : 15
User PIN tries left  : 3
DKEK shares          : 1
DKEK key check value : 374338542608E779


$ pkcs11-tool --list-objects --type secrkey
Using slot 0 with a present token (0x1)
Secret Key Object; AES length 32
  label:
  ID:         01
  Usage:      encrypt, decrypt
  Access:     sensitive, always sensitive, never extractable, local

But when I try to wrap(export) it, I get this error.

$ sc-hsm-tool --wrap-key  myhsm.backup  --key-reference 01
Using reader with a card: Nitrokey Nitrokey HSM (<HSM_ID>         ) 00 00
sc_card_ctl(*, SC_CARDCTL_SC_HSM_WRAP_KEY, *) failed with Card does not support the requested operation

Any idea what I’m missing? I am using the version of sc-hsm-tool compiled from the Github source.

sc-hsm · July 4, 2025, 6:40am

OpenSC does not support all of the options and diagnostic functions of the HSM. Please use the Smart Card Shell and the included Key Manager to get acquainted with the system. After that you could use OpenSC or the native module to interact with the HSM.

In this specific case my guess is, that the key does not have the WRAP attribute internally. This is different from the attributes shown at the PKCS#11 interface.

notthetup · July 4, 2025, 6:55am

Unfortunately, I need to do this backup programmatically. I believe Smart Card Shell is GUI only? Or?

sc-hsm · July 4, 2025, 6:58am

You can do that programmatically, but the Smart Card Shell will help you to understand what is happening on the device or what is may be missing.

The HSM has much more functions, that what is supported by OpenSC.

notthetup · July 4, 2025, 8:16am

I also tried to do this, but it doesn’t work.

pkcs11-tool --usage-wrap --keygen --key-type AES:32 --id 02

notthetup · July 4, 2025, 8:32am

All the documentation from Nitrokey about backing up keys uses sc-hsm-tool. Is there ANY documentation on how to do this using Smart Card Shell?

sc-hsm · July 4, 2025, 10:08am

Did a quick test myself. The issue is, that when you generate an AES key with pkcs11-tool and the native PKCS#11 library, then the key is not associated with a key domain. And so the key can not be wrapped using sc-hsm-tool.

If you generate the key using the Smart Card Shell, then wrapping and unwrapping with sc-hsm-tool from OpenSC works.

The native PKCS#11 module has some proprietary attributes, that OpenSC does not support. As far as I know, there is no mechanism in pkcs11-tool to define vendor specific attributes.

notthetup · July 5, 2025, 9:47am

Are there any documents on how to generate an AES256 key with Smart Card Shell? I couldn’t find much.

sc-hsm · July 5, 2025, 11:02pm

It’s pretty much self-explaining. You could read one of the HowTos that handle more complex topics like Public Key Authentication or XKEK Key Domains. That should give a glimpse on what you can do with the Key Manager in the Smart Card Shell.