XKEK group signer certificate: bound to device identity?

saper · May 10, 2021, 11:51am

This is Nitrokey HSM 2, first at firmware 3.3 then 3.4
Using what I believe I have downloaded as scsh 3.17.502 but it reports itself as “Smart Card Shell Scripting Engine (scdp4j) 3.17.401”.

Before firmware upgrade I have created a group signer key for XKEK and followed the XKEK tutorial to create the domain and exchange keys, all worked fine.

Since I have anticipated that I need to upgrade that token to a new firmware, group signer was created on a separate DKEK and I could export it to a .wky file.

After the firmware upgrade:

I have restored the DKEK.
And exported new identity (after firmware upgrade it changes).
Generated new KDM (3.4 static memebership).

Now an attempt to use the Key Domain Membership file results in the following error:

GPError: shell (USER_DEFINED/0) - "Assertion failed" in .../scsh3.17.502/config.js#49
    at .../scsh3.17.502/config.js#49
    at .../scsh3.17.502/keymanager/keymanager.js#537
    at .../scsh3.17.502/keymanager/keymanager.js#2418

This points to the line:

assert(groupkey.verifyATWith(this.crypto, devcert.getPublicKey(root.getPublicKey()), devcert.getPublicKeyOID()));

Does this mean group signer certificate is no longer valid because the device ID it is hosted on has been changed?

How can I make my group signer portable across the devices?

Everything works fine if I use a new group signer, generated after the firmware upgrade.

sc-hsm · May 10, 2021, 5:00pm

Not the group signer is device specific, but the way the Smart Card Shell constructs the certificate chain that is presented to the HSM on which a key domain is created.

If you generate a group signer on one device and upgrade the firmware, then the device gets a new device certificate. After importing the group signer, the device certificate of the instance with the old firmware is missing from the certificate chain written to the .KDM file.

When you sign a key domain membership the following certificates are written to the .KDM file

DICA A -> Device A -> Group Signer -> KDM

The DICA and Device certificate are taken from the HSM on which the group signer is located.

When you migrate the group signer to a different HSM, then the chain may look like

DICA B -> Device B -xxx-> Group Signer -> KDM

as the DICA and Device certificates are not moved. The Group Signer certificate can not be validated against Device B, so the chain is invalid.

I guess we need to provide a mechanism in the key manager to retain that old DICA and device certificate associated with the group signer, so that we can complete the chain written to the .KDM file.

sc-hsm · May 6, 2024, 8:27am

Update: The current Smart Card Shell exports the full group signer certificate chain, so importing the group signer into a different device will now preserve the chain.

This can be seen after importing the group signer, as now the full chain is listed in the outline.