-
Notifications
You must be signed in to change notification settings - Fork 712
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issue while Import externally generated Private key file in CardContact SmartCard-HSM #621
Comments
The SmartCard-HSM does not support importing private keys in plain for security reasons. Even though this seems to be common practice, we strongly discourage users of importing externally generated keys in plain. Reasons are
However we acknowledge, that there might be situations where generating a fresh key is not a viable option. For those rare cases, the SDK provides for a tool to import a private key from a PKCS#12 file. **This should only be done if you really know what you are doing **. The SDK software [1] is available via the CDN [2] if you have a SmartCard-HSM EA+ token. If not, just write me an e-mail. [1] https://devnet.cardcontact.de/projects/sc-hsm-sdk/files |
I have to use this SC to import CA key and store user public/private keys. Leaving the import tool, how can i import the P12 file in SC-HSM smart card via some API or command ? |
Bonjour Users,
I created the RSA 2048 bit key to store in CardContact SmartCard by command
openssl genrsa -out user.key.pem 2048
I tried to import PEM key file in CardContact SmartCard by pkcs11-tool
pkcs11-tool -l --pin 123456 --write-object user.key.pem --type privkey --id 10
Using slot 1 with a present token (0x1)
2015-11-27 10:21:25.047 cannot lock memory, sensitive data may be paged to disk
error: Cannot read private key
Aborting.
So I also converted the PEM file to DER file by command
openssl rsa -in user.key.pem -out user.key.der -outform DER
Tried again to import the DER key file in CardContact SmartCard by pkcs11-tool
pkcs11-tool -l --pin xxxxxxxx --write-object user.key.der --type privkey --id 10
Using slot 1 with a present token (0x1)
2015-11-27 10:30:10.216 cannot lock memory, sensitive data may be paged to disk
error: PKCS11 function C_CreateObject failed: rv = CKR_FUNCTION_NOT_SUPPORTED (0x54)
Aborting.
Please provide me command method to store the externally generated private key into CardContact SmartCard-HSM
The text was updated successfully, but these errors were encountered: