Comments (4)
RaymiiOrg
commented on August 26, 2024
The workaround I now use is three different NSS databases with the specific slot enabled, since that is unique.
from sc-hsm-embedded.
CardContact
commented on August 26, 2024
The module does not support reading the label yet. I will have to add that once I'm back from vacation.
Andreas
Von meinem iPhone 7 gesendet
Am 15.07.2016 um 18:17 schrieb Raymii [email protected]:
The HSM label is always 'SmartCard-HSM' and not the label set when initializing the HSM.
When initializing the HSM with a specific label:
sc-hsm-tool --initialize --so-pin 3537363231383830 --pin 648219 --dkek-shares 1 --label 'hsm2'
It is not shown as the token label:pkcs11-tool --module /usr/lib/libsc-hsm-pkcs11.so --login --pin 648219 --list-slots
Output:Available slots:
Slot 0 (0xd): Lenovo Integrated Smart Card Reader 03 00
(empty)
Slot 1 (0x1): Nitrokey Nitrokey HSM (010000000000000000000000) 00 00
token label : SmartCard-HSM
token manufacturer : CardContact (www.cardcontact.de)
token model : SmartCard-HSM
token flags : readonly, login required, PIN initialized, token initialized
hardware version : 0.0
firmware version : 0.0
serial num :
Slot 2 (0x5): Nitrokey Nitrokey HSM (010000000000000000000000) 01 00
token label : SmartCard-HSM
token manufacturer : CardContact (www.cardcontact.de)
token model : SmartCard-HSM
token flags : readonly, login required, PIN initialized, token initialized
hardware version : 0.0
firmware version : 0.0
serial num :
Slot 3 (0x9): Nitrokey Nitrokey HSM (010000000000000000000000) 02 00
token label : SmartCard-HSM
token manufacturer : CardContact (www.cardcontact.de)
token model : SmartCard-HSM
token flags : readonly, login required, PIN initialized, token initialized
hardware version : 0.0
firmware version : 0.0
serial num :
The OpenSC module does show the label:Available slots:
Slot 0 (0x0): Nitrokey Nitrokey HSM (010000000000000000000000) 00 00
token label : hsm3 (UserPIN)
token manufacturer : www.CardContact.de
token model : PKCS#15 emulated
token flags : rng, login required, PIN initialized, token initialized
hardware version : 24.13
firmware version : 2.0
serial num : DENK0100485
Slot 1 (0x4): Nitrokey Nitrokey HSM (010000000000000000000000) 01 00
token label : hsm2 (UserPIN)
token manufacturer : www.CardContact.de
token model : PKCS#15 emulated
token flags : rng, login required, PIN initialized, token initialized
hardware version : 24.13
firmware version : 2.0
serial num : DENK0100436
Slot 2 (0x8): Nitrokey Nitrokey HSM (010000000000000000000000) 02 00
token label : hsm1 (UserPIN)
token manufacturer : www.CardContact.de
token model : PKCS#15 emulated
token flags : rng, login required, PIN initialized, token initialized
hardware version : 24.13
firmware version : 2.0
serial num : DENK0100186
Slot 3 (0xc): Lenovo Integrated Smart Card Reader 03 00
(empty)
This is problematic when using multiple HSM's with mod_nss:certutil -d /etc/nss/db -h all -L
Output:Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPIEnter Password or Pin for "SmartCard-HSM":
Enter Password or Pin for "SmartCard-HSM":
Enter Password or Pin for "SmartCard-HSM":
[...]
SmartCard-HSM:rsa2048 u,u,u
SmartCard-HSM:rsa2048 u,u,u
SmartCard-HSM:rsa2048 u,u,u
SmartCard-HSM:ECprime256v1 u,u,u
SmartCard-HSM:ECprime256v1 u,u,u
SmartCard-HSM:ECprime256v1 u,u,u
SmartCard-HSM:rsa1024 u,u,u
SmartCard-HSM:rsa1024 u,u,u
SmartCard-HSM:rsa1024 u,u,u
modutil -list -dbdir /etc/nss/db/Output:
hsm
library name: /usr/lib/libsc-hsm-pkcs11.so
slots: 4 slots attached
status: loadedslot: Lenovo Integrated Smart Card Reader 03 00
token:slot: Nitrokey Nitrokey HSM (010000000000000000000000) 00 00
token: SmartCard-HSMslot: Nitrokey Nitrokey HSM (010000000000000000000000) 01 00
token: SmartCard-HSMslot: Nitrokey Nitrokey HSM (010000000000000000000000) 02 00
token: SmartCard-HSM
It is impossible to select different HSM's in mod_nss now, thus not allowing for load balancing on the same host.It's set here:
https://github.com/CardContact/sc-hsm-embedded/blob/master/src/pkcs11/token-sc-hsm.c#L1018
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
from sc-hsm-embedded.
RaymiiOrg
commented on August 26, 2024
That would be nice, thank you. Also, enjoy your holiday!
from sc-hsm-embedded.
CardContact
commented on August 26, 2024
Added in b8fce0c
from sc-hsm-embedded.
Related Issues (20)
- Add support for OS X
- Unable to install sc-hsm-driver-x64 in Windows 10 HOT 1
- Porting the smart cards to opensc? HOT 9
- Add write support HOT 2
- Add CSP-Minidriver for Windows HOT 2
- Port sc-hsm-tool from OpenSC
- Provide tray tool implementing RAMoverHTTP
- File sc-hsm-minidriver.vcxproj not found HOT 5
- Import Key from another HSM to SC-HSM (WRAP/UNWRAP)
- Supporting 3DES and DES HOT 1
- Client authentication in Firefox fails for RSA keys with TLS1.3
- sc-hsm-pkcs11-test reports 7 test failures on Nitrokey HSM2 3.4 HOT 1
- Key Usage Limit missing HOT 13
- Microsoft CSP-Minidriver HOT 4
- miniscule issue: missing dependency check for pcsclite
- Path issue with sc-hsm-pkcs11-test in mac package HOT 2
- SC-HSM PKCS11 function C_SignFinal failed: rv = CKR_GENERAL_ERROR (0x5) on OpenSC 0.21 & 0.22 HOT 1
- Library returns supported key size wrong HOT 1
- Not able to get CKA_VALUE with C_GetAttributeValue of a Secret Key HOT 1
- sc-hsm-pkcs11-test: "Find a private key after login" test failure on an empty token HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sc-hsm-embedded.