"no slot found" when running in LXC with nitrokey HSM2 #13
Description
Any help would be highly appreciated as this is my first time using these HSMs.
i am getting the following log:
Dec 06 22:37:56 ca-master nixpkcs.sh[16939]: [nixpkcs.sh/I] (step-ca) <exec> pkcs11-tool --token-label SmartCard-HSM --id 01 --label step-ca --login --login-type user --pin //REDACTED// --keypairgen --key-type EC:secp256r1 --usage-sign --usage-derive
Dec 06 22:37:56 ca-master nixpkcs.sh[16939]: No slot with token named "SmartCard-HSM" found
this seems to be a problem with the systemd service, it also outputs a different result here:
Dec 06 22:37:56 ca-master nixpkcs.sh[16935]: [nixpkcs.sh/I] (step-ca) <exec> pkcs11-tool --token-label SmartCard-HSM --id 01 --label step-ca --list-slots
Dec 06 22:37:56 ca-master nixpkcs.sh[16935]: Available slots:
Dec 06 22:37:56 ca-master nixpkcs.sh[16935]: Slot 0 (0x1): NSS Internal Cryptographic Services
Dec 06 22:37:56 ca-master nixpkcs.sh[16935]: token label : NSS Generic Crypto Services
Dec 06 22:37:56 ca-master nixpkcs.sh[16935]: token manufacturer : Mozilla Foundation
Dec 06 22:37:56 ca-master nixpkcs.sh[16935]: token model : NSS 3
Dec 06 22:37:56 ca-master nixpkcs.sh[16935]: token flags : rng, token initialized, readonly, other flags=0x200
Dec 06 22:37:56 ca-master nixpkcs.sh[16935]: hardware version : 4.0
Dec 06 22:37:56 ca-master nixpkcs.sh[16935]: firmware version : 0.0
Dec 06 22:37:56 ca-master nixpkcs.sh[16935]: serial num : 0000000000000000
Dec 06 22:37:56 ca-master nixpkcs.sh[16935]: pin min/max : 0/0
Dec 06 22:37:56 ca-master nixpkcs.sh[16935]: uri : pkcs11:model=NSS%203;manufacturer=Mozilla%20Foundation;serial=0000000000000000;token=NSS%20Generic%20Crypto%20Services
Dec 06 22:37:56 ca-master nixpkcs.sh[16935]: Slot 1 (0x2): NSS User Private Key and Certificate Services
Dec 06 22:37:56 ca-master nixpkcs.sh[16935]: token label : NSS Certificate DB
Dec 06 22:37:56 ca-master nixpkcs.sh[16935]: token manufacturer : Mozilla Foundation
Dec 06 22:37:56 ca-master nixpkcs.sh[16935]: token model : NSS 3
Dec 06 22:37:56 ca-master nixpkcs.sh[16935]: token flags : login required, rng, token initialized, PIN initialized, other flags=0x200
Dec 06 22:37:56 ca-master nixpkcs.sh[16935]: hardware version : 0.0
Dec 06 22:37:56 ca-master nixpkcs.sh[16935]: firmware version : 0.0
Dec 06 22:37:56 ca-master nixpkcs.sh[16935]: serial num : 0000000000000000
Dec 06 22:37:56 ca-master nixpkcs.sh[16935]: pin min/max : 0/500
Dec 06 22:37:56 ca-master nixpkcs.sh[16935]: uri : pkcs11:model=NSS%203;manufacturer=Mozilla%20Foundation;serial=0000000000000000;token=NSS%20Certificate%20DB
but if i run it (as root):
root@ca-master ~# pkcs11-tool --token-label SmartCard-HSM --id 01 --label step-ca --list-slots
Available slots:
Slot 0 (0x0): Nitrokey Nitrokey HSM (DENK03012600000 ) 00 00
token label : SmartCard-HSM
token manufacturer : www.CardContact.de
token model : PKCS#15 emulated
token flags : login required, rng, token initialized, PIN initialized
hardware version : 24.13
firmware version : 4.0
serial num : DENK0301260
pin min/max : 6/15
uri : pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0301260;token=SmartCard-HSM
Metadata
Metadata
Assignees
Labels
No labels