SUPPORT
Downloading Drivers
An all-in-one archive (sc-hsm-starterkit) containing the OpenSC PKCS#11, XCA, MicroSD card drivers and our own PKCS#11 Module and CSP Minidriver can be downloaded here. Please see the README.txt included in the archive what you need to install for your specific requirements.
If you are on Linux, then please make sure that the PC/SC Daemon (pcscd) is installed and running. Please also see SmartCard-HSM USB-Token with new USB Product ID, if your SmartCard-HSM USB-Token is not recognized on Linux or MacOS X.
Contact-based or contact-less SmartCard-HSM cards
For SmartCard-HSMs with the card form factor you will need a smart card reader that supports extended length APDU. On Windows you might need to install additional drivers for your specific reader. On Linux and MacOS X, the reader should be support by libccid and provide for extended length APDUs.
USB-Token
The USB-Token combines a CCID card reader with the secure element on which the SmartCard-HSM software runs. On Windows the token should be recognized by plug-and-play. On Linux and MacOS X it might be necessary to add the product ID to the configuration file of libccid.
MicroSD Card
Two versions of the MicroSD card exist, an older variant with certgate written on the card and a newer variant with swissbit printed on the device. The certgate variant was sold until 2016, the swissbit variant is available since 2020. Windows and Linux drivers for the new variant are included in the starterkit. An example project for Android is available at the CDN.
The MicroSD card is a 8GB MMC card with an additional secure element. Access to the secure element is provided by a dedicated file on the MicroSD card which is shared between the flash controller in the card and the driver of the host. The card also supports ASSD, but drivers are only available as part of integration projects.
Getting Started
A general recommendation is to download and install the Smart Card Shell and use the build-in SmartCard-HSM Key Manager to configure a device. The Smart Card Shell is the management tool that is always up-to-date with the latest firmware versions. Use CTRL-M to start the SmartCard-HSM Key Manager.
Another good advice is to start playing with known values for the Inialization Code (SO-PIN). Unless we use a SmartCard-HSM in a production environment, we (and our tools) use 3537363231383830 (or 57621880 in ASCII) as default value. If you've lost the code, then you lost the device, as there is no other way to reset the device to an initial state.
Another good starting point to learn using the SmartCard-HSM is the SmartCard-HSM with XCA tutorial.
The tutorial explains the steps required to set up your own certification authority and to start issuing certificates. Once you have issued your first certificates, you can start using them in a number of applications like Thunderbird, Acrobat Reader or OpenOffice.
Gert van Dijk has written a nice blog Getting started with the SmartCard-HSM.
For importing keys from a PKCS#12 container, Vesselin Kolev wrote a nice howto.
The Nitrokey HSM is actually a SmartCard-HSM and you find a lot of hints and tips in the Nitrokey Support Forum.
The application page also contains some application specific links to SmartCard-HSM related resources on the net.
Firmware Update
Firmware updates for the SmartCard-HSM are available in the PKI-as-a-Service Portal.
If the firmware update fails, then please follow the recovery procedure.
Getting Help
Support for SmartCard-HSM customers is provided through the CardContact Developer Network, the Nitrokey Support Forum and via issue tracking of the OpenSC project.
If things finally don't work, then you should of course not hestitate to contact us to find a solution.