Closed lindenaar closed 1 year ago
I'm getting similar issues
It was a service down at the backend.
@polhenarejos thanks! it indeed works now again.
However, what is this web service and what does it do? Is there a way to run this yourself?
I also noticed that the --pin parameter is no longer supported when initializing the HSM, am I using the wrong version of the script or is the documentation not up-to-date?
thank you again for your work and support!
regards,
Frederik
Usually SmartCards have a pair of device key and certificate, signed by a PKI owned by the vendor. The private key and the certificate are generated during the manufacturing and are embedded into the ROM of the device to avoid accidental deletions. This private key is used for attestation of all keys generated by the device.
This web service emulates all this process. During the initialization, a private key is generated and store securely in the Pico HSM (the device key). Then, the public key (the public point) is extracted from the device and uploaded to my PKI, which signs the public key and returns a certificate tied to the device public-private keypair.
In the future I am planing to open this process to accept other PKI. However, this is not straightforward as the certificate must be CV compliant (a standard defined by BSI from Germany).
The --pin
parameter is supported, as usual. Try to put --pin
parameter before the initialize
command.
Hi,
I am trying this very interesting project but when trying to initialize a new Pico-HSM and bump into 2 issues:
--pin
option for theinitialise
subcommand ofpython pico-hsm-tool.py
does not seem to work as documented--pin
(or when I put it before theinitialise
keyword) results in an issue:It looks like the initiallization calls an external web service that doesn't function as expected. Any clue what is going wrong and would it be possible to explain this process (i.e. why is it using an external service and for what?) so that the dependency is clear?
any help is appreciated!
Thanks!
Frederik