Nitrokey HSM with GNU/Linux#

  1. Install OpenSC. You need at least version 0.19. You can find recent builds for debian-based systems like Ubuntu here if your system does not have the newest version of OpenSC. Alternatively, install this driver (source).

  2. Define SO-PIN and PIN of your own choices. See these instructions. Afterwards you can begin to generate new keys.

Your Nitrokey is now ready to use.

  • There is nitrotool as a more comfortable frontend to OpenSC. (hsmwiz)

  • Embedded Systems: For systems with minimal memory footprint a read/only PKCS#11 module is provided by the sc-hsm-embedded project.

  • This PKCS#11 module is useful for deployments where key generation at the user’s workplace is not required. The PKCS#11 module also supports major electronic signature cards available in the German market.

  • OpenSCDP: The SmartCard-HSM is fully integrated with OpenSCDP, the open smart card development platform. See the public support scripts for details.