Nitrokey HSM and GPG

Martin Konold martin.konold at
Wed Feb 24 22:53:01 CET 2016

Am Mittwoch, 24. Februar 2016, 20:12:13 CET schrieb Andreas Schwier:

Dear Andreas,

> the Nitrokey HSM has an embedded SmartCard-HSM which is only supported
> by gpgsm. Unfortunately you can not use a key on the device as gpg key,
> but only for S/MIME. GPG only supports cards that conform to the OpenPGP
> Card Specification, which the SmartCard-HSM doesn't.

Thanks for enlightening me. 

I assume if I simply want to encrypt / decrypt files gpgsm should be sufficient?!

I read the man page but still fail using the Nitrokey HSM with gpgsm.

Can you provide me a hint how to instruct gpgsm to use a specific SmardCard-HSM 

I successully used openssl with this card but fail with gpgsm sofar using

engine -t dynamic -pre SO_PATH:/usr/lib64/engines/ -pre ID:pkcs11 
-pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/lib64/

req -engine pkcs11 -new -key 0:10 -keyform engine -out cert.pem -text -x509 -
days 3640

Kind Regards
--martin konold

Dipl.-Physiker Martin Konold

e r f r a k o n Partnerschaftsgesellschaft
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
Registergericht: Amtsgericht Stuttgart PR 126
Firmensitz: Adolfstraße 23, 70469 Stuttgart
fon: 0711 67400963
fax: 0711 67400959
email: martin.konold at

More information about the Gnupg-users mailing list