[gnutls-help] Exporting Private Key from a USB Token

Mandar Joshi emailmandar at gmail.com
Wed Feb 8 01:45:08 CET 2017

I am using an ePass2003 USB Token in a network application.

The private key on the token has been generated on the token. This is
because I haven't been able to use --load-privkey to write a PEM for
Key to this token. Does anybody have an idea why this may be? The
error I get is
Error in pkcs11_write:723: The requested PKCS #11 object is not available

The certificate gets written and is exportable as given in the GnuTLS docs.

I would like to able to export the private key in PEM format. But from
what I know, I don't think it's possible if the private key has been
generated on the USB token. Am I correct? The error code I get while
trying to export a private key is -56.

I would appreciate any suggestions on how I can speed up access to the
certificate and private key stored on a USB Token.

Also, are private keys written to USB Tokens not exportable using any
library/toolkit for (eg. openssl, pkccs#11 API etc) or is it just with

I have used various SmartCards using APDUs in PCSC-LIte directly. This
is the first time I am using a higher level API to communicate with a

Mandar Joshi

More information about the Gnutls-help mailing list