PrivateKey and PublicKey objects missing sign/verify with NetHSM PKCS#11 backend

[ivaylo-yordanov]

When using python-pkcs11 with a NetHSM PKCS#11 backend, PrivateKey and PublicKey objects retrieved via session.get_key() do not expose sign or verify at runtime, despite SignMixin and VerifyMixin existing in the type hierarchy.

Steps to Reproduce

import pkcs11

lib = pkcs11.lib("/path/to/nethsm-pkcs11.so")
token = lib.get_token(token_label="mytoken")

with token.open(user_pin="mypin") as session:
    private_key = session.get_key(object_class=pkcs11.ObjectClass.PRIVATE_KEY, label="mykey")
    private_key.sign(b"hello", mechanism=pkcs11.Mechanism.SHA256_RSA_PKCS_PSS)

Expected Behavior

PrivateKey objects returned by session.get_key() should support .sign() and PublicKey objects should support .verify(), consistent with how other backends (e.g. SoftHSM2) behave.

Actual Behavior

private_key.sign(digest, mechanism=mechanism, mechanism_param=mechanism_param)
^^^^^^^^^^^^^^^^
AttributeError: 'PrivateKey' object has no attribute 'sign'

public_key.verify(digest, signature, mechanism=mechanism, mechanism_param=mechanism_param)
^^^^^^^^^^^^^^^^^
AttributeError: 'PublicKey' object has no attribute 'verify'

Environment

• python-pkcs11: v0.9.4
• OS: Windows 11
• PKCS#11 backend: NetHSM v2.1.0 x86_64

[MatthiasValvekens]

While it's possible that this is due to a bug in this library, I doubt it.

Please verify whether the private/public halves of your key have the SIGN/VERIFY attributes, respectively. I suspect that your key was generated with a profile that limits it to encryption/decryption operations only.

It's considered good key hygiene to generate keys for a specific purpose. I can't speak for how NetHSM works as a product, but some HSM vendors are quite opinionated about this and might not allow you to generate an RSA key that can do both signing and decryption (or at least prevent you from accidentally doing so).

[ivaylo-yordanov]

I tested and signing works with both pkcs11-tool and the NetHSM REST API. I also tried to import a key and to generate a key using NetHSM REST API and there is no difference in the key attributes.

Here is how I sign using pkcs11-tool:

pkcs11-tool --module "nethsm-pkcs11-v2.1.0-x86_64-windows.dll" --login --pin "mypin"--label "RSA_4096" --sign --mechanism SHA512-RSA-PKCS-PSS --input-file input.bin --output-file signature.bin

Here is how I generate a key:

curl -k -X POST "https://localhost:8443/api/v1/keys/generate" \
    -u "admin:adminpassword" -H "Content-Type: application/json" \
    -d "{\"mechanisms\": [\"RSA_Signature_PSS_SHA256\", \"RSA_Signature_PSS_SHA384\", \"RSA_Signature_PSS_SHA512\"], \"type\": \"RSA\", \"length\": 4096, \"id\": \"RSA_4096\"}"

This is what I get from pkcs11-tool --module "nethsm-pkcs11-v2.1.0-x86_64-windows.dll" --list-objects

Public Key Object; RSA  4096 bits
  Modulus:    ...
  Public exp: 65537 (0x010001)
  label:      RSA_4096
  ID:         52:53:41:5f:34:30:39:36
  Usage:      none
  Access:     none
  uri:        pkcs11:model=NetHSM;manufacturer=Nitrokey%20GmbH;serial=0000000000;token=My%20token%201;id=%52%53%41%5f%34%30%39%36;object=RSA_4096;type=public
Private Key Object; RSA  4096 bits
  Modulus:    ...
  Public exp: 65537 (0x010001)
  label:      RSA_4096
  ID:         52:53:41:5f:34:30:39:36
  Usage:      decrypt, sign
  Access:     sensitive, always sensitive, never extractable
  Allowed mechanisms: RSA-PKCS-PSS,RSA-PKCS-PSS,RSA-PKCS-PSS
  uri:        pkcs11:model=NetHSM;manufacturer=Nitrokey%20GmbH;serial=0000000000;token=My%20token%201;id=%52%53%41%5f%34%30%39%36;object=RSA_4096;type=private

[MatthiasValvekens]

Hmm, that's interesting. I'll need to find time to troubleshoot this with a demo NetHSM instance, then.