Usingstore_foreign_public_key

HSM6
1

Hi,
I am trying to store a public key using the store_foreign_public_key method but I always receives an error message :
(File “/usr/local/lib/python3.5/dist-packages/zymkey/module.py”, line 618, in store_foreign_public_key
raise AssertionError(‘bad return code %d’ % ret)
AssertionError: bad return code -1)

I am trying to store one of the public key of HSM4 in the HSM6
I used secp256r1 as the key type
could you please give an example of how to use this method

2

The easiest way is to save the HSM4 key directly to a binary file, copy that file to the HSM6 and read in the binary file.

HSM4 side:

#!/usr/bin/python3
import zymkey

# Get the public key from slot 0 and save it in a file
pub_key_file = '/tmp/pub_key_slot0'
slot = 0
key = zymkey.client.get_public_key(slot)
with open(pub_key_file, "wb") as f:
    f.write(key)

copy /tmp/pub_key_slot0 over to the HSM6 PI

HSM6 side:

#!/usr/bin/python3
import zymkey

key_file = "/tmp/pub_key_slot0"
key = open(key_file, "rb").read()
# Store the key in the foreign key store
foreign_slot = zymkey.client.store_foreign_public_key('secp256r1', key)
3

First of all thank you for the help
second after applying your recommendations I still receive the same error on the HSM-6
error message :
(File “/usr/local/lib/python3.5/dist-packages/zymkey/module.py”, line 618, in store_foreign_public_key
raise AssertionError(‘bad return code %d’ % ret)
AssertionError: bad return code -1)

4

Subhi,

The example above works for me. Can you update to the latest software and see if that makes a difference? (BTW, I did check the scripts back in July when I posted and it worked.)

To upgrade,

sudo apt-get update
sudo apt-get upgrade -y
sudo pip install --upgrade zku
sudo pip3 install --upgrade zku

Check versions,

$ dpkg -l | grep -i zymkey
ii  libzk                                1.1-19 
ii  libzymkeyssl                         1.0-10
ii  zkapputilslib                        1.1-20 
ii  zkbootrtc                            1.1-14
ii  zkifc                                1.2-29
ii  zkpkcs11                             1.0-2
ii  zksaapps                             1.0-14

and zku
$ pip3 show zku

Name: zku
Version: 1.0.25

Reboot to start fresh.

5

Thank you for your help.
I have run all the command however I still can’t upgrade (libzk, zkapputilslib, zkifc)
ii libzk 1.1-17
ii libzymkeyssl 1.0-10
ii zkapputilslib 1.1-16
ii zkbootrtc 1.1-14
ii zkifc 1.2-26
ii zkpkcs11 1.0-2
ii zksaapps 1.0-14

and when trying to upgrade each one individually it says ( the latest version)

6

Not really sure why you are not getting the latest. Our repos look correct.

You can try a --reinstall of those packages, like:

sudo apt-get install --reinstall zkifc

Else, you might have to go with a fresh install.