Can not upgrade firmware - missing libcrypto

I just tried to update the firmware from my nitrokey 3 C

nitropy nk3 update --version v1.5.0-test.20231030

and get

Command line tool to interact with Nitrokey devices 0.4.36
Critical error:
An unhandled exception occurred
	Exception encountered: LibraryNotFoundError('Error detecting the version of libcrypto')

--------------------------------------------------------------------------------
Critical error occurred, exiting now
Unexpected? Is this a bug? Would you like to get support/help?
- You can report issues at: https://support.nitrokey.com/
- Writing an e-mail to support@nitrokey.com is also possible
- Please attach the log: '/tmp/user/2000/nitropy.log.djs_vp00' with any support/help request!
- Please check if you have udev rules installed: https://docs.nitrokey.com/nitrokey3/linux/firmware-update.html#troubleshooting

I have debian 12. Which package is missing?

$ dpkg -l|grep libcrypto
ii  libcrypto++-dev:amd64                         8.7.0+git220824-1                   amd64        General purpose cryptographic library - C++ development
ii  libcrypto++8:amd64                            8.7.0+git220824-1                   amd64        General purpose cryptographic library - shared library

libssl-dev

Das ist es leider nicht.
Denn die habe ich installiert.

$ dpkg -l|grep libssl
ii  libssl-dev:amd64                              3.0.11-1~deb12u2                    amd64        Secure Sockets Layer toolkit - development files
ii  libssl3:amd64                                 3.0.11-1~deb12u2                    amd64        Secure Sockets Layer toolkit - shared libraries

nitropy.log.zip (2.3 KB)

This is a bummer. Seems like nitrokey is not supporting python 3.11 that is shipped with Debian 12 Bookworm.

I could recreate the issue and found a fix by using Nix packages. Using a VM for firmware update is not recommended! I have done it many times but this might break anytime.

vagrant box add debian/bookworm64 --provider virtualbox
cat > Vagrantfile <<"eof"
Vagrant.configure("2") do |config|
  config.vm.box = "debian/bookworm64"
  config.vm.provider "virtualbox" do |vb|
    # We need more compile power
    vb.cpus = 16
    vb.memory = "16384"
    # Nitrokey 3 (20a0:42b2)
    vb.customize ["usbfilter", "add", "0", "--target", :id, "--name", "Nitrokey 3", "--vendorid", "20a0", "--productid", "42b2"]
    # Nitrokey 3 Bootloader (20a0:42e8)
    vb.customize ["usbfilter", "add", "1", "--target", :id, "--name", "Nitrokey 3 Bootloader", "--vendorid", "20a0", "--productid", "42e8"]
    # NXP Composite Device (20a0:42dd)
    vb.customize ["usbfilter", "add", "2", "--target", :id, "--name", "NXP Composite Device", "--vendorid", "20a0", "--productid", "42dd"]
    # Enable USB 3
    vb.customize ["modifyvm", :id, "--usbxhci", "on"]
  end
  config.vm.provision "shell", inline: <<-SHELL
    sudo apt update
    sudo apt upgrade -y
  SHELL
end
eof
vagrant up
vagrant ssh
############################################################################################################
# Now on Debian 12 Bookworm
sudo install -d -m755 -o $(id -u) -g $(id -g) /nix
sudo apt install -y curl
curl -L https://nixos.org/nix/install | sh
. /home/vagrant/.nix-profile/etc/profile.d/nix.sh
export NIXPKGS_ALLOW_UNFREE=1
nix-shell -p pynitrokey
sudo /nix/store/vqsk5296ivzynfp315iq8bsirg6l6g25-pynitrokey-0.4.40/bin/nitropy nk3 update
############################################################################################################

I don’t think you’re missing anything. There’s a known bug involving one of the libraries. See if these instructions help you: pynitrokey is not working with openssl 3.0.10: Error detecting the version of libcrypto · Issue #431 · Nitrokey/pynitrokey · GitHub

i had to create a new python3 venv, install nitropy and oscrypt in it, change the regex in there and then i could update the firmware.

mkdir venvs/pynitrokey -p
python3 -m venv venvs/pynitrokey/
./venvs/pynitrokey/bin/python ./venvs/pynitrokey/bin/pip install pynitrokey
. venvs/pynitrokey/bin/activate
cd venvs/pynitrokey/
find -name _libcrypto_cffi.py
vi ./lib/python3.11/site-packages/oscrypto/_openssl/_libcrypto_cffi.py
./bin/nitropy nk3 update --version v1.5.0-test.20231030

Perhaps the script will help.
It works for me.

#!/bin/bash
#
# Script for "Linux Mint 21.2 Cinnamon" created!
# 



#NitropyVersion="v0.4.43" # Enter current version number
Terminal="gnome-terminal" # adapt if necessary
applications_path="$HOME/.local/share/applications" # adapt if necessary



rm -rf $HOME/.NITROKEY
rm -rf $HOME/.local/share/applications/nitropy.desktop
#sudo rm -rf /bin/nitropy
sudo rm -rf /etc/udev/rules.d/41-nitrokey.rules


mkdir -p $HOME/.NITROKEY/install
cd $HOME/.NITROKEY/install

#wget https://github.com/Nitrokey/pynitrokey/releases/download/$NitropyVersion/nitropy-$NitropyVersion-x64-linux-binary.tar.gz
#tar -xvzf nitropy-$NitropyVersion-x64-linux-binary.tar.gz
#chmod +x nitropy-$NitropyVersion-x64-linux-binary
#sudo cp nitropy-$NitropyVersion-x64-linux-binary /bin/nitropy

wget https://raw.githubusercontent.com/Nitrokey/libnitrokey/master/data/41-nitrokey.rules
sudo mv 41-nitrokey.rules /etc/udev/rules.d/
sudo udevadm control --reload-rules && sudo udevadm trigger


#virtualenv

cd $HOME/.NITROKEY
wget -O 'NITROKEY_LOGO_152x152.png' 'https://www.nitrokey.com/touch-icon-ipad-retina.png'

sudo apt update
sudo apt install python3-venv -y

mkdir -p $HOME/.NITROKEY/venv_nitropy

python3 -m venv $HOME/.NITROKEY/venv_nitropy

$HOME/.NITROKEY/venv_nitropy/bin/python $HOME/.NITROKEY/venv_nitropy/bin/pip install pynitrokey

mkdir -p $HOME/.local/share/applications

echo "[Desktop Entry]
Name=Nitrokey Command-line
Comment=Nitrokey 3
Exec=$Terminal --window --geometry=110x30 -- bash -c 'python3 -m venv --upgrade $HOME/.NITROKEY/venv_nitropy; source $HOME/.NITROKEY/venv_nitropy/bin/activate; nitropy --help ; nitropy list; exec bash'
Icon=$HOME/.NITROKEY/NITROKEY_LOGO_152x152.png
Type=Application
Terminal=true" > $applications_path/nitropy.desktop

chmod +x $applications_path/nitropy.desktop