Cannot make unencrypted partition READ/WRITE


#1

Hello,
I’m trying to make the unencrypted partition read/write (to make it bootable linux with CA capabilities) and it doesn’t allow me to saying “Wrong PIN”. I’m quite sure the PIN is correct as I use it for unlocking and locking the encypted volume.
Can you help please?
thanks, Kuba


#2

Stick: Nitrokey storage 16GB
OS: Ubuntu 18.04
App version: 1.2.1
Firmware version: 0.53


#3

Hi,

the PIN you need to set read-write or read-only is the Admin PIN which is supposed to be different than the one used for unlocking the encrypted volume (=User PIN). So you probably used the wrong PIN, I guess?

Kind regards
Alex


#4

Hello Alex,
the application asks for User PIN. I’ve tried admin pin and it doesn’t work either.
What is weird, that although application says “Wrong PIN”, the retry counter on the PIN doesn’t change.
Attaching logs from nitrokey-app:

Clicked on Unlock

[Mon Dec  3 12:12:38 2018][DEBUG]	-------------------
[Mon Dec  3 12:12:38 2018][DEBUG]	Outgoing HID packet:
[Mon Dec  3 12:12:38 2018][DEBUG]	Contents:
Command ID:	GET_DEVICE_STATUS
CRC:	849bc4ef
Payload:
Empty Payload.
[Mon Dec  3 12:12:38 2018][DEBUG_L1]	=> GET_DEVICE_STATUS
...
[Mon Dec  3 12:12:38 2018][DEBUG_L1]	<= GET_DEVICE_STATUS 0 1
[Mon Dec  3 12:12:38 2018][DEBUG]	Incoming HID packet:
[Mon Dec  3 12:12:38 2018][DEBUG]	Device status:	0 OK
Command ID:	GET_DEVICE_STATUS hex: 2e
Last command CRC:	849bc4ef
Last command status:	0 STICK10::COMMAND_STATUS::OK
CRC:	6dee3393
Storage stick status (where applicable):
 pod.storage_status.command_counter: 	18
 pod.storage_status.command_id: 	2e
 pod.storage_status.device_status: 	01
 pod.storage_status.progress_bar_value: 	00
Payload:
 transmission_data.dissect():	_padding:
0000	00 00 00 00 00 00 00 00 00 00 00 00 00 18 2e 01   ................
0010	00 00 -- -- -- -- -- -- -- -- -- -- -- -- -- --   ..
 (int) SendCounter_u8:	0
 (int) SendDataType_u8:	3
 (int) FollowBytesFlag_u8:	0
 (int) SendSize_u8:	28

 MagicNumber_StickConfig_u16:	13080
 (int) ReadWriteFlagUncryptedVolume_u8:	1
 (int) ReadWriteFlagCryptedVolume_u8:	0
 (int) ReadWriteFlagHiddenVolume_u8:	0
 (int) VersionInfo_au8[1]:	53
 (int) VersionInfo_au8[3]:	0
 (int) FirmwareLocked_u8:	0
 (int) NewSDCardFound_u8:	1
 (int) NewSDCardFound_st.NewCard:	1
 (int) NewSDCardFound_st.Counter:	0
 (int) SDFillWithRandomChars_u8:	1
 ActiveSD_CardID_u32:	611953187
 (int) VolumeActiceFlag_u8:	1
 (int) VolumeActiceFlag_st.unencrypted:	1
 (int) VolumeActiceFlag_st.encrypted:	0
 (int) VolumeActiceFlag_st.hidden:	0
 (int) NewSmartCardFound_u8:	0
 (int) UserPwRetryCount:	3
 (int) AdminPwRetryCount:	3
 ActiveSmartCardID_u32:	327680
 (int) StickKeysNotInitiated:	0

[Mon Dec  3 12:12:38 2018][DEBUG]	-------------------
[Mon Dec  3 12:12:38 2018][DEBUG]	Outgoing HID packet:
[Mon Dec  3 12:12:38 2018][DEBUG]	Contents:
Command ID:	GET_PASSWORD_RETRY_COUNT
CRC:	bc3ac292
Payload:
Empty Payload.
[Mon Dec  3 12:12:38 2018][DEBUG_L1]	=> GET_PASSWORD_RETRY_COUNT
[Mon Dec  3 12:12:38 2018][DEBUG_L1]	<= GET_PASSWORD_RETRY_COUNT 0 0
[Mon Dec  3 12:12:38 2018][DEBUG]	Incoming HID packet:
[Mon Dec  3 12:12:38 2018][DEBUG]	Device status:	0 OK
Command ID:	GET_PASSWORD_RETRY_COUNT hex: 9
Last command CRC:	bc3ac292
Last command status:	0 STICK10::COMMAND_STATUS::OK
CRC:	4c192358
Payload:
 password_retry_count	3

[Mon Dec  3 12:12:38 2018][DEBUG]	-------------------
[Mon Dec  3 12:12:38 2018][DEBUG]	Outgoing HID packet:
[Mon Dec  3 12:12:38 2018][DEBUG]	Contents:
Command ID:	GET_DEVICE_STATUS
CRC:	849bc4ef
Payload:
Empty Payload.
[Mon Dec  3 12:12:38 2018][DEBUG_L1]	=> GET_DEVICE_STATUS
..
[Mon Dec  3 12:12:38 2018][DEBUG_L1]	<= GET_DEVICE_STATUS 0 1
[Mon Dec  3 12:12:38 2018][DEBUG]	Incoming HID packet:
[Mon Dec  3 12:12:38 2018][DEBUG]	Device status:	0 OK
Command ID:	GET_DEVICE_STATUS hex: 2e
Last command CRC:	849bc4ef
Last command status:	0 STICK10::COMMAND_STATUS::OK
CRC:	3b793376
Storage stick status (where applicable):
 pod.storage_status.command_counter: 	19
 pod.storage_status.command_id: 	2e
 pod.storage_status.device_status: 	01
 pod.storage_status.progress_bar_value: 	00
Payload:
 transmission_data.dissect():	_padding:
0000	00 00 00 00 00 00 00 00 00 00 00 00 00 19 2e 01   ................
0010	00 00 -- -- -- -- -- -- -- -- -- -- -- -- -- --   ..
 (int) SendCounter_u8:	0
 (int) SendDataType_u8:	3
 (int) FollowBytesFlag_u8:	0
 (int) SendSize_u8:	28

 MagicNumber_StickConfig_u16:	13080
 (int) ReadWriteFlagUncryptedVolume_u8:	1
 (int) ReadWriteFlagCryptedVolume_u8:	0
 (int) ReadWriteFlagHiddenVolume_u8:	0
 (int) VersionInfo_au8[1]:	53
 (int) VersionInfo_au8[3]:	0
 (int) FirmwareLocked_u8:	0
 (int) NewSDCardFound_u8:	1
 (int) NewSDCardFound_st.NewCard:	1
 (int) NewSDCardFound_st.Counter:	0
 (int) SDFillWithRandomChars_u8:	1
 ActiveSD_CardID_u32:	611953187
 (int) VolumeActiceFlag_u8:	1
 (int) VolumeActiceFlag_st.unencrypted:	1
 (int) VolumeActiceFlag_st.encrypted:	0
 (int) VolumeActiceFlag_st.hidden:	0
 (int) NewSmartCardFound_u8:	0
 (int) UserPwRetryCount:	3
 (int) AdminPwRetryCount:	3
 ActiveSmartCardID_u32:	327680
 (int) StickKeysNotInitiated:	0

[Mon Dec  3 12:12:38 2018][DEBUG]	-------------------
[Mon Dec  3 12:12:38 2018][DEBUG]	Outgoing HID packet:
[Mon Dec  3 12:12:38 2018][DEBUG]	Contents:
Command ID:	GET_USER_PASSWORD_RETRY_COUNT
CRC:	5e595f6e
Payload:
Empty Payload.
[Mon Dec  3 12:12:38 2018][DEBUG_L1]	=> GET_USER_PASSWORD_RETRY_COUNT
[Mon Dec  3 12:12:38 2018][DEBUG_L1]	<= GET_USER_PASSWORD_RETRY_COUNT 0 0
[Mon Dec  3 12:12:38 2018][DEBUG]	Incoming HID packet:
[Mon Dec  3 12:12:38 2018][DEBUG]	Device status:	0 OK
Command ID:	GET_USER_PASSWORD_RETRY_COUNT hex: f
Last command CRC:	5e595f6e
Last command status:	0 STICK10::COMMAND_STATUS::OK
CRC:	db86a895
Payload:
 password_retry_count	3

I get asked for User PIN here, no matter if I enter user or admin pin, the following happens:

[Mon Dec  3 12:12:45 2018][DEBUG]	-------------------
[Mon Dec  3 12:12:45 2018][DEBUG]	Outgoing HID packet:
[Mon Dec  3 12:12:45 2018][DEBUG]	Contents:
Command ID:	ENABLE_READWRITE_UNCRYPTED_LUN
CRC:	90facdfe
Payload:
 kind:	P
 password:	***********

[Mon Dec  3 12:12:45 2018][DEBUG_L1]	=> ENABLE_READWRITE_UNCRYPTED_LUN
.
[Mon Dec  3 12:12:45 2018][DEBUG_L1]	<= ENABLE_READWRITE_UNCRYPTED_LUN 0 3
[Mon Dec  3 12:12:45 2018][DEBUG]	Incoming HID packet:
[Mon Dec  3 12:12:45 2018][DEBUG]	Device status:	0 OK
Command ID:	ENABLE_READWRITE_UNCRYPTED_LUN hex: 2a
Last command CRC:	90facdfe
Last command status:	4 STICK10::COMMAND_STATUS::WRONG_PASSWORD
CRC:	25f8adf7
Storage stick status (where applicable):
 pod.storage_status.command_counter: 	1a
 pod.storage_status.command_id: 	2a
 pod.storage_status.device_status: 	03
 pod.storage_status.progress_bar_value: 	00
Payload:
Empty Payload.
[Mon Dec  3 12:12:45 2018][DEBUG_L1]	Throw: CommandFailedException
[Mon Dec  3 12:12:45 2018][DEBUG]	CommandFailedException, status: 4
[Mon Dec  3 12:12:49 2018][DEBUG]	-------------------
[Mon Dec  3 12:12:49 2018][DEBUG]	Outgoing HID packet:
[Mon Dec  3 12:12:49 2018][DEBUG]	Contents:
Command ID:	GET_STATUS
CRC:	ef6eb7df
Payload:
Empty Payload.
[Mon Dec  3 12:12:49 2018][DEBUG_L1]	=> GET_STATUS
[Mon Dec  3 12:12:50 2018][DEBUG_L1]	<= GET_STATUS 0 0
[Mon Dec  3 12:12:50 2018][DEBUG]	Incoming HID packet:
[Mon Dec  3 12:12:50 2018][DEBUG]	Device status:	0 OK
Command ID:	GET_STATUS hex: 0
Last command CRC:	ef6eb7df
Last command status:	0 STICK10::COMMAND_STATUS::OK
CRC:	6e2098ad
Storage stick status (where applicable):
 pod.storage_status.command_counter: 	00
 pod.storage_status.command_id: 	00
 pod.storage_status.device_status: 	00
 pod.storage_status.progress_bar_value: 	00
Payload:
firmware_version:	[1]	01 00 -- -- -- -- -- -- -- -- -- -- -- -- -- --   ..
card_serial_u32:	0
card_serial:	00 00 00 00 -- -- -- -- -- -- -- -- -- -- -- --   ....
general_config:	ff ff ff ff ff -- -- -- -- -- -- -- -- -- -- --   .....
numlock:	ff
capslock:	ff
scrolllock:	ff
enable_user_password:	1
delete_user_password:	1

thanks,
Kuba


#5

Kuba,
could you try on another machine?
I remember having that issue, which was due to a wrong version of the app…
(actually, at this very moment, my main Linux machine just doesn’t work anymore, I deal with it from other machines…)


#6

Hello,

I couldn’t try it on another machine, but your note on wrong version of the app hinted me to try the latest dev version and it’s working perfectly.

Do you know why there is no support for Ubuntu 18.04 binary? It seems to work perfectly for me, the only thing I had to do besides the standard build instructions was to install qtttools5-dev as per https://stackoverflow.com/questions/51698075/cmake-cannot-find-qt5linguisttools-in-docker-ubuntu-18-04

anyway thank you very much for your hint,
Kuba