Can't unlock password safe

Firmware version: 0.46
Nitrokey-app version: 0.6.3
OS: Debian 9

This is my Nitrokey horror story:

I reset card, change firmware, admin and user pass.

Enter user password into ‘OTP and Password Safe’, comes back with ‘Can’t unlock password safe.’

Selecting ‘Unlock Password Safe’ gives the exact same error message ‘Can’t unlock password safe.’

With both of these the User PIN counter does not lower. :confused: Even though it should! Right?

Encrypted volume however COULD open with user password. (wtf???)

Would love to upgrade firmware but authors only made easy software for Windows/Mac. :frowning:

Hi @seniorloco !

The issue comes from the lack of the AES data object, which is created on the smart card during the device’s initialization, and removed during the factory reset done via GnuPG (or other smart card / CCID application).
Sorry the message is not informative. Please do not use Encrypted Volume in this state (before fixing).

To fix it, namely to generate the AES object, please select Destroy encrypted data from Configure menu.
You can use newer Nitrokey App by downloading and executing AppImage from the releases page. Newer versions should be more communicative.

Regarding the Update Tool, it is planned to release it as an AppImage as well later this year. It was really needed for these OSes, since on Windows it was additionally required to install 3rd party drivers, and on macOS programmer installation could take 1-2 hours due to development environment update. On Linux though it is straightforward (surely in comparison to the former two) and limits to installation of the programmer application and using it from the terminal, hence the target platforms choice.

Let me know, if I could further help you.

Thank you that seemed to resolve the issue. :+1:

Note: Wiping the encrypted volume leaves it as just a blank block object, you will need to mount it, create a partition table and then a file system (gparted) and then change the permissions to your username. All stuff a capable Linux user should be familiar with. :slight_smile:


Indeed, this comes with a price of getting the fresh partition table each time. The best part is, that the previous data could never be recovered and no shredding is required.