I created a second encryption key and moved this one onto the device. I think thats the “problem”.
The first encryption key is bound to the primary one. It must also have the same password as the primary one. If you revoked this, the primary one is also revoked.
Why I made a second one? It is also done in the advanced “tutorial” which is linked on nitrokey.com/start.
In my opinion, it makes sense not to have the primary private key on the token. You probably always carry the token around with you, the chance to lose it is high and even if it is protected on the token, with the thought of no longer owning the primary key alone, nobody can sleep peacefully anymore… 