I am not asked for a PIN. Only to touch. Do I have to add the PINs manually in the Nitrokey app beforehand?
So the docs are confusing for a newbie. What is the correct procedure now? Which steps to take first? Is nitropy even necessary? Or are the docs out of date?
Incidentally, the option “Show protected password” in the Nitrokey App 2 does nothing (no check mark) after manually adding an account as a test.
And it looks like it’s not possible to change Passwords PIN with Nitrokey App after I added one.
What happens if Passwords or FIDO2 PIN is entered incorrectly 8 times?
Although it absurdly says “” in Passwords PIN.
If I had known that this FIDO2 stuff was more complicated than I thought, I probably would have stayed with Keepass with annoying passwords.
Nitropy (or pynitrokey when you install it), is a cli for your nitrokey. Meaning it’s purely a terminal tool.
Nitrokey app or app 2 are gui programs for the keys. Installing one does not mean you’ve installed the other.
As for the docks being outdated, they could be better. I won’t argue with you there.
Just remember, the flatpak version you install through flathub is a few versions behind the one on the github. That might be why the password thing isn’t working.
As for using the key instead of keepass, I don’t know about all that. I use both.
Thanks. I’ve tried to install nitropy without success. Already expected it.
pip failed to build package:
pyscard
Some possibly relevant errors from pip install:
error: subprocess-exited-with-error
Package libpcsclite was not found in the pkg-config search path.
Package 'libpcsclite', required by 'virtual:world', not found
src/smartcard/scard/helpers.c:28:10: fatal error: winscard.h: Datei oder Verzeichnis nicht gefunden
error: command '/usr/bin/x86_64-linux-gnu-gcc' failed with exit code 1
ERROR: ERROR: Failed to build installable wheels for some pyproject.toml based projects (pyscard)
Error installing pynitrokey.
That’s not at all surprising. I had the same exact problem recently. Something in what is and isn’t installed by default must have changed, both in Fedora and Debian.
Luckily, you won’t have to spend 2 weeks figuring out what the problem is (ugh).
You need to install swig and libpcslite-dev before you can get pyscard working. It’s the part that lets python talk to smart cards. For whatever reason, it’s dependencies aren’t installed by default anymore.
I’ve asked them to update the docs with this issue. They said it was in the to-do list.
This is why I tell people not to get NitroKey if they are “new” to FIDO and Security Keys. And I like NitroKey. However, I am a realist too. It is NOT a “new person friendly” tool. It just isn’t.
I agree with you. The usage of FIDO2 is not easy and not so well documented. You have to do lots of web search for yourself to get an idea how to handle it.
I still did not use the key for any of my purposes I thought I could.
E.g. Bank Account login, Web-Shop Login, Email Login. It’s for now only a fun tool which is not the intend I bought it. Anyway I try to improve my skills.
The libs you also need to install for a rpm based system I posted in this link .
The GUI tool is for now not really usefull for me too and the command line tool offers much more options.
So well I hope the documentation of this - indeed nice product - will be better soon.
I’ve started using it more for account verification, but with issues like this one where you might HAVE to reset it to fix an issue, it can’t be your only way into important accounts.
Backup codes or a Yubikey you keep locked somewhere are still necessary atm. I look forward to that not being the case, but we aren’t there yet.
Maybe if you had multiple Nitrokeys and only updated one at a time, so you know that at least one works? Then it might be feasible to phase out yubikeys completely, which is what I’d ultimately like to do.
Even then, I’m just using it for U2F. I don’t think I have a single service that supports FIDO2 yet.
