Hello,
I have a nitrokey storage which worked like a charm these previous months on both Windows 10 and Linux Manjaro.
Since 2 days, I am unable to mount my encrypted volume both on Windows and Linux, both with nitrokey app 1.2.1 and 1.3.3. The firmware is version 0.50.
I manage to unlock the encrypted volume, but once unlocked, it does not show up, and windows asks to format it.
When I further look at the partition (unlocked) it shows as RAW
I would guess you either have somehow created a new AES key by creating the OTP (don’t know how) or the partitiontable got destroyed (the latter would be better somehow). Did you use the password safe before? Did you may play around with the smartcard’s features or alike (factory-reset, changing DOs)? Did you format the partition on Windows or on Linux? What filesystem type did you use? FAT32/vfat? (I am just poking around a bit).
Thank you for your support.
I am not sure the OTP creation and data diseapearance (temporary?) in the encrypted partition are linked, but there may be a time correlation. The other action being time related was updating the nitrokey application using the AUR package for Archlinux (in fact Manjaro).
Regarding your questions:
Did you use the password safe before?
No
Did you may play around with the smartcard’s features or alike (factory-reset, changing DOs)?
No (I have not even an idea of the above features)
Did you format the partition on Windows or on Linux? What filesystem type did you use? FAT32/vfat? (I am just poking around a bit).
I initially formated the partition on Windows using FAT32.
Don’t hesitate to ask for any additional details.
Have a nice day
did anything else change. So, do you use email encryption and is this still working normal or didn’t you ever used this function? What else did you use or did you always just use the encrypted storage an no other function of the Storage? Hidden volumes? Anything?
The reason I am asking is to figure out whether the AES key got deleted/changed or not. If it is not deleted I personally would try to use a data recovery tool for FAT32. Depending on how important the data stored is for you, you may want to ask a professional for this task or just try tools found on the web. This step is useless if the AES keys changed though.
Hello Alex,
Thank you for the follow-up.
I solely used the encrypted storage function until I tried to use the nitrokey for 2 factor authentification.
I haven’t used any other function (no email encryption, hidden volumes…).
Do you think the AES keys changed when creating the OTP?
Or do you think something corrupted the FAT32 partition and I should try to recover it?
If we go with the partition corruption, do you have any clue if the OTP creation/nitrokey use may have cause it, or if it would have been something else?
to be honest I am just not sure, what happened here. I do not see how one or the other could happen in the first place. It looks more like changed AES key, but I can’t say why this should have happened just by creating a OTP (at least, never seen this before). I am a litte lost here as well…
At least I doubt, that creating a OTP key could corrupt the partition itself.
If I can run any type of diagnostic to provide some light, don’t hesitate to ask, I will be pleased to do it.
Is it a way to know if the AES key has been changed?
So what I would probably do is testing with a kind of non-intrusive recovery tool (in the way, that it does not change things, but only read the disk). If it is just the filesystem which broke you don’t have any other option anyway, I guess.
If it is a changed AES key you probably have no option at all. I am sorry.
Maybe we are lucky and @szszszsz has an idea, but it seems that he isn’t available right now, sorry.
I have a self-made crypto partition (using veracrypt + passphrase + key file on smartcard/nitrokey’s DO1).
I’m comfortable but I’m keeping a non-encrypted copy on a different usb memory (that has been placed into a drawer at home). I’m not James Bond and I can accept a secondary and backup copy.
My suggestion is to keep a copy anyway, but it’s a general suggestion.
My secondary suggestion is to separate keys from the data, if you work at MI6, of course.