Factory-reset of NItrokey3A

engr · June 6, 2024, 7:42am

Hello All!
I want to destroy keys on nitrokey, I do factory-reset by using following commands:
gpg --card-edit
admin
factory-reset
but it shows error:
sending card command select AID failed: bad secret key

kevin · June 6, 2024, 9:05am

i am not familiar with the gpg functions of the nk3 , but if you use the nitropy cli programm there is an option to reset “all” nitropy nk3 factory-reset . i am not 100% if this function also destroys gpg keys , going by description it should.

nku · June 6, 2024, 10:12am

You can either select a specific app running on the key or do a full reset:

PS C:\windows\system32> & "C:\Program Files\Nitrokey\Nitropy\nitropy.exe" nk3 factory-reset --help
Command line tool to interact with Nitrokey devices 0.4.47
Usage: nitropy.exe nk3 factory-reset [OPTIONS]

  Factory reset all functionality of the device

Options:
  -h, --help  Show this message and exit.
PS C:\windows\system32> & "C:\Program Files\Nitrokey\Nitropy\nitropy.exe" nk3 factory-reset-app --help
Command line tool to interact with Nitrokey devices 0.4.47
Usage: nitropy.exe nk3 factory-reset-app [OPTIONS]
                                         {fido|opcard|secrets|piv|webcrypt}

  Factory reset all functionality of an application

Options:
  -h, --help  Show this message and exit.

It is a recent feature according to the changelog:

v1.7.0 (2024-04-24)

(…)
Support app and device factory reset (#383, #479)

engr · June 10, 2024, 4:55am

Does factory reset destroys all data on device including smartcard data?

engr · June 10, 2024, 5:29am

the firmware version for my device is v1.6.0.
i have tested for v1.5.0 and still it gave the same error.

i have tried factory-reset but it aborted
query

query1

query2

nku · June 10, 2024, 6:04am

You need to upgrade first to the version that actually supports this factory reset.

engr · June 10, 2024, 6:10am

Which version supported factory reset ? I have even upgrade nitropy version i.e. 0.4.47 now, and firmware version of device is now v1.7.1.

nku · June 10, 2024, 7:44am

That version should work. Is the device detected before reset with nk3 list? Do you run in a shell with Administrator privileges?

engr · June 10, 2024, 7:58am

yes, device has been detected and also start a shell with administrative privileges.
I have tried wink command, and device gives response against wink command

nku · June 10, 2024, 8:03am

@sosthene-nitrokey As this feature is quite new, it should work with all Nk3 variants, right?

sosthene-nitrokey · June 10, 2024, 8:09am

Yes, factory-reset is available with all NK3 variants with firmware 1.7.0 or newer.

@engr what are the results of nitropy nk3 status and nitropy nk3 test?

engr · June 10, 2024, 8:15am

why is it so with my device? as all other commands are running perfectly fine except factory-reset

engr · June 11, 2024, 9:28am

@sosthene-nitrokey , @nku
what would be the solution for it? how to reset nitrokey3A devices?
one has firmware version v1.5. while other has v1.7.1

nku · June 11, 2024, 11:18am

Did you touch the device? Did the error occur then in the next step or did it perhaps time out?

kevin · June 11, 2024, 11:24am

i think you might also need to reinsert the key , and then input the nitropy nk3 factory-reset command within 10 seconds of inserting the key , for the command to be successful. This condition is probably put as a secure measure.

sosthene-nitrokey · June 11, 2024, 11:41am

Did you check that despite the failure there is no data remaining on the device?

It could be that the command failed because the devices automatically reboots after a factory-reset.
Normally this is handled properly but there might be some edge-case that we haven’t handled properly.

What data are you trying to erase?

In the worst case, each app has its own factory-reset mechanism that should work.

engr · June 12, 2024, 4:51am

It prompts for touch the device, error displays after touching in the device having firmware v1.7.1.
While in the device having firmware v1.5, it shows critical error without prompt for touching the device.

engr · June 12, 2024, 5:01am

I want to remove any data left on device like certificates or any type of keys.
I want to get a fresh new state of the device.

kevin · June 12, 2024, 1:51pm

you can see with nitropy commands if any secrets or fido2 credentials are stored with “list” command. If you see no credentials then probably the factory reset was successful.

pueblo211 · December 8, 2025, 8:36pm

I’m facing the same issue. nitropy will claim that no device is connected only for factory-reset operations. I documented the issue on GitHub.

github.com/Nitrokey/pynitrokey

Device not found for specific operations

opened 06:05PM - 05 Dec 25 UTC

Gabgobie

The device didn't work with any device other than my iPhone after initializing v…ia NFC so I wanted to reset it and try if it works with everything if I init on PC. When trying to factory-reset the device (NK3A) I get a device not attached error. Other operations run successfully. Tested: - `nitropy nk3 factory-reset` (fails) - `nitropy nk3 factory-reset-app` (lists 5 apps of which only `opcard` supports reset?) - `nitropy nk3 test` (success) - `nitropy nk3 rng` (success) - `nitropy nk3 list` (success) - `nitropy nk3 secrets reset` (success) - `nitropy nk3 list-config-fields` (success - lists 4 fields) - `nitropy nk3 get-config <every field>` (success) - `nitropy nk3 status` (success) - `nitropy nk3 wink` (success) ## Status ``` Command line tool to interact with Nitrokey devices 0.11.2 UUID: REDACTED Firmware version: v1.8.3 Init status: ok Free blocks (int): 51 Free blocks (ext): 470 Variant: LPC55 ``` ## Console: ``` ~> nitropy nk3 factory-reset Command line tool to interact with Nitrokey devices 0.11.2 Please touch the device to confirm the operation Critical error: An unhandled exception occurred Exception encountered: OSError(22, 'Das Gerät ist nicht angeschlossen.', None, 1167) -------------------------------------------------------------------------------- Critical error occurred, exiting now Unexpected? Is this a bug? Would you like to get support/help? - You can report issues at: https://support.nitrokey.com/ - Writing an e-mail to support@nitrokey.com is also possible - Please attach the log: 'C:\Users\user\AppData\Local\Temp\nitropy-REDACTED.log' with any support/help request! -------------------------------------------------------------------------------- ``` ## Log: ``` 557 INFO pynitrokey.cli Timestamp: 2025-12-05 18:35:49.532424 558 INFO pynitrokey.cli OS: uname_result(system='Windows', node='Workstation', release='10', version='10.0.19045', machine='AMD64') 558 INFO pynitrokey.cli Python version: 3.10.11 558 INFO pynitrokey.cli Cli arguments: ['nk3', 'factory-reset'] 559 INFO pynitrokey.cli pynitrokey version: 0.11.2 560 INFO pynitrokey.cli cryptography version: 45.0.5 562 INFO pynitrokey.cli fido2 version: 2.0.0 562 WARNING pynitrokey.cli package nethsm not found 564 INFO pynitrokey.cli nitrokey version: 0.4.0 565 INFO pynitrokey.cli pyusb version: 1.3.1 610 DEBUG fido2.hid.windows Failed reading HID descriptor for b'\\\\?\\hid#REDACTED-UNSURE-IF-SENSITIVE' Traceback (most recent call last): File "fido2\hid\windows.py", line 389, in list_descriptors File "fido2\hid\windows.py", line 284, in get_descriptor OSError: [WinError 1168] Element nicht gefunden. 656 DEBUG root print: Please touch the device to confirm the operation 7084 WARNING pynitrokey.cli An unhandled exception occurred Traceback (most recent call last): File "pynitrokey\cli\__init__.py", line 141, in main File "click\core.py", line 1442, in __call__ File "click\core.py", line 1363, in main File "click\core.py", line 1830, in invoke File "click\core.py", line 1830, in invoke File "click\core.py", line 1226, in invoke File "click\core.py", line 794, in invoke File "click\decorators.py", line 46, in new_func File "pynitrokey\cli\nk3\__init__.py", line 299, in factory_reset File "nitrokey\trussed\admin_app.py", line 360, in factory_reset File "nitrokey\trussed\admin_app.py", line 354, in factory_reset File "nitrokey\trussed\admin_app.py", line 215, in _call File "nitrokey\trussed\_device.py", line 90, in _call_app File "nitrokey\trussed\_device.py", line 76, in _call File "fido2\hid\__init__.py", line 174, in call File "fido2\hid\__init__.py", line 208, in _do_call File "fido2\hid\windows.py", line 229, in read_packet OSError: [WinError 1167] Das Gerät ist nicht angeschlossen. 7088 DEBUG root print: Critical error: 7088 DEBUG root print: An unhandled exception occurred 7092 ERROR root [WinError 1167] Das Gerät ist nicht angeschlossen. Traceback (most recent call last): File "pynitrokey\cli\__init__.py", line 141, in main File "click\core.py", line 1442, in __call__ File "click\core.py", line 1363, in main File "click\core.py", line 1830, in invoke File "click\core.py", line 1830, in invoke File "click\core.py", line 1226, in invoke File "click\core.py", line 794, in invoke File "click\decorators.py", line 46, in new_func File "pynitrokey\cli\nk3\__init__.py", line 299, in factory_reset File "nitrokey\trussed\admin_app.py", line 360, in factory_reset File "nitrokey\trussed\admin_app.py", line 354, in factory_reset File "nitrokey\trussed\admin_app.py", line 215, in _call File "nitrokey\trussed\_device.py", line 90, in _call_app File "nitrokey\trussed\_device.py", line 76, in _call File "fido2\hid\__init__.py", line 174, in call File "fido2\hid\__init__.py", line 208, in _do_call File "fido2\hid\windows.py", line 229, in read_packet OSError: [WinError 1167] Das Gerät ist nicht angeschlossen. 7098 DEBUG root listing all connected devices: 7100 DEBUG root :: 'Nitrokey FIDO2' keys 7100 DEBUG root :: 'Nitrokey Start' keys: 7268 DEBUG root :: 'NK3' keys 7275 DEBUG root :: 'NKPK' keys 7281 DEBUG root print: -------------------------------------------------------------------------------- 7282 DEBUG root print: Critical error occurred, exiting now 7282 DEBUG root print: Unexpected? Is this a bug? Would you like to get support/help? 7283 DEBUG root print: - You can report issues at: https://support.nitrokey.com/ 7284 DEBUG root print: - Writing an e-mail to support@nitrokey.com is also possible 7285 DEBUG root print: - Please attach the log: 'C:\Users\user\AppData\Local\Temp\nitropy-REDACTED.log' with any support/help request! 7286 DEBUG root print: -------------------------------------------------------------------------------- ``` Edit: The part with it working on iOS but not PC may have been a combination of bad/inconsistent browser UX, OS and website.

Updating the firmware didn’t change anything. The key was already on the latest version (1.8.3) but it should still have refreshed it in case there was a bit flip or something.

I also noticed that the NitroKey App reported the key as not having a PIN, even though I entered a PIN when creating a Key via NFC.

Setting a PIN in the Nitrokey App didn’t fix the factory reset errors but now I know for sure that the reset is unsuccessful since the PIN is not reset.