Dear EE,
Today the new Nitrokey Pro 2 got delivered and I’m really excited to get this little fellow up and running.
My primary goal is to use the Nitrokey in conjunction with OpenVPN, but I would also like to use GnuPG features.
So at first I set the admin PIN and the user PIN using gpg2 --card-edit > admin > passwd in the process I set as well user, lang, and sex with the intention this might hopefully be enough to consider it a GnuPG initialization. Everything worked like a charm, so I did a reset just to make sure I got a way out, which worked as well. I performed the same sequence again and went on to initialize the pkcs15 structure which didn’t worked as expected and what made me come to this place.
packages:
ccid-1.4.30
gnupg-2.2.12
opensc-0.19.0
pcsc-lite-1.8.23,2
pcsc-tools-1.5.3
pkcs11-helper-1.25.1_1
So just for clarification:
All commands are performed as root, to avoid any permission issues.
$ opensc-tool -l
Detected readers (pcsc)
Nr. Card Features Name
0 No Alcor Micro AU9560 00 00
1 Yes Nitrokey Nitrokey Pro (XXX) XX XX
$ pkcs15-tool --list-info
Using reader with a card: Nitrokey Nitrokey Pro (XXX) XX XX
PKCS#15 Card [OpenPGP card]:
Version : 0
Serial number : XXX
Manufacturer ID: ZeitControl
Language : en
Flags : PRN generation, EID compliant
$ pkcs15-init -E
Using reader with a card: Nitrokey Nitrokey Pro (XXX) XX XX
Failed to erase card: Not supported
$ pkcs15-init --create-pkcs15
Using reader with a card: Nitrokey Nitrokey Pro (XXX) XX XX
New Security Officer PIN (Optional - press return for no PIN).
Please enter Security Officer PIN:
Please type again to verify:
Unblock Code for New User PIN (Optional - press return for no PIN).
Please enter User unblocking PIN (PUK):
Please type again to verify:
Failed to create PKCS #15 meta structure: Not supported
What happened in the background:
read(0,“12345678\n”,4096) = 9 (0x9)
ioctl(1,TIOCSETAF,0x7fffffffe180) = 0 (0x0)
write(1,"\n",1) = 1 (0x1)
write(1,“Please type again to verify: “,29) = 29 (0x1d)
ioctl(1,TIOCGETA,0x7fffffffe180) = 0 (0x0)
ioctl(1,TIOCSETAF,0x7fffffffe150) = 0 (0x0)
read(0,“12345678\n”,4096) = 9 (0x9)
ioctl(1,TIOCSETAF,0x7fffffffe180) = 0 (0x0)
write(1,”\n”,1) = 1 (0x1)
write(1,“Unblock Code for New User PIN (O”…,68) = 68 (0x44)
write(1,“Please enter User unblocking PIN”…,40) = 40 (0x28)
ioctl(1,TIOCGETA,0x7fffffffe180) = 0 (0x0)
ioctl(1,TIOCSETAF,0x7fffffffe150) = 0 (0x0)
read(0,“87654321\n”,4096) = 9 (0x9)
ioctl(1,TIOCSETAF,0x7fffffffe180) = 0 (0x0)
write(1,"\n",1) = 1 (0x1)
write(1,“Please type again to verify: “,29) = 29 (0x1d)
ioctl(1,TIOCGETA,0x7fffffffe180) = 0 (0x0)
ioctl(1,TIOCSETAF,0x7fffffffe150) = 0 (0x0)
read(0,“87654321\n”,4096) = 9 (0x9)
ioctl(1,TIOCSETAF,0x7fffffffe180) = 0 (0x0)
write(1,”\n”,1) = 1 (0x1)
select(4,0x0,{ 3 },0x0,0x0) = 1 (0x1)
sendto(3,"\b\0\0\0\a\0\0\0",8,MSG_NOSIGNAL,NULL,0) = 8 (0x8)
select(4,0x0,{ 3 },0x0,0x0) = 1 (0x1)
sendto(3,“g\M-I\0002\0\0\0\0”,8,MSG_NOSIGNAL,NULL,0) = 8 (0x8)
select(4,{ 3 },0x0,0x0,0x0) = 1 (0x1)
read(3,“g\M-I\0002\0\0\0\0”,8) = 8 (0x8)
select(4,0x0,{ 3 },0x0,0x0) = 1 (0x1)
sendto(3,"\f\0\0\0\b\0\0\0",8,MSG_NOSIGNAL,NULL,0) = 8 (0x8)
select(4,0x0,{ 3 },0x0,0x0) = 1 (0x1)
sendto(3,“g\M-I\0002\0\0\0\0\0\0\0\0”,12,MSG_NOSIGNAL,NULL,0) = 12 (0xc)
select(4,{ 3 },0x0,0x0,0x0) = 1 (0x1)
read(3,“g\M-I\0002\0\0\0\0\0\0\0\0”,12) = 12 (0xc)
nanosleep({ 0.008487000 }) = 0 (0x0)
write(2,“Failed to create PKCS #15 meta s”…,56) = 56 (0x38)
select(4,0x0,{ 3 },0x0,0x0) = 1 (0x1)
sendto(3,"\f\0\0\0^F\0\0\0",8,MSG_NOSIGNAL,NULL,0) = 8 (0x8)
select(4,0x0,{ 3 },0x0,0x0) = 1 (0x1)
sendto(3,“g\M-I\0002\0\0\0\0\0\0\0\0”,12,MSG_NOSIGNAL,NULL,0) = 12 (0xc)
select(4,{ 3 },0x0,0x0,0x0) = 1 (0x1)
read(3,“g\M-I\0002\0\0\0\0\0\0\0\0”,12) = 12 (0xc)
select(4,0x0,{ 3 },0x0,0x0) = 1 (0x1)
sendto(3,"\b\0\0\0^B\0\0\0",8,MSG_NOSIGNAL,NULL,0) = 8 (0x8)
select(4,0x0,{ 3 },0x0,0x0) = 1 (0x1)
sendto(3,"\M^[\M-utV\0\0\0\0",8,MSG_NOSIGNAL,NULL,0) = 8 (0x8)
select(4,{ 3 },0x0,0x0,0x0) = 1 (0x1)
read(3,"\M^[\M-utV\0\0\0\0",8) = 8 (0x8)
close(3) = 0 (0x0)
munmap(0x803200000,2142208) = 0 (0x0)
munmap(0x80340b000,2121728) = 0 (0x0)
<thread 100227 exited>
exit(0x1)
process exit, rval = 1
Any suggestions?