Fedora Core 28: Nitrokeys detected as keyboard?

Hallo,

ich wollte nach langer Zeit mal wieder meine Nitrokeys (HSM, Pro, Storage) verwenden. Mit Fedora Core 26 haben sie funktioniert, mit F27 bin ich mir nicht sicher, mit F28 definitiv nicht mehr.

Beim Einstecken werden sie noch als USB erkannt, aber danach wird es seltsam:

Jun 16 16:27:53 nitrokey-app.desktop[2056]: [Sat Jun 16 16:27:53 2018][DEBUG_L1] Throw: Device not initialized
Jun 16 16:27:54 kernel: usb 1-1: new full-speed USB device number 11 using xhci_hcd
Jun 16 16:27:55 kernel: usb 1-1: New USB device found, idVendor=20a0, idProduct=4108
Jun 16 16:27:55 kernel: usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
Jun 16 16:27:55 kernel: usb 1-1: Product: Nitrokey Pro
Jun 16 16:27:55 kernel: usb 1-1: Manufacturer: Nitrokey
Jun 16 16:27:55 kernel: usb 1-1: SerialNumber: 0000305C0000000000000000
Jun 16 16:27:55 kernel: input: Nitrokey Nitrokey Pro as /devices/pci0000:00/0000:00:14.0/usb1/1-1/1-1:1.0/0003:20A0:4108.0005/input/input23
Jun 16 16:27:55 systemd-udevd[753]: Network interface NamePolicy= disabled on kernel command line, ignoring.
Jun 16 16:27:55 kernel: hid-generic 0003:20A0:4108.0005: input,hidraw0: USB HID v1.10 Keyboard [Nitrokey Nitrokey Pro] on usb-0000:00:14.0-1/input0
Jun 16 16:27:55 mtp-probe[3692]: checking bus 1, device 11: “/sys/devices/pci0000:00/0000:00:14.0/usb1/1-1”
Jun 16 16:27:55 mtp-probe[3692]: bus: 1, device: 11 was not an MTP device
Jun 16 16:27:55 pcscd[1945]: 99999999 ifdhandler.c:150:CreateChannelByNameOrChannel() failed
Jun 16 16:27:55 pcscd[1945]: 00000013 readerfactory.c:1106:RFInitializeReader() Open Port 0x200001 Failed (usb:20a0/4108:libudev:0:/dev/bus/usb/001/011)
Jun 16 16:27:55 pcscd[1945]: 00000005 readerfactory.c:376:RFAddReader() Nitrokey Nitrokey Pro (0000305C0000000000000000) init failed.
Jun 16 16:27:55 /usr/libexec/gdm-x-session[1328]: (II) config/udev: Adding input device Nitrokey Nitrokey Pro (/dev/input/event18)
Jun 16 16:27:55 /usr/libexec/gdm-x-session[1328]: () Nitrokey Nitrokey Pro: Applying InputClass “evdev keyboard catchall”
Jun 16 16:27:55 /usr/libexec/gdm-x-session[1328]: (
) Nitrokey Nitrokey Pro: Applying InputClass “libinput keyboard catchall”
Jun 16 16:27:55 /usr/libexec/gdm-x-session[1328]: () Nitrokey Nitrokey Pro: Applying InputClass “system-keyboard”
Jun 16 16:27:55 /usr/libexec/gdm-x-session[1328]: (II) Using input driver ‘libinput’ for ‘Nitrokey Nitrokey Pro’
Jun 16 16:27:55 upowerd[1625]: unhandled action ‘bind’ on /sys/devices/pci0000:00/0000:00:14.0/usb1/1-1/1-1:1.0/0003:20A0:4108.0005
Jun 16 16:27:55 upowerd[1625]: unhandled action ‘bind’ on /sys/devices/pci0000:00/0000:00:14.0/usb1/1-1/1-1:1.0
Jun 16 16:27:55 upowerd[1625]: unhandled action ‘bind’ on /sys/devices/pci0000:00/0000:00:14.0/usb1/1-1
Jun 16 16:27:55 upowerd[1625]: unhandled action ‘bind’ on /sys/devices/pci0000:00/0000:00:14.0/usb1/1-1/1-1:1.1
Jun 16 16:27:55 /usr/libexec/gdm-x-session[1328]: (II) systemd-logind: got fd for /dev/input/event18 13:82 fd 64 paused 0
Jun 16 16:27:55 /usr/libexec/gdm-x-session[1328]: (
) Nitrokey Nitrokey Pro: always reports core events
Jun 16 16:27:55 /usr/libexec/gdm-x-session[1328]: () Option “Device” “/dev/input/event18”
Jun 16 16:27:55 /usr/libexec/gdm-x-session[1328]: (
) Option “_source” “server/udev”
Jun 16 16:27:55 /usr/libexec/gdm-x-session[1328]: (II) event18 - Nitrokey Nitrokey Pro: is tagged by udev as: Keyboard
Jun 16 16:27:55 /usr/libexec/gdm-x-session[1328]: (II) event18 - Nitrokey Nitrokey Pro: device is a keyboard
Jun 16 16:27:55 /usr/libexec/gdm-x-session[1328]: (II) event18 - Nitrokey Nitrokey Pro: device removed
Jun 16 16:27:55 /usr/libexec/gdm-x-session[1328]: () Option “config_info” “udev:/sys/devices/pci0000:00/0000:00:14.0/usb1/1-1/1-1:1.0/0003:20A0:4108.0005/input/input23/event18”
Jun 16 16:27:55 /usr/libexec/gdm-x-session[1328]: (II) XINPUT: Adding extended input device “Nitrokey Nitrokey Pro” (type: KEYBOARD, id 14)
Jun 16 16:27:55 /usr/libexec/gdm-x-session[1328]: (
) Option “xkb_layout” “de”
Jun 16 16:27:55 /usr/libexec/gdm-x-session[1328]: (II) event18 - Nitrokey Nitrokey Pro: is tagged by udev as: Keyboard
Jun 16 16:27:55 /usr/libexec/gdm-x-session[1328]: (II) event18 - Nitrokey Nitrokey Pro: device is a keyboard
Jun 16 16:27:55 /usr/libexec/gdm-x-session[1328]: (II) config/udev: removing device Nitrokey Nitrokey Pro
Jun 16 16:27:55 /usr/libexec/gdm-x-session[1328]: (**) Option “fd” “64”
Jun 16 16:27:55 /usr/libexec/gdm-x-session[1328]: (II) event18 - Nitrokey Nitrokey Pro: device removed
Jun 16 16:27:55 gnome-shell[1619]: g_array_unref: assertion ‘array’ failed
Jun 16 16:27:55 /usr/libexec/gdm-x-session[1328]: (II) UnloadModule: “libinput”
Jun 16 16:27:55 /usr/libexec/gdm-x-session[1328]: (II) systemd-logind: releasing fd for 13:82
Jun 16 16:27:55 upowerd[1625]: unhandled action ‘unbind’ on /sys/devices/pci0000:00/0000:00:14.0/usb1/1-1/1-1:1.0/0003:20A0:4108.0005
Jun 16 16:27:55 upowerd[1625]: unhandled action ‘unbind’ on /sys/devices/pci0000:00/0000:00:14.0/usb1/1-1/1-1:1.0
Jun 16 16:27:55 upowerd[1625]: unhandled action ‘bind’ on /sys/devices/pci0000:00/0000:00:14.0/usb1/1-1/1-1:1.0

Danach kommt nichts mehr, nitrokey-app kann nichts finden.
Ist es richtig, dass die Nitros als Keyboard erkannt werden sollen? Hat jemand das gleiche Problem mit F28 oder funktioniert es bei jemandem?

Ja, es ist richtig, dass der Nitrokey als Tastatur erkannt werden soll. Vielleicht liegt das Problem darin begrĂŒndet, dass die nötigen UDEV Regeln nicht gesetzt sind. Siehe unsere FAQ. Wird das GerĂ€t erkannt wenn Du die NK App als root (sudo) ausfĂŒhrst?

Das udev-File wurde mit den Paket nitrokey-app unter /lib/udev/rules.d installiert, allerdings unterscheiden sich die Files aus dem Paket und aus der FAQ:

— 41-nitrokey.rules 2018-06-17 09:57:00.252800202 +0200
+++ 41-nitrokey.rules.1 2018-01-18 23:52:26.000000000 +0100
@@ -1,20 +1,20 @@

Nitrokey U2F

-KERNEL==“hidraw*”, SUBSYSTEM==“hidraw”, MODE=“0664”, GROUP=“plugdev”, ATTRS{idVendor}==“2581”, ATTRS{idProduct}==“f1d0”
+KERNEL==“hidraw*”, SUBSYSTEM==“hidraw”, MODE=“0664”, ATTRS{idVendor}==“2581”, ATTRS{idProduct}==“f1d0”

SUBSYSTEM!=“usb”, GOTO=“gnupg_rules_end”
ACTION!=“add”, GOTO=“gnupg_rules_end”

USB SmartCard Readers

Crypto Stick 1.2

-ATTR{idVendor}==“20a0”, ATTR{idProduct}==“4107”, ENV{ID_SMARTCARD_READER}=“1”, ENV{ID_SMARTCARD_READER_DRIVER}=“gnupg”, GROUP+=“plugdev”, TAG+=“uaccess”
+ATTR{idVendor}==“20a0”, ATTR{idProduct}==“4107”, ENV{ID_SMARTCARD_READER}=“1”, ENV{ID_SMARTCARD_READER_DRIVER}=“gnupg”, TAG+=“uaccess”

Nitrokey Pro

-ATTR{idVendor}==“20a0”, ATTR{idProduct}==“4108”, ENV{ID_SMARTCARD_READER}=“1”, ENV{ID_SMARTCARD_READER_DRIVER}=“gnupg”, GROUP+=“plugdev”, TAG+=“uaccess”
+ATTR{idVendor}==“20a0”, ATTR{idProduct}==“4108”, ENV{ID_SMARTCARD_READER}=“1”, ENV{ID_SMARTCARD_READER_DRIVER}=“gnupg”, TAG+=“uaccess”

Nitrokey Storage

-ATTR{idVendor}==“20a0”, ATTR{idProduct}==“4109”, ENV{ID_SMARTCARD_READER}=“1”, ENV{ID_SMARTCARD_READER_DRIVER}=“gnupg”, GROUP+=“plugdev”, TAG+=“uaccess”
+ATTR{idVendor}==“20a0”, ATTR{idProduct}==“4109”, ENV{ID_SMARTCARD_READER}=“1”, ENV{ID_SMARTCARD_READER_DRIVER}=“gnupg”, TAG+=“uaccess”

Nitrokey Start

-ATTR{idVendor}==“20a0”, ATTR{idProduct}==“4211”, ENV{ID_SMARTCARD_READER}=“1”, ENV{ID_SMARTCARD_READER_DRIVER}=“gnupg”, GROUP+=“plugdev”, TAG+=“uaccess”
+ATTR{idVendor}==“20a0”, ATTR{idProduct}==“4211”, ENV{ID_SMARTCARD_READER}=“1”, ENV{ID_SMARTCARD_READER_DRIVER}=“gnupg”, TAG+=“uaccess”

Nitrokey HSM

-ATTR{idVendor}==“20a0”, ATTR{idProduct}==“4230”, ENV{ID_SMARTCARD_READER}=“1”, ENV{ID_SMARTCARD_READER_DRIVER}=“gnupg”, GROUP+=“plugdev”, TAG+=“uaccess”
+ATTR{idVendor}==“20a0”, ATTR{idProduct}==“4230”, ENV{ID_SMARTCARD_READER}=“1”, ENV{ID_SMARTCARD_READER_DRIVER}=“gnupg”, TAG+=“uaccess”

LABEL=“gnupg_rules_end”

Ich bekomme aber mit beiden das gleiche Resultat, Devices werden vom System zwar als USB erkannt, aber das wars dann auch. Die App als root starten hilft nicht:

[root@laptop ~]# nitrokey-app
QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to ‘/tmp/runtime-root’
[Sun Jun 17 10:00:47 2018][DEBUG_L1] Throw: Device not initialized

Die udev-Rules selbst ziehen aber:

UDEV [30241.188074] add /devices/pci0000:00/0000:00:14.0/usb1/1-1 (usb)
ACTION=add
BUSNUM=001
DEVNAME=/dev/bus/usb/001/033
DEVNUM=033
DEVPATH=/devices/pci0000:00/0000:00:14.0/usb1/1-1
DEVTYPE=usb_device
DRIVER=usb
ID_BUS=usb
ID_FOR_SEAT=usb-pci-0000_00_14_0-usb-0_1
ID_MODEL=Nitrokey_Pro
ID_MODEL_ENC=Nitrokey\x20Pro
ID_MODEL_ID=4108
ID_PATH=pci-0000:00:14.0-usb-0:1
ID_PATH_TAG=pci-0000_00_14_0-usb-0_1
ID_REVISION=0100
ID_SERIAL=Nitrokey_Nitrokey_Pro_0000305C0000000000000000
ID_SERIAL_SHORT=0000305C0000000000000000
ID_SMARTCARD_READER=1
ID_SMARTCARD_READER_DRIVER=gnupg
ID_USB_INTERFACES=:030101:0b0000:
ID_VENDOR=Nitrokey
ID_VENDOR_ENC=Nitrokey
ID_VENDOR_FROM_DATABASE=Clay Logic
ID_VENDOR_ID=20a0
MAJOR=189
MINOR=32
PRODUCT=20a0/4108/100
SEQNUM=8091
SUBSYSTEM=usb
SYSTEMD_WANTS=smartcard.target
TAGS=:systemd:seat:uaccess:
TYPE=0/0/0
USEC_INITIALIZED=30241176730

Hi @pieska !

Sorry, perhaps I have missed that. I see you have tried to replace your current udev file with the one from our FAQ. However, have you reloaded the udev service properly (either by the OS restart or udevadm commands)?

Hint regarding formatting - you can use ``` chars to start and end a preformatted block - this would make the pasted diff more readable. See Markdown cheatsheet for details.

Hello,

yes, i reloaded udev.

i think i found the reason nitrokey-ap doesn’t find the device. The app is started at bootup but doesn’t show an applet or icon or whatever. So starting the app again (twice) doesn’t work. I killed the running instance and startet nitrokey-app and i can see commands issued to the device and response from my pro:

[Mon Jun 18 18:51:46 2018][DEBUG]	-------------------
[Mon Jun 18 18:51:46 2018][DEBUG]	Outgoing HID packet:
[Mon Jun 18 18:51:46 2018][DEBUG]	Contents:
Command ID:	GET_STATUS
CRC:	ef6eb7df
Payload:
Empty Payload.
[Mon Jun 18 18:51:46 2018][DEBUG_L1]	=> GET_STATUS
[Mon Jun 18 18:51:46 2018][DEBUG_L1]	<= GET_STATUS 0 0
[Mon Jun 18 18:51:46 2018][DEBUG]	Incoming HID packet:
[Mon Jun 18 18:51:46 2018][DEBUG]	Device status:	0 OK
Command ID:	GET_STATUS hex: 0
Last command CRC:	ef6eb7df
Last command status:	0 STICK10::COMMAND_STATUS::OK
CRC:	916752d9
Storage stick status (where applicable):
 pod.storage_status.command_counter: 	00
 pod.storage_status.command_id: 	00
 pod.storage_status.device_status: 	00
 pod.storage_status.progress_bar_value: 	00
Payload:
firmware_version:	[7]	07 00 -- -- -- -- -- -- -- -- -- -- -- -- -- --   ..
card_serial_u32:	305c
card_serial:	5c 30 00 00 -- -- -- -- -- -- -- -- -- -- -- --   \0..
general_config:	ff ff ff ff ff -- -- -- -- -- -- -- -- -- -- --   .....
numlock:	ff
capslock:	ff
scrolllock:	ff
enable_user_password:	1
delete_user_password:	1

But how can i use nitrokey-app with fedora core 28? The app starts and talks to the device but how can i use the app itself. Gnome 3.28 has no icons and the gnome shell extension TopIcons shows the remmina icon but no nitrokry-app icon? So how do i access the running app?

1 Like

OK, i think, the problem is with the applet icon. i delayed the app by 5s, so TopIcons is started before nitrokey-app starts. Now i see an icon and can use the app. I delayed the startup by renaming the app to nitrokey-app.bin and replacing /usr/bin/nitrokey-app wih this script:

#!/bin/sh
sleep 5
/usr/bin/nitrokey-app.bin $*
1 Like

That is a nice solution. Thank you for sending that!
I have not thought this time, that nitrokey-app instances have been doubled. I registered #367 to mitigate such issues.
Regarding usage, when the tray icon is missing - in v1.3 Nitrokey App shows its window right after start. In settings it could be chosen to Quit the App after the closing of the main window (which could be done with ESC key as well). I think Gnome forces to use its applications in such a way.

@nitroalex Could you add this to documentation, please? Most notably, that the Nitrokey App (auto-)startup has to be delayed, when running TopIcons with Gnome. Perhaps it could be later workarounded with reinserting App’s icon to the tray menu after some time has passed.

Yeah, it works but only for Pro. NK Storage still hsas some problems:

[pharaoh@laptop ~]$ nitrokey-app.bin -d
[Tue Jun 19 20:33:42 2018][DEBUG_L1]	Throw: Device not initialized
[Tue Jun 19 20:33:53 2018][DEBUG]	-------------------
[Tue Jun 19 20:33:53 2018][DEBUG]	Outgoing HID packet:
[Tue Jun 19 20:33:53 2018][DEBUG]	Contents:
Command ID:	GET_STATUS
CRC:	ef6eb7df
Payload:
Empty Payload.
[Tue Jun 19 20:33:53 2018][DEBUG_L1]	=> GET_STATUS
..........
[Tue Jun 19 20:33:54 2018][DEBUG]	Status busy, decreasing receiving_retry_counter counter: 24, current delay:80
[Tue Jun 19 20:33:54 2018][DEBUG_L1]	Busy retry 2 80 24
...........
[Tue Jun 19 20:33:55 2018][DEBUG]	Status busy, decreasing receiving_retry_counter counter: 23, current delay:160
[Tue Jun 19 20:33:55 2018][DEBUG_L1]	Busy retry 2 160 23
.........
[Tue Jun 19 20:33:56 2018][DEBUG_L1]	<= GET_STATUS 0 0
[Tue Jun 19 20:33:56 2018][DEBUG]	Incoming HID packet:
[Tue Jun 19 20:33:56 2018][DEBUG]	Device status:	0 OK
Command ID:	GET_STATUS hex: 0
Last command CRC:	ef6eb7df
Last command status:	0 STICK10::COMMAND_STATUS::OK
CRC:	8e30a4f7
Storage stick status (where applicable):
 pod.storage_status.command_counter: 	00
 pod.storage_status.command_id: 	00
 pod.storage_status.device_status: 	00
 pod.storage_status.progress_bar_value: 	00
Payload:
firmware_version:	[1]	01 00 -- -- -- -- -- -- -- -- -- -- -- -- -- --   ..
card_serial_u32:	0
card_serial:	00 00 00 00 -- -- -- -- -- -- -- -- -- -- -- --   ....
general_config:	ff ff ff ff ff -- -- -- -- -- -- -- -- -- -- --   .....
numlock:	ff
capslock:	ff
scrolllock:	ff
enable_user_password:	1
delete_user_password:	1

[Tue Jun 19 20:33:56 2018][DEBUG_L1]	Packet received with receiving_retry_counter count: 22
[Tue Jun 19 20:33:56 2018][DEBUG]	-------------------
[Tue Jun 19 20:33:56 2018][DEBUG]	Outgoing HID packet:
[Tue Jun 19 20:33:56 2018][DEBUG]	Contents:
Command ID:	GET_DEVICE_STATUS
CRC:	849bc4ef
Payload:
Empty Payload.
[Tue Jun 19 20:33:56 2018][DEBUG_L1]	=> GET_DEVICE_STATUS
...
[Tue Jun 19 20:33:56 2018][DEBUG_L1]	<= GET_DEVICE_STATUS 0 1
[Tue Jun 19 20:33:56 2018][DEBUG]	Incoming HID packet:
[Tue Jun 19 20:33:56 2018][DEBUG]	Device status:	0 OK
Command ID:	GET_DEVICE_STATUS hex: 2e
Last command CRC:	849bc4ef
Last command status:	0 STICK10::COMMAND_STATUS::OK
CRC:	af767a6c
Storage stick status (where applicable):
 pod.storage_status.command_counter: 	02
 pod.storage_status.command_id: 	2e
 pod.storage_status.device_status: 	01
 pod.storage_status.progress_bar_value: 	00
Payload:
 transmission_data.dissect():	_padding:
0000	00 00 00 00 00 00 00 00 00 00 00 00 00 02 2e 01   ................
0010	00 00 -- -- -- -- -- -- -- -- -- -- -- -- -- --   ..
 (int) SendCounter_u8:	0
 (int) SendDataType_u8:	3
 (int) FollowBytesFlag_u8:	0
 (int) SendSize_u8:	28

 MagicNumber_StickConfig_u16:	13080
 (int) ReadWriteFlagUncryptedVolume_u8:	0
 (int) ReadWriteFlagCryptedVolume_u8:	0
 (int) ReadWriteFlagHiddenVolume_u8:	0
 (int) VersionInfo_au8[1]:	45
 (int) VersionInfo_au8[3]:	0
 (int) FirmwareLocked_u8:	0
 (int) NewSDCardFound_u8:	1
 (int) NewSDCardFound_st.NewCard:	1
 (int) NewSDCardFound_st.Counter:	0
 (int) SDFillWithRandomChars_u8:	1
 ActiveSD_CardID_u32:	3933671637
 (int) VolumeActiceFlag_u8:	1
 (int) VolumeActiceFlag_st.unencrypted:	1
 (int) VolumeActiceFlag_st.encrypted:	0
 (int) VolumeActiceFlag_st.hidden:	0
 (int) NewSmartCardFound_u8:	0
 (int) UserPwRetryCount:	3
 (int) AdminPwRetryCount:	3
 ActiveSmartCardID_u32:	13558
 (int) StickKeysNotInitiated:	0

[Tue Jun 19 20:33:56 2018][DEBUG]	-------------------
[Tue Jun 19 20:33:56 2018][DEBUG]	Outgoing HID packet:
[Tue Jun 19 20:33:56 2018][DEBUG]	Contents:
Command ID:	SET_TIME
CRC:	ec02a8d
Payload:
reset:	0
time:	1529433236

[Tue Jun 19 20:33:56 2018][DEBUG_L1]	=> SET_TIME
[Tue Jun 19 20:33:56 2018][DEBUG_L1]	<= SET_TIME 0 0
[Tue Jun 19 20:33:56 2018][DEBUG]	Incoming HID packet:
[Tue Jun 19 20:33:56 2018][DEBUG]	Device status:	0 OK
Command ID:	SET_TIME hex: b
Last command CRC:	ec02a8d
Last command status:	0 STICK10::COMMAND_STATUS::OK
CRC:	e10c04f6
Payload:
Empty Payload.
[Tue Jun 19 20:33:56 2018][DEBUG]	-------------------
[Tue Jun 19 20:33:56 2018][DEBUG]	Outgoing HID packet:
[Tue Jun 19 20:33:56 2018][DEBUG]	Contents:
Command ID:	GET_DEVICE_STATUS
CRC:	849bc4ef
Payload:
Empty Payload.
[Tue Jun 19 20:33:56 2018][DEBUG_L1]	=> GET_DEVICE_STATUS
..........
[Tue Jun 19 20:33:57 2018][DEBUG]	Status busy, decreasing receiving_retry_counter counter: 24, current delay:80
[Tue Jun 19 20:33:57 2018][DEBUG_L1]	Busy retry 2 80 24
...........
< retry counter counts down>
...........
[Tue Jun 19 20:34:56 2018][DEBUG]	Status busy, decreasing receiving_retry_counter counter: 5, current delay:300
[Tue Jun 19 20:34:56 2018][DEBUG_L1]	Busy retry 2 300 5
...
[Tue Jun 19 20:34:57 2018][DEBUG_L1]	<= GET_DEVICE_STATUS 0 1
[Tue Jun 19 20:34:57 2018][DEBUG]	Incoming HID packet:
[Tue Jun 19 20:34:57 2018][DEBUG]	Device status:	0 OK
Command ID:	GET_DEVICE_STATUS hex: 2e
Last command CRC:	849bc4ef
Last command status:	0 STICK10::COMMAND_STATUS::OK
CRC:	9689503b
Storage stick status (where applicable):
 pod.storage_status.command_counter: 	03
 pod.storage_status.command_id: 	2e
 pod.storage_status.device_status: 	01
 pod.storage_status.progress_bar_value: 	00
Payload:
 transmission_data.dissect():	_padding:
0000	00 00 00 00 00 00 00 00 00 00 00 00 00 03 2e 01   ................
0010	00 00 -- -- -- -- -- -- -- -- -- -- -- -- -- --   ..
 (int) SendCounter_u8:	0
 (int) SendDataType_u8:	3
 (int) FollowBytesFlag_u8:	0
 (int) SendSize_u8:	28

 MagicNumber_StickConfig_u16:	13080
 (int) ReadWriteFlagUncryptedVolume_u8:	0
 (int) ReadWriteFlagCryptedVolume_u8:	0
 (int) ReadWriteFlagHiddenVolume_u8:	0
 (int) VersionInfo_au8[1]:	45
 (int) VersionInfo_au8[3]:	0
 (int) FirmwareLocked_u8:	0
 (int) NewSDCardFound_u8:	1
 (int) NewSDCardFound_st.NewCard:	1
 (int) NewSDCardFound_st.Counter:	0
 (int) SDFillWithRandomChars_u8:	1
 ActiveSD_CardID_u32:	3933671637
 (int) VolumeActiceFlag_u8:	1
 (int) VolumeActiceFlag_st.unencrypted:	1
 (int) VolumeActiceFlag_st.encrypted:	0
 (int) VolumeActiceFlag_st.hidden:	0
 (int) NewSmartCardFound_u8:	0
 (int) UserPwRetryCount:	88
 (int) AdminPwRetryCount:	88
 ActiveSmartCardID_u32:	0
 (int) StickKeysNotInitiated:	0

[Tue Jun 19 20:34:57 2018][DEBUG_L1]	Packet received with receiving_retry_counter count: 4
[Tue Jun 19 20:34:57 2018][DEBUG]	-------------------
[Tue Jun 19 20:34:57 2018][DEBUG]	Outgoing HID packet:
[Tue Jun 19 20:34:57 2018][DEBUG]	Contents:
Command ID:	GET_DEVICE_STATUS
CRC:	849bc4ef
Payload:
Empty Payload.
[Tue Jun 19 20:34:57 2018][DEBUG_L1]	=> GET_DEVICE_STATUS
..........
[Tue Jun 19 20:34:57 2018][DEBUG]	Status busy, decreasing receiving_retry_counter counter: 24, current delay:80
[Tue Jun 19 20:34:57 2018][DEBUG_L1]	Busy retry 2 80 24
...........

the unencrpyted part works fine , just like any usual usb stick but i can’t use the app to unlock or configure the crypto part.
Any ideas? Firmware too old for app 1.2.1?

I think this is the other way around. 88 in status might show issues with parallel access to the smart card, which was fixed between firmwares v0.46 and v0.48 (you are using v0.45). Perhaps some CCID application requests data from the device in the same time. Updating to v0.51 should solve that issue. If not, please let me know.
App v1.2.1/v1.3 should handle firmwares v0.42+, though the latest firmware is highly recommended. If you are hesitating before the upgrade, please let us know the reason.

Regarding Nitrokey App update to v1.3 - if your OS is not distributing the latest version, you could use an AppImage, available from the releases page. Overall, it should work better with the latest version.

I have upgraded NK Storage using windows to the latest 0.51. i have no problems with NK storage and windows but with fedora i still can’t use the device because of the STATUS BUSY caused by pcscd. for now i have to figure out how to prevent pcscd from grabbing NK storage.

I see. Just a blind guess: perhaps it will settle down on Fedora after leaving it some time in the USB slot, unused by the Nitrokey App (just once; about 5 minutes). Could you try this?
You might disable as well pcscd completely, if you are not using it (e.g. via pkcs11/15-tool). GnuPG has its own smart card service - scdaemon, so this should not influence GnuPG use.

I have registered an issue to investigate this further on the firmware side: Storage#66.

I have heard as well, that restarting Nitrokey App helps, but have not checked that further.

Hmm, no, i can wait for hours, the app just keeps repeating and repeating the commands.

What works:

  1. stop pcsdc (unfortunately i need it for accessing my HSM)
  2. disable automount of removable media in GNOME
  3. put NK storage in

then the app detects the device and i can access it. After detection you can mount the device (encrypted and unencrypted volumes) but for detection the device must not be mounted (maybe the mounting itself is not the problem but due to the mount the device wil be accessed by some other software which locks the device, didn’t investigate that).

Which OpenSC version do you use? Mine is:

$ opensc-tool -i            
OpenSC 0.18.0 [gcc  7.3.0]                                            
Enabled features: locking zlib readline openssl pcsc(libpcsclite.so.1)

I use the same version:

OpenSC 0.18.0 [gcc 8.1.1 20180502 (Red Hat 8.1.1-1)]
Enabled features: locking zlib readline openssl pcsc(libpcsclite.so.1)

Currently i’m trying to build nitrokey-app 0.13 as rpm for fedora 28.

That gives me some clue. Could you downgrade to OpenSC v0.17?

Downgrading to opensc 0.17 helped, approx. 60s after inserting NK storage or NK pro the app detects the stick even with pcscd running. I ran the test with latest nitrokey-app and this little patch:

--- nitrokey-app-1.3/src/ui/mainwindow.cpp.org	2018-06-23 13:58:20.802273335 +0200
+++ nitrokey-app-1.3/src/ui/mainwindow.cpp	2018-06-23 14:09:44.021273557 +0200
@@ -1451,7 +1451,7 @@ void MainWindow::PWS_ExceClickedSlot(int
     QString title = QString("Password has been copied to clipboard");
     tray.showTrayMessage(title, password_safe_slot_info);
   }
-  catch(DeviceCommunicationException){
+  catch(DeviceCommunicationException &e){
     tray.showTrayMessage(tr(Communication_error_message));
   }
 }

Although waiting the 60s for the device to be detected is a little bit annoying i will run and test this setup for a while.

1 Like

Weather was bad so i looked again at the annoying tray issue:

--- a/src/GUI/Tray.cpp
+++ b/src/GUI/Tray.cpp
@@ -34,6 +34,7 @@ TODO
 #include <QMenu>
 #include <QMenuBar>
 #include "graphicstools.h"
+#include <unistd.h>
 
 Tray::Tray(QObject *_parent, bool _debug_mode, bool _extended_config,
            StorageActions *actions) :
@@ -75,6 +76,14 @@ Tray::~Tray() {
  */
 void Tray::createIndicator() {
   trayIcon = new QSystemTrayIcon(this);
+
+  // wait max. 5s for SystemTray to become available
+  for(int i = 0; i < 5; i++) {
+    if(trayIcon->isSystemTrayAvailable()) break;
+    sleep(1);
+    i++;
+  }
+
   trayIcon->setIcon(GraphicsTools::loadColorize(":/images/new/icon_NK.svg", true));
   connect(trayIcon, SIGNAL(activated(QSystemTrayIcon::ActivationReason)), this,
           SLOT(iconActivated(QSystemTrayIcon::ActivationReason)));

On my system it works, the app waits for the tray to become available.

I have request if you think this is a valid solution:

Show the startpage only if the systemtray check times out. With this patch i get the tray AND the page but usually you don’t need the start page if you have the tray icon.

I would have patched my copy but i don’t know where the start page is shown, i’m no QT programmer.

Great, thank you for confirming this would work! I will modify this solution to make this parallel to the connection attempt.

No problem! Just tell me what you need, I can support you.
The line deciding for showing the window on connection is mainwindow.cpp#L1711. Most of the logic is there (it is planned to be decoupled in next major version).

Edit: created issue regarding tray icon delayed insertion: nitrokey-app#370.