I upgraded the firmware on my Nitrokey storage from 0.48 to 0.51 using the Windows update tool.
Afterwards the password safe unlocks with the usual password but is now empty (previously there were several slots with passwords set).
The encrypted volume still contains its files after unlocking with the usual password.
I’d like to know if this is expected behaviour and why the password safe would be wiped but not the encrypted volume. The last time I did a firmware update the password safe was not wiped.
Part of the AES key is located in the MCU memory, hence there a chance it will be deleted between firmware upgrades, if the internal data format changes. We do not test currently, whether data are retained after such operation, but instead we warn about possibility of losing information due to upgrade. Some updates, where there is a only a small change in the internal logic, do not result in data loss.
Please let me know, if you would have any further questions.
Edit: I forgot to mention, that different features may use different AES keys’ parts.
Thanks for the information.
Having to restore the data in the password safe manually is quite inconvenient, so if there is a way to avoid this in future it would be helpful.
I understand. I have just registered an issue regarding this matter: Nitrokey App#372.