Help Beginner. How to use NitroKey3 GPG

Hello.
I bought a Nitrokey 3 and wonder how I can do “Something” with it.
I’ve read about storing PGP keys and using it with e.G. thunderbird.
Are there any “easy” tutorials?

Best regards
T.L

1 Like

You have to update your key to at least 1.4.0 using nitropy. Show version like this:

nitropy nk3 version

Update with this:

nitropy nk3 update

Help for nitropy:

nitropy --help
nitropy nk3 --help

Then do reset with “nk3” instead of “start”. How ever Multi ID isn’t supported jet:
Factory-reset
Now set your PGP key:
OpenPGP keygen with Backup
If you want to use it with your email client, please read its Dokumentation.

EDIT about Thunderbird:
In Thunderbird you have to set it to GnuPG in order to use Smartcard like Nitrokey:
https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq#w_can-i-use-an-openpgp-smartcard-or-a-hardware-token-with-thunderbird-78

Maybe this page will help a little bit:
https://dokuwiki.nausch.org/doku.php/nitrokey:linuxmint:3cnfc

Use your preferred translation service if German isn’t your favorit language…

Hello @Chris2000SP Thank you!
I now was able to use my NK3. After setting the UDEV rules I was able
to access and update my key.

After the first attempt before I set the rules I get an error updating my key.
Thereafter I was able. Strangely the status of my key was
External Flash error.
After I try to update the key again the update crashed and tells me
that he can’t find a key.

I then reconnect the key and the status tells me now ‘ok’ :slight_smile:

What I not really understand is

Why I should reset? What do you mean with “start”.

Regards
:slight_smile:

Hello @Django
Thank you! Nice tutorial.
:slight_smile:
best regards

in that link i posted about reset is for an other Nitrokey. Its for the Nitrokey Start and not the Nitrokey 3. Its almost the same for GnuPG little differences.

@Chris2000SP I understand.

Seem to me that the Help site is updated few days ago?
Regards

The first command after nitropy specifies on which device you want to operate. nk3 means you want to issue commands specific to a Nitrokey 3. start means you want to issue commands to a Nitrokey Start. Yes, it can be confusing.

I find that the connection can sometimes be fiddly and gets locks and crashes. Make sure you keep the firmware updated, as previous firmware versions have known connection issues. If it’s still being persnickety on you, you might want to file a bug report, as the devs are superb about responding to user feedback.

gpg --edit-card will give you the full suite of GPG commands that you can use to operate on your Nitrokey. Once you’re at the gpg prompt, type help to see all the options to use. If you irrecoverably mess things up (like typing the wrong PIN in too many times) you can reset the PGP card component of the Nitrokey through that interface without nuking the other Nitrokey properties like FIDO or OTP (no promises, though).

The GPG commands are not available in nitropy. nitropy is for updating firmware, registering OTP functions and working on the FIDO keys. The good news is that Yubikey and GPG card tutorials translate with almost no modification to the Nitrokey, as they all use the standard PGP card interface.

You may also want to look into a graphical tool like Kleopatra, which I suggest only because it comes standard on GPG4Win installs. Kleopatra provides a more user-friendly (if stripped down) interface to interact with PGP cards.

1 Like

Hello @borden
Thank you for your detailed explanation. :slight_smile:

For now I can not use the GPG card abilities.
Because

  1. My Linux Distro - Mageia - did not ship the ccid lib with version
    1.5+
  2. I am not able to upgrade this to the most recent version by hand duo to my limited linux knowledge.

Kleopatra is installed on my machine. I know it and use it sometimes.

Thank you

There are ways around the Mageia limitation (containers and live CDs come to mind), but definitely a good place to start is boning up on your bash skills and Linux theory. Almost nothing in Linux “works out of the box” without knowing how to sudo edit files.

If your public library and/or organisation subscribes to LinkedIn Learning or O’Reilly, there are some great video resources there. That’s how I self-taught pretty much everything I know.

Hello @borden
Thank you! I asked the mageia stuff to ship a newer version or
how I can do this myself.

FYI You will also need scdaemon to use a smart card on linux

sudo apt install scdaemon

Hello @D61

I use Mageia Linux, which is RPM base, which did not know scdaemon
but pcscd.