After opening up a nitrokey pro 2, it appears that it exists of a reader and a smart card. That made me wonder whether it is possible to buy a couple of compatible smartcards to use as backups for various keys. Will this work? What problems should I expect? What cards are compatible?
Exactly. Besides being a reader, there are some additional features like OTP or Password Safe, available via the Nitrokey App.
I think firmware will not start with a smart card other than OpenPGP, since at the start device takes its serial number, and sets as own. Nitrokey App features will probably not work either.
You can build and run modified firmware on the device of course.
how hard will the otp and password safe break when the smartcard changes? I assume it starts working again if I put the correct card in again? what if it’s a different card but it contains the same keys?
assuming the smartcards in the nitrokey pro are manifactured by www.zeitcontrol.de, I was not able to find openpgp cards in their shop. where can i buy just the smartcard?
- PWS’ AES key is calculated using the smart card. OTP does not use it.
- Yes, it should work with the same smart card. You might want to avoid a warning and a reset request, when device could not decrypt its internals with another smart card.
- If the same AES key is uploaded to both smart cards, then it might work. AFAIR the AES key is in usual use generated on the device, and then uploaded to smart card, but I am not sure right now - would have to look into the firmware source. In general we have not tested the devices in such a way, but it sounds interesting to try.
- You can ask at
firstname.lastname@example.org the additional smart cards. Perhaps these are not offered in the retail.
Thank you, I’ll see if I can make it work.