Mass provisioning of Nitrokey Start

I have to provision nitrokey start for about 800 people. they should use the key to get access to a SSH account on a computer in a local offline network. So there is a fixed SSH private key to be put on the nitrokey start and the pins need to be set. also a name should be set. How can I automate this? It schould work like:

  • put nitrokey start into usb slot
  • wait X seconds and hear a beep
  • remove stick from slot and give it to user. Pin is send by mail.
    I already have a script that is requiring a lot of manual work with a very high failure rate. So how to do a full automation?
1 Like

Please describe the operation’s parameters. Is the following correct?

  • Input: none
  • Output: new pin, public key (SSH format)

Consequently the operation would generate a new key, set a new random PIN, and return both (of course, only the public part of the key pair).

No, the private key is not generated.

Input is:

  • a given private key, that is the same for all sticks (Yes I know, but this is not in my hands).
  • a PIN (derived from a value)
  • a name and login
  • a admin pin (derived from a value)

output is a stick containing all given for input.