Hello guys. I am sending this here as Nitrokey support didn’t help much, if at all.
I’ve been using my NK 3A for more than a year. However, the key died a couple of days ago. The device has no trace of physical damage nor it has been submerged in liquids.
I’ve plugged NK 3A in many different machines to make sure my PC isn’t the culprit. The symptoms: Linux USB HCD can’t recognize the device and hence it can not be enumerated. Without enumeration the userspace utilities can’t do anything. This is what i get in kernel’s log:
[ 9918.140211] usb 1-14.4: device not accepting address 17, error -71
[ 9918.213474] usb 1-14.4: new full-speed USB device number 18 using xhci_hcd
[ 9918.213622] usb 1-14.4: Device not responding to setup address.
Appears that the key doesn’t respond to host’s USB control messages. Windows 10 says something along the lines of “windows can’t recognize this device type…”. So clearly, the device is dead.
Unfortunately, regardless of the fact i told Nitrokey support all of the above, i keep getting useless instruction as to run ‘nitropy’ or fix my udev rules. Udev rules are just fine - i’ve been usnig this device for a long time. During this period i’ve updated the software multiple times as well. Obviously my software setup is OK, the device isn’t.
So my question is basically this: what to do next? Shall i return the device to Nitrokey and ask for replacement. Or am i on my own here and should go find another solution to my problem?
The steps to reproduce the issue with Linux and on another PC are sound. The USB error messages in kernel space are before udev can go ahead and assign a driver.
Looks to me indeed that the device is malfunctioning and you might need a warranty replacement.
Does it even get registered via NFC by a phone? Just to check whether it is dead thee aswell.
Did you write an email with your order number? It seems the forum is more for community support and exchange of customers and official RMA inquiries should be handled via email.
My 3A NFC has been acting up recently. It isn’t the mini, though. This is a link to my issue. I am almost afraid to log out of certain accounts in order to test the NFC on my phone. I am not an “in-depth/super knowledgeable” user of this device and wouldn’t know when to “freak out” or not if I am permanently locking myself out of things. I have been slowly adding a 2nd key from a different maker as I run into this issue. It is the only way I feel confident trying to narrow this issue down on my own.
Are the Nitrokey 3 really getting dead after a year ? I was thinking of buying it recently as it completed development of all its promised features and offered discounts. But if it were to be dead after a year , that would be really a bad scenario for me. I would not be able to rely on it for anything serious.
I had seen reports about dead nk3 earlier and they even did replace the keys for many. After that i think they even promised for better testing of the nitrokey 3.
I was thinking if i should buy the Nitrokey 3 C key as they apparently are newly manufactured (after going out of stock) and maybe has less chances of breakage. ?
I really liked the project , the fact that it is upgradable and open source and supports many standards, but i am really confused about buying one seeing its reviews
@Kevin,
There was a defective batch, and Nitrokey is replacing all of them; this happens to all companies and is pretty rare. The vast majority of Nitrokeys are fine. During the pandemic, sourcing “quality” raw materials was an issue for everyone. Even cars have major recalls for failed parts made from materials during that time. I don’t work for Nitrokey; I am simply being a realist. Obviously, reading any support page will have majority “issues” there, as that is the point of support pages. So, I would keep that in mind. Most folks are pretty happy with their Nitro products. I am happy with mine, and I cannot guarantee I didn’t mess something up myself. LOL. I am currently awaiting support responses to know for certain. Anyone who uses a security key should have a backup anyway. It is a pretty well-known cyber security “best practice.”
okay thanks i was just making sure it wasn’t a common occurrence , because after getting it shipped half way across the world , it would be even difficult for me to even get it replaced.
yeah i do have a buckup key but wanted a nk3 as my primary key.
@kevin
Yeah, I am confident you’d be alright. Their actual support is quicker responding than in support threads like this. I was answered in a reasonable amount of time. I am in the middle of a "back-and-forth as we speak to see if my issue is “operator error” or not. LOL. At first, I didn’t realize this was a separate support area. That is why my initial comment was about reply time. They have an “actual support” contact with them we use for actual company support with products. They are decent at answering those. This area seems more likely to have easier issues to resolve before getting to more extreme cases.
It looks like my nitrokey mini is also dead after 3 month. LED is red, and it is not recognized anymore. I also did not do anything weird with it. Last firmware update went well. Hm…not sure what to do…
In such cases, contact Nitrokey via Email for RMA. Most likely it is defect and might need replacement.
However, more details might be relevant to pinpoint what the issue could be.
How do you use your Nitrokey?
E.g.
What Operating System do you use?
What does dead mean to you? Is it not found by the Nitrokey App or not even detected by the kernel (when on Linux) or is it not recognized in the browser?
Do you have it always plugged in the usb port? This is a total valid usecase but might be relevant for Nitrokey to determine whether there might be thermal issues affecting the chips.
Did you extensively test the use of passkeys? Maybe it reached the maximum number of passkeys (10) to store but does not handle it correctly.
Just to add another data point to it: I have multiple NK3 in daily use that I purchased during various times during the pandemic / chip shortage and did not experience anything unusual, yet. I have only one NK3 mini that was a beta test sample. Also working fine and I did lots of firmware updates. The only issue I had was that I needed to reassembly it in the USB plug and use a drop of glue to fix it from getting pulled out of the casing when the USB port is tight.
Thank you for the reply and an information.
I used heads with qubes os installed. It died after a reboot (it was plugged in for about 30 minutes without active usage). It is now not detected by any software (nitropy, nitrokey app, and heads). As it is inserted in any device, one short yellow blink led appears after that it switches to red light. I did not exceed the number of secrets. There were total 3 manually saved passwords and 2 top. GPG key was used only for the heads authentication and was generated by heads. It was working for about 2 weeks for this purpose.
I contacted the support team already…
Can you test it while booted from a Linux Live ISO (e.g. Ubuntu 24.04)? Qubes is not good for troubleshooting this as the USB connection is done via an isolated USB Qube and adds more complexity for the initial check whether it is bricked or not.
I checked it through baremetall installed fedora, which worked without any problems before. No success. LED is red and it is not detectable neither by nitropy nor nitrokey app. Do you have any other suggestion?
I looked into tje source code but could only find one reference to the red led which was not related to an error state. More details by Nitrokey about the different meanings would be helpful addition to the docs.
I guess the hardware is either defective or it is in a bootloader state.
