New Release of NK App for macOS planned?


#1

I am sure you know that the Mac Version v.1.3.2 of the NitroKey App has still some bugs that “eat on the trust” of that app. So I wonder if you have a planed new release in the current or upcoming month ?


#2

Hi!

Yes, work on the next major release of Nitrokey App (v1.4) is planned as soon as we finish the development of our current product - Nitrokey FIDO2 (roughly the next month). In the meantime there should be a minor release (v1.3.3) with support of a new Storage firmware (v0.54) - probably in the next 2 weeks. Hopefully some quick-to-fix bugs would be corrected in this release as well - if you have a couple of candidates, which irritates you the most, please post them - I will keep them in mind.
In the far future UI re-design is planned, but that should come after fixing current issues.


#3

ok, sounds great. I need to say that I am currently not using the NK Storage ( as my FW is still on 0.48 to allow a comfortable eject ( without re-attaching the stick again under macOS) . So I am currently using the NK Pro to get that up and running without NitroApp.

Regarding the Bugs of the App : Here are my top five:

  1. Fully support of macOS eject without any specials (admin, destroyed hidden partion [ while I really don’t see ANY advantage of a public advertised "hidden secret - it is not a secret any longer ]
  2. More Status / Version Information of the attached NK - like described in the feature request we already discussed
  3. Better Password Safe - more flexibility as described ( and yes, will only go along with FW changes )
  4. More NK’s Supported - currently HSM and FIDO are not even recognized.
  5. Support a diffrent partition size on NK Storage than 2GB vor not encrypted ( ok, again a FW change is also needed)

+) It would be great if the App could do FW upgrades - specially on macOS , where it is not so easy to instaöö

Are these Bugs: currently only 1) is a bug on macOS. I feel that is a serious one and the major drawback why I don’t use the App any longer. - I would compile and improve the app, if it would be a native XCode App, but as it is QT it is too much effort to learn the framework just for this app.


#4

Thank you for the list. I see half of them is specific to the Storage firmware (and there a modification is needed), rather than Nitrokey App, but I get your point. Points 2 and 4 are planned for v1.4 release, when App will be switched to libusb.

The advantage is the impossibility to prove there is a hidden volume inside an encrypted volume (it all looks like random data), except for using brute-force password guessing. Therefore no one have any basis to force you to reveal the password other, than to the encrypted volume.

We do have nitrokey-update-tool though, which offers graphical interface - have you used it?


#5

The advantage is the impossibility to prove there is a hidden volume inside an encrypted volume (it all looks like random data), except for using brute-force password guessing. Therefore no one have any basis to force you to reveal the password other, than to the encrypted volume.

Excatly there I have my doubts: if you sit inside HomeSecurity and the squeeze you to either handle a password or you will never get the USB Stick back, how will you react ? Anyhow, I think only people like Snowden need such a functionality ( and he did it different :smile: ) So I would better “clean the FW” to get rid of these function and instead improve the others (e.g. free choice of partition sizing ) . But of course thats me IMHO :smiley:

We do have nitrokey-update-tool though, which offers graphical interface - have you used it?
No, was not aware - as I haven’t use the NK Storage since last year. I will try later today. Currently I try to find out, if I could use the FIDO U2F with the Safari extension for Google after the first Chrome setup :smiley:


#6

That’s the point :slight_smile: You give away encrypted volume password to the adversary, or another hidden volume password if he is really pushing, but not the one you really care of. One can have up to 4 hidden volumes, each with different password and different content / separate file system.

I remember Safari extension was surely tested in general with the U2F test sites (5 months ago - Safari: 12.0 / macOS 10.13), so it should work.


#7

Hey, that was smooth ! The FW upgrade worked fast and beautiful !
Oh, please remind me: for what was the FW Password ? It was not asked for this procedure …

And could I have an extension wish ? Could I get an option that is also doing factory reset in that tool ? (together with firmware upgrade ) I currently have the wrong admin passwd and guess what :frowning:

Regarding FIDO - yes it works well with Safari once you know how to compile it right ( the setup what to change in Xcode is a bit missleading: you should do a real signing instead of ad-hoc. Otherwise the plugin never makes it inside Safari ) But then all testsites worked fine with my two FIDO’s - now I need to set them up for something usefull.


#8

The default password tried is 12345678. Good idea to show it somewhere during the update.

Such intergration might be handy indeed. You need to reset the smart card - at the moment there is a reset page with a couple of solutions (based on GnuPG and OpenSC among others), but nothing GUI-like.

Feel free to create the tickets with other suggestions for the Update Tool as well. I should post the current ones later.


#9

I had setup a diffrent FW Password , but it was never asked for teh FW Upgrade …

BTW: I will go back to 0.45 FW - the new FW is “crab” for a Mac - and I have now a new Mac.
Again: constant on/off connection of the NK Storage key - for me total useless. It is not even possible to unlock the encrypted partition as the stick is thrown out again …
(And this time I am not a normal user - I do have admin rights )


#10

Could you check, is there not any other Nitrokey App running in the background? That should not happen. What is your macOS version?


#11

Hi, no other App was running in the background. Mac Version is 10.14.4 .
I am still on FW 0.53 and will make some test while I it is stable enough. Where shall I post requests for NK App ? On Git-Hub ?


#12

Oh, BTW: strange was : the unencrypted partition was empty ( all files gone ) . Now after unplug storage, restart app , unlock encrypted, formated encrypted as ExFAT, the unencrypted has all files again.
( This looks again for a USB communication problem - are you using also QT for the USB communication or is that native by system ?)


#13

Could you post your Nitrokey App version as well?
Yes. If possible, please register all issues / requests to Github for better maintenance.

Qt is used only for presentation; actual communication in the Nitrokey App is done via the hidapi, which is a wrapper for macOS specific code. Other than that it is all communication between macOS USB storage-related routines, and the NK Storage firmware.
Files appearing and disappearing look like a some kind of cache issue specific to macOS, which should be worked around in the firmware, when possible.


#14

I am using App 1.3.2 and -v and --version-more show the same ( I would expect at least under version-more a build ?)


#15

Thank you, will check that. AFAIR --version-more shows git describe for the currently used source code, and might be the same with the tag.


#16

Ok, looks like FW 0.53 now runs stable. I will keep the FW for now and will make some tests the upcoming days. Will keep you in the loop :smiley:


#17

Arrggghhhh - still the issue with no way to eject the NK Storage clean - it will be re-mounted just after eject. So only way to pull out the NK Storage hard, which means that maybe Spotlight is writing during that action … This is not the case in FW 0.45


#18

Hello Peacekeeper,
Do I understand correctly that the GUI NK-update tool is just for Windows and Mac?
This is not my #1 worry on Linux though. Rather, I’d say the handling of two NK Storage simultaneously connected would open many perspectives, starting with simple secure backups…


#19

Yepp, this tool is only for Mac/Windows. Under Linux it is a bit easier as you could easier install the required tools.

I agree: It would be very nice to handle multiple slots as you might have beside the NK Storage also a NK Pro ( or a HSM, but that is not covered by the App due to different HW ) So A slot/reader selector would be a good benefit.


#20

In my case it’s not only this : having a single NK Storage I’d imediately buy a second one, as an active spare, if it was possible to backup files directly from one to the other, without them touching the computer disk if I dare say.