Newbie Questions Nitropad/Nitrokey

Hello, I recently purchased a Nitropad with Ubuntu preinstalled and a Nitrokey and had a few questions that I wanted to see if anybody here could help me with.

  1. First, I saw a few times that people on this support page and other places have mentioned “gpg2” quite a few times, and I checked and saw that on my Nitropad I only had the normal gnupg installed. Is there a significant difference, and should I install gnupg2 instead?

  2. I also noticed that a few packages were installed through snap. Now, this is unrelated to Nitrokey, but I do know that snap packages are slighty more secure, using sandboxing in most cases. Are there certain types of programs it would be more secure for me to download through snap instead of APT? Or is it just personal preference?

  3. Lastly, is there anything else I should install, configure, or the like on my new Nitropad? I don’t want to use it assuming everything has already been setup for me, and then miss something important.

I hope you can answer my beginner questions, and excuse any lack of knowledge I may have.
Thanks.

  1. GnuPG2 is the successor to GnuPG and shares most of the same commands. It is more secure than its predecessor as it has moved sensitive operations to the gpg-agent and has improved support for smartcards and modern ECC cryptography. For the average user, the differences between the two versions are minimal. It is also quite easy to just switch to the newer version.
  2. This is a matter of preference. While it is sandboxed, it all depends on the frequency of updates to the snap package (snap packages contain all the dependencies). Usually, security updates are better taken care of in the operating system. If you need most recent software, I (as an advanced user) would prefer Nix package manager. For maximum security I would stick to the currently supported OS packages without additional 3rd-party repositories.
  3. If you have some administration skills, you could use tools like Ansible or shell scripts to configure your machine from scratch and backup your data e.g. to a Nitrokey Storage. That way, you could reset your machine from time to time and could use your scripts to rebuild and keep your workstation current.

Sandboxing/isolation is good if you do not need to connect various pieces of software together.

Hi!

Thanks for answering my questions in good detail. I’ve heard of NixOS before, even messed around with it a little in a VM, but never actually got to using it as a daily driver. Any idea if Nix is supported on the Nitropads? From what I’ve seen, it’s usually only Ubuntu and QubesOS that are used on them.

And could you elaborate a little on the third answer? I used to write bash scripts for automating many of my daily tasks, but never anything too advanced, so I’d love to look into it.

Yes, that is pretty much what I had in mind, especially since many snap packages are more up-to-date than their equivalents in the distro’s repositories. Is there any specific software that you think definitely should be sandboxed (other than browsers)?

There is NixOS and Nix Package Manager. The latter can run in parallel on most Linux systems. Devs use it to get a more recent version of a programming language or a webserver. It can be configured similar to NixOS.

I don’t know. If I were interested in this, I’d be running Qubes OS probably most of the time. (Now, for isolation, I run DomU’s on Xen on FreeBSD Dom0).

Oh, ok fair enough. Thanks for your input anyways.

My mistake. I will have to look into it as I learn more about Linux.

And, I didn’t want to insist, but you didn’t answer my last question on my reply. Could you elaborate a little on the 3rd original answer? As mentioned before, I have written bash scripts for basic automation of repetitive tasks but would like to improve my skills with more advanced configuration like you said. So, if there are any examples or guides you could link, it would be highly appreciated.

This is a nice article describing how to define your workstation with Ansible.

I’ll be sure to check it out. Thanks for the resource! Sorry for late response.