Nitrokey 3A Mini Touch FAKES the touch action

Nitrokeys FIDO2 / Nitrokey 3
1

Hi Forum :slight_smile: / Nitokey staff

I need your help :pleading_face:

Today, I received by new NK3A Mini, as well as a NK3A NFC.

Unfortunately, the Mini shows a strange behaviour out of-the-box:

Apparently, the “Touch” Sensor (whereever it might be exactly located on this tiny Dongle), detects a touch when no touch occurs (no fingers within 20cm distance).

State:

  • NEW / factory reset
  • no PIN set

Machine: Lenovo E16 Gen2, Linux Mint newest.

pamu2fcfg (w/o Parameters)
    after the LED lights 1-2s, a keypair is generated without touch

    username_xxx:owBYeOqsSIwPcYfcp7Lqy+BJrrf....,Udcj7Z.....,es256,+presence


nitropy nk3 test (also w/o further parameters)
    [1/5] to [3/5] (uuid, version and status) => SUCCESS
    [4/5] se050 asks 2 x "Please press the touch button ..."
            and stops after a few seconds with SUCCESS
    [5/5] fido2 => SUCCESS


the same with webauthn.io:
each activity which normally requires UP (user presence), finishes successfully after 1-3 seconds without touching the device

With the same test setup, the NK3A NFC from the same shipment stoically waits until it has been touched.

A further FIDO2 capable stick (of a different make and model) works flawlessly, of course only with the two manufacturer-independent tools pamu2fcfg and webauthn.io.

Futher observations:

The test is performed on the USB Ports of the E16 Lenovo (metal case).

Moving the Mini from the right to the left USB-A port makes the Touch-requirement work for a few times, but then, it starts behaving the same way ( = always FAKING the touch after a few seconds).

Master Question:

Is this a “Feature” ?

Or ist the touch sensor (or the Software) not able to properly distinguish between static (from the Notebook casing) and changing capacitances (approximating fingertip) ?

Activating the PIN is a workaround, but I expected a device being advertised with the “Touch” Feature has a working Touch feature :wink:

Possible unattended Confirmations make a Security Dongle whose sole UI is a touch sensor insecure. Similar posts (though without stating a problem of this kind) mention often enough that the Touch requirement (user presence) is rendered important by everyone.

BTW:

With
nitropy nk3 list-config-fields

one can see there exists a boolean setting “fido.disable_skip_up_timeout”, which not even google or any AI knows of.

This setting is false, but changing to true doesn’t help.
Also the firmware sourcecode (tag 1.8.3) shows no hint what this setting is really good for.

Any help would be appreciated :blush: :

Thanks

Georg

2

problem solved.

The key was defective indeed. Sh.. happens. Got a replacement which works as expected.

Excellent support :smiley: :smiling_face:

1 Like