I just purchased two Nitrokey Pro 2 for signing and encrypting with Kleopatra tool on Windows 10 Enterprise. I have one physical PC (Windows version 1903) and one virtual PC (Windows version 1909).
I installed GPG4Win from "httpswwwgpg4winorg" (I am a new user in this forum, cannot add links, sorry), version 3.1.11.
I started with changing PINs according to httpswwwnitrokeycom/documentation/installation#p:nitrokey-pro&os:windows
I succeeded it on physical PC but on virtual PC the Nitrokey App did not recognize the USB device.
The next step was generating the keys. I chose the simplest option with GPA:
On physical PC the GPA never found the smart card device, it just showed: “Checking the card…” and “Error accessing the card.”
On virtual PC I sometimes got the smart card visible in GPA. It seemed that the trick was to execute from “cmd.exe”: “certutil -scinfo”. At first “certutil” shows “SCARD_STATE_PRESENT | SCARD_STATE_UNPOWERED” but at the second time of running the same command shows “SCARD_STATE_PRESENT”. It seems that it enters sleep mode very easily. However, if the state is “SCARD_STATE_PRESENT” then GPA is able to show the device but only on the virtual PC.
GPA shows the following info about the device:
Serial number 00007E19 Card version: 3.3 (RSA-68222423) Manufacturer: ZeitControl
I followed the instruction for generating new keys. It asked admin PIN several times and user PIN once and then showed an error message “The GPME library returned an unexpected error at gpagenkeycardop.c:218. The error was: Card error” and in details, it states: “[GPA 0.10.0, GPGME 1.14.0-beta36, GnuPG 2.2.19] gpg: AllowSetForegroundWindow(13976) failed: Access is denied.”.
Now “certutil -scinfo” prints “SCARD_SATE_PRESENT | SCARD_STATE_EXCLUSIVE | SCARD_STATE_INUSE”. If GPA has initiated this status then I am able to see the smart card also in Kleopatra tool. Otherwise, it did not recognize the smart card. In Kleopatra tool I was able to change PINs and “CardHolder” field, but “Generate new Keys” still failed, with the message: “general error”. By the way, it shows a different serial number in Kleopatra: “000500007E19”.
Now when failed with everything above, I took another instruction from Nitrokey help:
The instruction assumes that “gpg2.exe” is part of GPG4Win but it is NOT! I installed Cygwin to get the latest package.
$ gpg2 --version gpg (GnuPG) 2.2.21-unknown libgcrypt 1.8.2
Ran the command according to the instruction:
$ gpg2 --card-edit gpg: selecting card failed: No such device gpg: OpenPGP card not available: No such device gpg/card>
Since I had Git Bash installed, I also tried MinGW version of “gpg” - that returned exactly the same, both on physical and virtual PC.
From this point, all the options to generate keys were tried out and all of them failed.
In the marketing paper, it states that it works with Windows but at the same time it does not specify any specific version:
Is my current conclusion true that it does not work on Windows 10 and it is not supposed to be working on the latest Windows operating system?
Is there any chance that the support for Windows 10 and the latest GPG4Win will be added soon?
Or am I just missing something simple that makes it all work?