Nitrokey pro & keys

Hello everybody,
Be gentle with me I am a total newbie to using gpa on on a nitrokey. I have been partially successful with doing what I want but can’t seem to work out some things.

Firstly, if someone can point me in the direction of a guide that pertains to the nitrokey itself I’d appreciate it. I have been using the guide here https://www.nitrokey.com/documentation/setup-gnu-privacy-assistant-gpa that pertains to the cryptostick. I don’t know if there are nitrokey proper instructions.

I already have a public and private key generated on the windows based GPG4Win and for the life of me I can’t see how I can import these keys into the nitrokey card. I assume that its possible but I can’t see how. Any tips or guide that I can be pointed to?

Is it possible to store public keys from other people on the nitrokey itself rather than on the gpa program on my pc? I am assuming that the nitrokey can work as a standalone device that would contain both my private key (hopefully one that I can import as I already it) and a directory of public keys of other people.

I have always used the windows based GPG4Win so the linux based one is a learning curve for me.

Lastly, I created a card identity on the nitorkey pro that I can’t seem now to edit with regard to things such as name etc. Is it possible to edit this or delete it to enable me to create a new card?

Sorry if this seems like a lot, but this is a learning exercise for me. I have looked high and low for these answers without luck.

Thanks for any help that people may be kind enough to offer.

Hi @barnoo!

I am sorry, but I do not have any experience with tools running on Windows. Perhaps @nitroalex would help you. Key import should be possible as long as GPG4Win handles the device communication. If you would use the command line, then the standard guide for importing key to the smart card should apply - see https://www.gnupg.org/howtos/card-howto/en/ch05.html#id2523191.

Nitrokey devices store only private keys (due to storage space limitation), and their sole purpose is to make calculations based on these. All public key cryptography is done on the host PC. All this should not be a problem though, since public keys could be downloaded from the GnuPG servers, or exported to files from local setup, and imported later on the another environment.

Personalization is surely possible via the GnuPG command line access - see https://www.gnupg.org/howtos/card-howto/en/ch03s03.html#id2521895.

Thank you very much for your reply. I can now do some of the things that I inquired about. I am very surprised that the device doesn’t store public keys. I had hoped for a device that was self contained but not to be.

I will now do what I can with the device. I can’t thank you enough for this information.

Cheers

Barnoo, safely storing lots of things is the purpose of Nitrokey Storage versions, IMHO. I for one use Keepass files within such a NK for instance…
H.

1 Like

Unfortunately, there is no “easy” way for doing this yet :cry: But we are working on this… Meanwhile, I can only suggest this documentation I created some time ago. Especially the part for importing existing keys if you created them locally.

The mentioned instructions explain that it is necessary or recommended having a copy of the pubkey somewhere suitable e.g. a keyserver or a private website.

The limitation of not being able to store pubkeys has something to do with the way these keys are working and how the specification of the internals are set. I am sorry, but this is nothing we can change or that we have introduced.

Thank you for the replies. Importing an existing key was easy where I followed the instructions here: https://www.gnupg.org/howtos/card-howto/en/ch05.html#id2523191 provided by a kind reader.

Bad luck about not being able to store other public keys onboard. You can’t have everything but getting my existing key on it was a worthwhile exercise.