I’ve acquired a Librem Key, which as far as I understand is a branded NitroKey Pro (2??)
I can use it on my Macs using macOS Mojave quite easily using gpg, however to get full features I’m trying to use the NitroKey app. However, the NitroKey app is unable to detect the Librem Key as connected.
My understanding is that under Debian this works (I run Fedora on another computer and was also unable to detect the key there with the NitroKey app, though that may be a permissions issue because on that machine, gpg only works with root and regular users cannot use gpg with the card).
So, leaving aside the Fedora issues which I will try to figure out piecing together some forum posts I’ve found on here, I’m not finding much regarding macOS past version 10.11.
What should I be looking for in order to troubleshoot this under macOS? Or is the app simply not compatible with this rebranded key?
Unfortunately we have not received information about Librem Key new VID:PID USB identificators before their release. To make Nitrokey App aware of Librem Key, it needs to know this ID.
This is registered already as https://github.com/Nitrokey/libnitrokey/issues/162. Please follow this ticket for updates. Planned next release for Nitrokey App is end of September.
Thanks sz, I’ll have a look at that and look for an update at the end of September as well!
Yes, Librem Key is a rebranded Nitrokey Pro 2.
You could use ioregistryExplorer on teh mac to find out the VID:PID combination. Switch to the IOUSB Plane and then select your librem key. You will find two fields: idProduct and idVendor which are hex-numbers
But why would you need the app ? I have all done gpg or opensc for the NK Pro 2 ( as the NK App anyhow has some difficulties under macOS. The only stable version is 1.3.2 - newer version crash or plug/unplug the key all the time )
The VIP:PID numbers are easy to find on the Internet as well, or with lsusb under Linux. Probably somewhere in the System Information as well on the macOS side but didn’t check.
Either way, that still doesn’t get the Nitrokey app working, under any OS…
Why would I need the app?
To use the features of this device I bought. The OpenPGP smartcard is usable with gpg, and works well, that’s great.
What about the TOTP/HOTP? The integrated password mananger? The random number generator?
Anyway seems like my best bet right now is to wait for a new release, or start hacking at libnitrokey myself and see what trouble that gets me in
Hopefully all these will be solved in the next release, sorry about that.
I believe the last one is available through the smart card interface, not via the Nitrokey App.
If you are keen for such challenges, there is not much to do actually. Just replace the VID:PID pair, and do the build (requires Qt package, installable e.g. via brew), as in:
# download sources (latest)
git clone https://github.com/Nitrokey/nitrokey-app.git --recursive
# for v1.3.2: git clone https://github.com/Nitrokey/nitrokey-app.git --recursive -b v1.3.2
# change the Pro's VID:PID, as in the mentioned issue, from 0x20a0 / 0x4108, to Librem's
# cd nitrokey-app; vim libnitrokey/device.cc -> search for 0x20a0 / 0x4108
cd nitrokey-app; mkdir build; cd build; qmake ..; make; ls
Then the macOS application should appear in the build directory.
Edit: Forgot to mention, that there is a CLI written in Rust: nitrocli. I have not tested it on the macOS myself though. To make it running with the Purism device it needs to change the libnitrokey as well.
Thanks for the pointers, @szszszsz! Now I know what I’ll be doing this coming weekend
Ha, I cross the fingers… but I anyhow don’t need that QT’stuff …
Regarding the TRG function there are only a few scripts for other OS’s as a connection. D.E.S.O has - beside nitrocli - also a rand rust program, but I have also not tested yet.
I am not sure if nitrocli compiles on macOS as the required hidapi - at least last time I tried it - was not available.
I will look into this as well, if time permits.