Nitrokey Pro2 with Heads

I have a Thinkpad x230 which I have flashed with Heads. It works with the traditional TOTP but I cannot seem to find a way to get it to work with HOTP in order to use the Nitrokey Pro2 LED as part of the verification procedure. Can anyone please point me to how to do this?

Hi!

I would expect this works out-of-the-box. I have no experience with that, sorry. I can point only to the client application, which is used with it - perhaps would make it easier to find the proper manual or forums: https://github.com/Nitrokey/nitrokey-hotp-verification.
Please make sure your Nitrokey Pro device’s firmware is v0.9+.
Heads project: https://github.com/osresearch/heads.

Thanks for getting back to me. Yes I’m using firmware version 0.10 so all should be in order. Strange that it doesn’t work out of the box. I see the patch for the hotp verification tool in the compiled Heads directory. Cannot seem to get heads to allow the creation of an hotp secret. Annoying.

Did you build Heads yourself? You need to set the corresponding option in the menuconfig first, otherwise it is not build into Heads. The option is CONFIG_LIBREMKEY=y.

1 Like

Thanks Alex. Good timing. I’d just asked that question on the heads matrix room and worked it out this morning. Working really well. So just bought three more nitrokey’s to set up some colleagues. Arriving next week!

Hi Alex,

I noticed just now that you are selling x230’s with the Heads/Pureboot system! Part of me is hoping that this request and the discussion on matrix spurred you in this direction, but I have no idea!

Anyway, I wanted to let you know that, after sorting this all out I moved my entire NGO (https://unpo.org/) over to these systems (built myself) and it has had a huge impact for us. All staff are now always equipped with their Nitrokey Pro 2s, Nitrokey FiDO keys and x230’s with Pureboot.

There is surely a wider market for this among NGOs and I have had numerous organizations and activists ask me about the system (until now only available if you build yourself), so I am alerting folks to your new offering. Prices are high and I was thinking that you might also want to consider working with some of the NGOs that provide donations to NGOs in Europe to provide these systems. The likes of Techsoup (in the Netherlands and Belgium) and Stifter-Helfen (in Germany) are currently providing x230s (primarily) to NGOs at reduced costs (about 250 EUR for full-warranted, refurbished systems). Tutanota works with them to provide discounted business accounts to NGOs (https://tutanota.com/blog/posts/secure-email-for-non-profit). I’d like to suggest that Nitrokey might follow Tutanota’s lead and do similar with the Nitropad bundle. Could be a good way to spread adoption of your products, while also making a huge contribution to NGOs.

Anyway, I have no idea if you are the person to write this to. But as you were monitoring the discussion on getting HTOP to work on Heads back in October, I thought to write to you.

Cheers

Ralph

1 Like

I was already working on this topic when you asked your question. This is the reason why I could help you with that easily :smile:

Regarding the other notes I can just tell you that @jan has seen it and will surely consider your suggestions.

Thanks for the Feedback!!!

We are open to provide discounts to NGOs, on request. (Also did so in the past.)

Thanks Alex, Jan

Actually what I’m suggesting doesn’t relate to my org. We’re all set up: self-built x230s with PureBoot using Nitrokey Pro2. No need for donations on my side.

Rather I’m suggesting that instead of an ad-hoc arrangement you might contact these tech donation companies and see if they might build in the Nitropad to their pre-existing “donation” programmes.

I use " " here because recipients pay 250 EUR, which is basically market price for good condition x230s with Windows licenses anyway and even on the software side the donations are usually gateways to providing more paid service (e.g. with tutanota) or keeping you in the ecosystem for other forms of commercialization (Google).

I know that many ngos get their IT hardware and software through these programmes, so this could be a good way for you to get large numbers of your keys into use with NGOs across Europe). It’s what keeps Microsoft effectively in business with NGO as if they needed to pay market-price license fees many more would be using linux; same with Google and G-suite.

Given that Tutanota are now “donating” through these platforms and they are all “donating” x230 laptops at present, I reckon it could be a smart move for you.

As it is, I can tell you, many of my colleagues are jealous of what we are using now and would be interested in making a move if there was an easy way to do it. You’ve moved the ball now offering this stuff in Europe (to-date there was no option except in North America) and you’d reach a much wider ngo audience through those companies.

[As an aside, the latest thing I’m seeing is digital security trainers giving out Google’s titan keys at every training to all ngos. I have a drawer full of them that I decided against using in favor of your FIDO keys because I decided to stay as true as possible to open source. But it is hard to justify when these guys are giving them away. The fact we are locked in to nitrokey’s for PureBoot was very helpful!].

Anyway, I hope this info is useful to you. Sorry for the length. I have a bee in my bonnet these days about Linux and open-source (hardware, firmware, software) for ngos and small businesses. I think there’s a major need and a bit of a gap.

Cheers

Ralph