Nitrokey Storage bricked?

Hi,

I received my nitrokey storage in the mail today. I tried to set it up, but generating keys would always fail. So at first I tried reseting it with factory-reset command in “gpg --card-edit”. It didn’t help. So then I tried the gpg-connect-agent script on the website’s FAQ to reset the stick. Now it’s completely dead. dmesg prints that a device is connecting and disconnecting and lsusb shows an “Atmel” device. But it’s like there’s nothing in there anymore. No light when it’s plugged in et c. I guess I must have bricked it.

So after a good night’s sleep, I realized my mistake : I put the nitrokey in firmware upgrade mode. In my mind, when I did that I was expecting the nitrokey-app to do the updating all by itself hoping that a firmware upgrade would fix my key generation problem. Since nothing happened, I thought it had failed and forgot about this. Then this morning, I remembered that “detail” and went to read about firmware upgrading on the website. I then downloaded dfu-programmer. Flashed the firmware available for download on the website, disabled pcscd.service, reset the smartcard with cryptostick-reset.txt and now I can access the smartcard again with “gpg --edit-card” (but only when pcscd is not running). I then tried to fill the SD card with random data on the drive, but that failed (stopped working at 10%). I’m now back to where I started :

[code]gpg/card> list

Application ID …: D2760001240102000000000000CA0000
Version …: 2.0
Manufacturer …: test card
Serial number …: 000000CA
Name of cardholder: John Doe
Language prefs …: en
Sex …: unspecified
URL of public key : [not set]
Login data …: jdoe
Signature PIN …: forced
Key attributes …: 2048R 2048R 2048R
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 3
Signature counter : 0
Signature key …: [none]
Encryption key…: [none]
Authentication key: [none]
General key info…: [none]

gpg/card> generate
Make off-card backup of encryption key? (Y/n) Y
What keysize do you want for the Signature key? (2048)
What keysize do you want for the Encryption key? (2048)
What keysize do you want for the Authentication key? (2048)
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: John S. Doe
Email address: jdoe@myhost.net
Comment:
You selected this USER-ID:
“John S. Doe jdoe@myhost.net

Change (N)ame, ©omment, (E)mail or (O)kay/(Q)uit? O
gpg: key generation failed: Card error
Key generation failed: Card error
gpg: error setting forced signature PIN flag: Input/output error

gpg/card>[/code]

I succeeded in initializing the nitrokey with random data. But now the behavior of the smartcard is erratic. I can’t access the smartcard anymore from gnupg. I am able to access it erratically with openpgp-tool. One time I plug it into the laptop, nitrokey-app doesn’t see it. The next minute I plug it in the main PC and nitrokey-app recognizes it. I’m running out of ideas of where to start to get it to work.

There was indeed an older version which under certain conditions broke the smart card. The latest firmware should fix this issue.

Hi, I did notice that there’s been some updates for nitrokey-storage-firmware on Github. But since I couldn’t find an updated firmware version on the website I was not sure whether or not it was a good idea to try to update it. I’m not familiar with embedded development. More specifically I can’t find a USB_MASS*.elf file on GitHub and I have no idea whether it’s safe or not to use the USB_MASS_V0.22.elf provided in the zip file on the website with an updated firmware. So I’m still at 0.22. I am able to put keys on the smartcard using GNUPG’s ‘keytocard’. I was able to encrypt with the smartcard too. The nitrokey is still erratic in the sense that gnupg doesn’t find it all the time. I updated to gnupg 2.1.7 a few days ago which has some smartcard stability updates. That may help with the erraticness. But I haven’t tried it yet. I’ve also updated to the latest unstable gnome-keyring which disables it’s gpg-agent and the latest pinentry. When I have time I’ll look into building the updated firmware. But I fear this USB_MASS*.elf file is some bootloading voodoo a bit beyond my abilities.

Version 0.22 is the latest “release”. You always find the latest firmware we released here: nitrokey.com/en/doc/firmware-update-storage
No need to compile the firmware yourself.

The issue you are describing result most likely from Gnome Keyring and GPG. See this FAQ entry: nitrokey.com/documentation/frequently-asked-questions#openpgp-card-not-available

Did you solve the problem?

Hi,

Haven’t got around to testing the nitrokey again. I’ll report back here when I do.