Nitrokey storage lost encrypted volume after reset


my nitrokey has been working flawlessly until know

but i accidently write the user pin too many times instead of my admin pin
and had to try reset my nitrokey storage.
after resetting i have lost the encrypted volume it doesnt show after entering the user pin

i discovered that .deb package is the wrong version 1.4.1 but it works in the system tray

the flatpak is version 1.4.2 but doesent work in the system tray

so now i am using nitrokey app version 1.4.1
and firmware version is 0.54

i am not sure how to fix this
can anybody help with this?

thank you :slight_smile:

Hi @christian_olsen,

I am afraid with the reset the access to the Encrypted Volume is lost. The smart card is removing all data during this action, including the AES key used for the encryption.

  1. This is by design. The encryption key is shared by the smart card (AES key DO) and MCU flash space slot of the Nitrokey Storage. If either is changed, the key is lost.
  2. Instead of running the factory reset, in this case User PIN should have been reset using the Admin PIN (either through Nitrokey App or GnuPG). If both User and Admin PINs are lost, the access to the encrypted data and stored secret material (incl. stored OpenPGP keys) is lost as well. Additionally Reset PIN can be set up, which would allow to unlock the PIN too, without exposing Admin PIN (Reset PIN is kind of a PUK code equivalent in mobiles).
  3. Once the smart card is reset (or the AES key is recreated in general) you need to recreate the partition on the Encrypted Volume (after unlocking) and format it to the favorite file system.
  4. I recommend updating the firmware to the latest one:

thank for the very detailed answer much appreciated

i did a firmware update which worked out.
nice and easy to follow instructions

after this i made new admin pin and user pin
but the encrypted volume still wont appear after unlocking

i then tried a complete factory-reset which did not change anything stil have same admin pin and user pin after doing it. and the encrypted volume still wont show after unlocking it.

i am not sure what to try next.
maybe i didnt do a proper factory reset
i followed these instuctions Factory Reset — Nitrokey Documentation

anyways thank you for your reply was very useful to try :slight_smile:

After the factory reset the Encrypted Volume (EV) now contains effectively random data. It has to be repartitioned and file-system formatted like any regular flash drive.

In case you use Linux, you can:

  1. Unlock EV
  2. Run Gnome Disks and select Nitrokey Storage
  3. Make partition table (MSDOS is backwards compatible, and is set by default during the production; GPT is modern)
  4. Create partitions (can be more than one)
  5. Format them with the chosen file system (FAT32 is the most compatible and factory default, but can be any depending on the usage).

Once the EV will be repartitioned and formatted, it will show up automatically on the next unlock as before.

I hope this helps!

1 Like

it worked like charm :slight_smile:

thank you very much for your help

can i make a suggestion to add your last post to Nitrokey Storage 2 documentation
in case you get a new another helpless individual like me :slight_smile:

trying to do a factory reset without knowing what he is doing

1 Like

Happy to help!

I have noticed this one too. Indeed such description should certainly be in the documentation of the procedure. Registered as:

It would be good to notify user about that directly in the Nitrokey App, just after key regeneration / factory reset as well. Then referring to the documentation would ideally be not needed at all.

1 Like

Yes that would be even better i agree