The Nitrokey Storage uses a physical OpenGPG smartcard. It seems that different implementations of such cards exist that may have individual features like factory-reset enabled.
It would be a good idea to document the state diagram of the actual smartcard in the Nitrokey Storage.
This would answer some questions that I have right now: Is it possible to block out the admin pin and still be able to factory reset the smartcard (and deleting the secret material)? Or will the smartcard/Nitrokey be bricked?
If a factory-reset of the smartcard is not possible, how can a reset code be removed?
The reason for these questions: the different pins allow a segregation of duty and maybe a Nitrokey needs to be recomissioned with different usecases in mind.
As over time the Nitrokeys get updated, is there an easy method to identify its hardware revision? I bought them over time and visually they do not differ.