The Nitrokey Storage uses a physical OpenGPG smartcard. It seems that different implementations of such cards exist that may have individual features like factory-reset enabled.
It would be a good idea to document the state diagram of the actual smartcard in the Nitrokey Storage.
This would answer some questions that I have right now: Is it possible to block out the admin pin and still be able to factory reset the smartcard (and deleting the secret material)? Or will the smartcard/Nitrokey be bricked?
If a factory-reset of the smartcard is not possible, how can a reset code be removed?
The reason for these questions: the different pins allow a segregation of duty and maybe a Nitrokey needs to be recomissioned with different usecases in mind.
As over time the Nitrokeys get updated, is there an easy method to identify its hardware revision? I bought them over time and visually they do not differ.
- Our OpenPGP smart card implementation used by Nitrokey Storage is available on our Github:
- Yes, it’s possible to run a factory reset with the Admin PIN blocked.
- User PIN can be changed by self (User PIN), Admin PIN and Reset PIN
- Reset PIN can be changed by Admin PIN and self
- Admin PIN can be changed by self only. If the Admin PIN attempts counter is used up, smart card has to be factory reset, which will remove all the data stored on the smart card.
- Factory reset can be executed at any time, whether the smart card is in locked state or not, and without knowing of any PIN. (edit: reset PIN is removed on the factory reset)
Regarding the hardware revision, for Nitrokey Storage we have not introduced any significant changes in the hardware lately. You can check this at our Github repository:
We have not introduced any hardware markings yet due to that (readable from firmware).
Edit: regarding the smart card, it’s version can be read from the GnuPG device description, by running
gpg --card-status - latest smart card revision we use is OpenPGP v3.3.
Yes, it’s possible to run a factory reset with the Admin PIN blocked.
Got it. Just wanted to make sure that this is not dependent on a specific OpenPGP specification and is true for real smartcards as well as gnuk based tokens. Would not risk to brick the device without confirming this.
This also means that pre-comissioned and managed tokens can be altered by the user or someone that finds the token in a parking lot (loosing most secret data in the process). (Possible use case: company issued NitroKeys with readonly partition and user only knows PIN1)
Regarding the hardware revision, for Nitrokey Storage we have not introduced any significant changes in the hardware lately.
So the product name version is related to warranty and version of the OpenPGP applet (and its supported key types) on the card?
Thanks for taking the time to answer my questions!