I opened a bug a time ago, seems that the software for nitrokey3 in the repos of Tumbleweed is broken and nobody takes care of it. Is the distribution still supported?
I am just getting this result when trying to start the app:
mercurio@silversurfer:~> nitrokeyapp
Traceback (most recent call last):
File “/usr/bin/nitrokeyapp”, line 5, in
from nitrokeyapp.main import main
File “/usr/lib/python3.11/site-packages/nitrokeyapp/main.py”, line 10, in
from nitrokeyapp.gui import GUI
File “/usr/lib/python3.11/site-packages/nitrokeyapp/gui.py”, line 12, in
from pynitrokey.nk3 import Nitrokey3Device
ImportError: cannot import name ‘Nitrokey3Device’ from ‘pynitrokey.nk3’ (/usr/lib/python3.11/site-packages/pynitrokey/nk3/init.py)
So, currently I wasn’t able to use it, to set it up on Linux or android… a nice black brick. At least I would get to the status of nitrokey2: working with passwords and encrytion as well as 2FA.
Does anybody achieved this on Tumbleweed or are the packages abandoned?
BTW, does he see it? Yes, lsusb says he does
Bus 001 Device 009: ID 20a0:42b2 Clay Logic Nitrokey 3A Mini/3A NFC/3C NFC
This suggests you did not install the nitrokey-app2, but the app for the previous Nitrokeys. In any case, the app2 used for Tumbleweed indeed appears a a year old, so yeah.
it actually doesn’t. As one of the shortcomings of nitrokey app is the lack of backwards compatibility, I have to have both on my system (nitrokey app and nitrokey app2). Now I have the nitrokey pro and the nitrokey3c.
In TW actually you have a good working nitrokey app and a shortcut icon.
But for nitrokey app3 you have to call it via the CLI with nitrokeyapp (as opposed to nitrokey-app which would then call the app2).
If you are confused it is understandable, but this is how they did it.
For a short time it worked until the changed the python version.
Now my key arrived and (somewhat ironic) the thing is apparently broken and the bug report is not answered.
I consider flatpack a security risk and if possible I would avoid it since there are binaries.
The lack of working software is actually a heavy burden for the commercial success of the product. (As opposed to the former app which worked (and works) very well).
we are 2024 a.C.
The CLI is maybe working but nowadays falling back to CLI needs against competitors that offer a load of app alternatives in android, one little positive point was the app. Now even the app is not working, you tell me about the beauty of the CLI and that after a delay of product to market of nearly three years… This IS a heavy burden. (Not to speak about NFC, I haven’t yet found a way to communicate to it via a smartphone. Somewhat doubtful if it works at all, maybe bought a piece of plastic for a lot of Euro. I am not really enthusiastic to tell the minor.
Not understanding the syntax either as it seems.
mercurio@silversurfer:~> nitropy nk3 version
Command line tool to interact with Nitrokey devices 0.4.47
v1.7.1
mercurio@silversurfer:~> nk3 secrets
nk3: comando non trovato
mercurio@silversurfer:~> nk3 secrets
nk3: comando non trovato
mercurio@silversurfer:~> nk3 status
nk3: comando non trovato
mercurio@silversurfer:~> nk3 test
nk3: comando non trovato
mercurio@silversurfer:~>
Exactly. To make usage easier, you can define an bash alias. For example, if you add the following to ~/.bashrc:
HISTCONTROL="ignorespace"
# The above is an optional bash configuration and means if you start any cli command with a space, it will not be recorded in bash's history function. See the alias example below:
alias p=' nitropy nk3 secrets get-password $1'
You can obtain a saved secret/password by simply typing:
$ p reddit
It’s still cli, but this makes regular operations pretty fast. HTH
Thank you for these indications.
Well, at least I understand now why the nitrokey 2 sells at double the price of the nitrokey3. Reflects well the quality of service and the maturity of the product.
I cannot currently recommend to buy it.
It will be interesting to see when a mature, working, backward compatible software will be developed with binaries for major distributions. For sure flat-pack makes the whole exercise IMHO worthless from a security point of view.
I also use a mix of NK2-NK3 devices and agree it’s very suboptimal, they don’t have one client software which supports configuration/usage of all their keys hardware platforms. But that hurdle is not so important to me due to other issues not subject here.
Yet, I’m sorry but by now I don’t understand what sort of software distribution channel you ask for:
Nitrokey cannot be responsible for packaging in major distros. We ascertained early in the thread that the existing TW app2 is not updated. You should open a bug report with OpenSuse, if the application is broken and supposed to be packaged in official repos. If the package maintainer points you to flatpak, that’s the distro’s choice for starters.
While I share your reservations regarding flatpak, it does offer sandboxing features. I wonder if you have inspected the permissions (flatpak info --show-permissions name-of-flatpak) distributed? Without having done so, your criticism appears a little unreasonable to me. If it’s not reasonably sandboxed, the next step is to open a bugreport with nitrokey’s repo on github.
If (as you write) you require a binary of the app2, download and execute it as a user directly from nitrokey github, without installing it via your package manager/flathub. If it does not run, share the errors it posts or (again) open a bugreport with Nitrokey github directly.
EDIT: For completeness, the following is the result link for the Nitrokey app2 linux binary app2 v2.3.0 malware detection on Virustotal. No matter how trustworthy an repo-owner is, it’s good practice to check binaries one uses directly.
