However, even though I was very careful in documenting the user PIN I assigned to the Nitrokey, apparently the saved PIN I’m trying to use is incorrect.
I have only 1 remaining attempt to enter the correct user Nitrokey PIN.
I’m praying a reset would be a possible work around as I have not even added any documents to the incredibly beautiful machine that I’ve ordered from you.
Please, please help me win this Russian Roulette !!!
First of all, you can always factory reset your Nitrokey but–of course–that would wipe your keys. If you want to avoid that you could use gpg --card-edit on a separate computer and reset the User PIN. This requires your Admin PIN. Maybe this solves the issue that your legitimate User PIN is not accepted by Heads too.
What’s weird here is that the Remaining attempts counter is not decreasing with the each PIN input. It is possible that this is caused by some kind of temporary communication issue between the Nitropad and the Nitrokey Storage device. Could you remove and insert the Nitrokey Storage on the another attempt, if the problem still persist?
I am at the stage of OEM Factory Reset. I am a novice and would like to confirm that I am correct in choosing to continue with regard to this warning “It requires that you already have an OS installed on a dedicated /boot partition.”
OEM factory reset is not going to damage anything. But you should only execute this with systems where you are certain no backdoor has been installed. Because your current system will be signed and trusted from now on. Furthermore the OEM factory reset does reset your PGP keys and OTP secret on the Nitrokey.
Please run again the OEM factory reset once again,
Continue with selected options as before until ERROR: GPG keyring empty
Select Add a GPG key to the running BIOS
Follow the prompts to add the key
Continue as previously
The reason is, that after the OEM factory reset the GPG keys are removed both from the device and from the BIOS image, hence it is needed to generate and add them to both places.
Alternatively it should be possible to do so as well through one of the options in the GPG Options screen.
It seems that in case you have backed up your keys already during the last OEM reset, these could be used during the GPG Options -> Replace GPG key(s) in the current ROM + reflash procedure. If not, I think it will be best to work over the OEM reset once again.
My guess here is that you are using Nitrokey Storage for backup. In the factory state the Nitrokey Storage has the unencrypted volume set to read-only, which blocks the export operation here. This attribute can be changed with the Nitrokey App: Configure -> Set unencrypted volume to read-write.
You can use another USB flash device as well, as the data to backup are not secret - the items to export are the public parts of the GPG keys which could be used later, e.g. for import to avoid another key generation in case OEM factory reset would be required again.
cc @jan@nitroalex : This operation can be done semi-automatically by Heads
@GMHIII Please use a simple USB drive instead. It is recommended to insert the Nitrokey first, then the USB drive so that you know which one to choose in the menu (=the last one).
We are building a new firmware version for the NitroPad which improves the situation hopefully. I am sorry for the inconvenience.
This does not help as it is overwritten after factory-reset afaik
And the images below were my attempt to get back to a point where I can access the Nitrokey app so I could follow your suggestions regarding the Nitrokey being used as backup.
I have to generate a new HOTP/TOTP secret, can use the reset admin key, but without a GPG on the keyring key I am back to replacing GPG key and reflash, but need a public key.
ERROR: No Files found
I tried to move past that point but now am seeing HOTP: invalid Code
If i can’t find the GPG key on the Nitrokey after reset, and can’t get back to the system starting page to log in and open the app, what is the workaround? Another OEM reset?
Is it possible there is something going on with the key itself? At the very beginning of this process I was able to set everything up. I shut the Nitropad down for the night and when I restarted there was System Update announced on the screen. This is where the problems began.
It also seems strange to me that the machine would receive a system update without having been online.
How would the update arrive?
And the images below were my attempt to get back to a point where I can access the Nitrokey app so I could follow your suggestions regarding the Nitrokey being used as backup.
I have to generate a new HOTP/TOTP secret, can use the reset admin key, but without a GPG on the keyring key I am back to replacing GPG key and reflash, but need a public key.
ERROR: No Files found
I tried to move past that point but now am seeing HOTP: invalid Code
If i can’t find the GPG key on the Nitrokey after reset, and can’t get back to the system starting page to log in and open the app, what is the workaround? Another OEM reset?
Is it possible there is something going on with the key itself? At the very beginning of this process I was able to set everything up. I shut the Nitropad down for the night and when I restarted there was System Update announced on the screen. This is where the problems began.
It also seems strange to me that the machine would receive a system update without having been online.
Can you provide instructions or steps on how to proceed using an additional USB drive?
Would I be using the the additional drive as a sort of intermediate step to get the GPG key on to the Nitrokey? I do not have experience with this process.
Would you be able to provide further guidance on how to proceed?
I re-tried the factory reset with original key as a test. No success. Could you advise on how to use a different USB drive to perform this task? I’m really in the dark here. I’ve had this Nitropad since July 3rd and need to get started using it for work. I ordered another just like it - Qubes with Nitrokey storage - and I am stuck. Please help! I Need these machines for pressing projects.
Hello,
Sorry for the delay. Please run everything as previously, but with any USB drive used for the public keys export. Because Nitrokey Storage is by default write-protected, currently it cannot be used unless the protection is removed with the Nitrokey App on another PC before its use.
During the process the additional drive should listed in the dialog, where user is choosing the export destination. Please try one of the options, and then another one if the former would not work.
However, even though I was very careful in documenting the user PIN I assigned to the Nitrokey, apparently the saved PIN I’m trying to use is incorrect.
I have only 1 remaining attempt to enter the correct user Nitrokey PIN.
I’m praying a reset would be a possible work around as I have not even added any documents to the incredibly beautiful machine that I’ve ordered from you.
Please, please help me win this Russian Roulette !!!