No Factory reset

3c9fd7e31 · January 26, 2024, 3:01pm

My nitrokey3 are not useable.

GPG is not working properly. The admin pin is not recognized on some gpg --card-edit operations… so the key become unuseable. (therefore i made an issue a few days before).
I never got x509 working… it bricked my nitrokey, when i worked with p11-libraries.
Openkeychain does not work with the nitrokeys… i bought them to use it via NFC with my mobile and NFC for GPG is deactivated now… via USB i got an error… So 2 of my key-features why i bought nitrokey3 are broken.
I must make some hacks to get nitropy working… libcrypto ist not found… nitrokey-app has the same problem obviously… but i use it from appImage… the tools are also broken.
The keys lost the PIN for Fido also…

And now i wanted to send them back to get my money back… and tried to reset the nitrokeys…

look…

~/.NITROKEY: $ nitropy nk3 factory-reset
Command line tool to interact with Nitrokey devices 0.4.45
 
This feature is experimental, which means it was not tested thoroughly.
Note: data stored with it can be lost in the next firmware update.
Please pass --experimental switch to force running it anyway.
 
Aborted!

ok… then with --experimental

~/.NITROKEY: $ nitropy nk3 factory-reset --experimental
Command line tool to interact with Nitrokey devices 0.4.45
Please touch the device to confirm the operation
Critical error:
Factory reset is not supported by the firmware version on the device

what the f…

tried to reset piv and the other apps one for one… but:

$ nitropy nk3 factory-reset-app 
Command line tool to interact with Nitrokey devices 0.4.45
Usage: nitropy nk3 factory-reset-app [OPTIONS]
                                     {fido|opcard|secrets|piv|webcrypt}
Try 'nitropy nk3 factory-reset-app --help' for help.

Error: Missing argument '{fido|opcard|secrets|piv|webcrypt}'. Choose from:
	fido,
	opcard,
	secrets,
	piv,
	webcrypt

$ nitropy nk3 factory-reset-app piv
Command line tool to interact with Nitrokey devices 0.4.45
 
This feature is experimental, which means it was not tested thoroughly.
Note: data stored with it can be lost in the next firmware update.
Please pass --experimental switch to force running it anyway.
 
Aborted!

$ nitropy nk3 factory-reset-app piv --experimental
Command line tool to interact with Nitrokey devices 0.4.45
Please touch the device to confirm the operation
Critical error:
Failed to factory reset the device: The application does not support factory reset through nitropy

What worked… i could do a factory-reset for gpg…
But i can not send the keys back nor sell them to someone who wants to waste also lifetime for this unusable bricks…

I bought the keys in April 2021, got them in September or October 2022… and they are still under heavy but very slow development in January 2024…

Really… i hate them.

bernd · January 26, 2024, 5:59pm

See i.e. Errors and errors :c - #2 by bernd where I’ve tldr’d for another user.
Resetting all modules just works. The process is also good enough documented in the Nitrokey wiki

3c9fd7e31 · January 26, 2024, 11:06pm

No:

$ nitropy fido2 reset
Command line tool to interact with Nitrokey devices 0.4.45
Reset is only possible 10secs after plugging in the device.
Please (re-)plug in your Nitrokey FIDO2 now!
Warning: Your credentials will be lost!!! continue? [(y)es/(n)o]: y
choosing: yes
Press key to confirm -- again, your credentials will be lost!!!
Critical error:
Reset failed (CTAP error: 0x30 - NOT_ALLOWED)
Did you confirm with a key-press 10secs after plugging in?
Please re-try...

--------------------------------------------------------------------------------
Critical error occurred, exiting now
Unexpected? Is this a bug? Would you like to get support/help?
- You can report issues at: https://support.nitrokey.com/
- Writing an e-mail to support@nitrokey.com is also possible
- Please attach the log: '/tmp/user/2000/nitropy.log.za5x5tea' with any support/help request!
- Please check if you have udev rules installed: https://docs.nitrokey.com/nitrokey3/linux/firmware-update.html#troubleshooting

yes:

$ nitropy nk3 secrets reset
Command line tool to interact with Nitrokey devices 0.4.45
Do you want to continue? [y/N]: y
Please touch the device if it blinks
Done

and gpg-keys i could reset…

But from where should i know, that this is enough?
I could reset fido2 with chrome… hopefully.

And wait… This thing is 3 years old… and a given so called factory-reset does NOT work… i have to search somewhere else (and i did NOT found your entry… somewhere in a comment in a thread… ).

3c9fd7e31 · January 26, 2024, 11:09pm

And do you have an idea for that problem?

nku · January 27, 2024, 8:34am

This is also in the docs

nku · January 27, 2024, 8:41am

Did you try installing the firmware and overriding the settings? Currently only RSA is working.

3c9fd7e31 · January 27, 2024, 1:38pm

I use Linux. Only… no Windows in the house.

3c9fd7e31 · January 27, 2024, 1:40pm

I installed the latest firmware 1.6.0.

Now i hope, all of my data is really erased. Now i can sell them… I don’t want to waste more of my lifetime with nitrokeys.

thank you.