Private Data Objects in Nitrokey PRO 2


Just bought my Nitrokey recently - really good experience so far!

I have a query regarding Private DO 1. Is it PIN protected?

When I try to retrieve a stored object through pkcs11-tool or Veracrypt the user pin is requested.

Now, if I use gpg --edit-card, object is displayed without a PIN request. Firstly, I thought that the PIN may be cashed, but looks like this is not the case (removed device, restarted session).


(from, page 36)

In other words, PDO1 and PDO2 are not read protected, but PDO3 and PDO4 are, with User and Admin PINs respectively.

Thank you both for a prompt response. Yeah, this explains everything.