Private Data Objects in Nitrokey PRO 2

S515815 · September 24, 2020, 9:27pm

Hey,

Just bought my Nitrokey recently - really good experience so far!

I have a query regarding Private DO 1. Is it PIN protected?

When I try to retrieve a stored object through pkcs11-tool or Veracrypt the user pin is requested.

Now, if I use gpg --edit-card, object is displayed without a PIN request. Firstly, I thought that the PIN may be cashed, but looks like this is not the case (removed device, restarted session).

Regards,

jan · September 25, 2020, 10:14am

(from https://gnupg.org/ftp/specs/OpenPGP-smart-card-application-3.3.pdf, page 36)

szszszsz · September 25, 2020, 10:37am

In other words, PDO1 and PDO2 are not read protected, but PDO3 and PDO4 are, with User and Admin PINs respectively.

S515815 · September 25, 2020, 5:39pm

Thank you both for a prompt response. Yeah, this explains everything.