Reset Nitrokey strorage - Forgot admin password

I have a Nitrokey strorage that I wish to reset. I do not know the admin password for this as I’ve had it so long I can’t remember what it was. I have used up my attempts to now get into this device and I wish to reset it back to factory default so I can start to reuse it.

I’ve checked much documentation but this process doesn’t seem to be easy to find. Can anybody point me in the direction for some information on this?

Surely the device hasn’t now been rendered useless?

I have five nitrokeys, four are storages and to be frank I don’t remember the admin passwords on any of them so I’m looking to reset them all with an admin password I can remember.

Yes, I am aware that my methods are terrible, but I bought these devices back before I was really up on the need to do things in a different manner.

I truly appreciate any help that comes my way here.

A procedure to do so can be found here: Frequently Asked Questions (FAQ) | Nitrokey

Thanks for that link.

I’ll try it.

Please excuse being offtopic:
@szszszsz I had a look at the reset procedures and know for sure that Nitro HSM can also be reset after being blocked or after SO PIN has been lost. Did that a couple of months ago. When device is blocked, it is open for firmware update and you can reinitialize the smartcard and it allows the setup of a new SO-PIN. Normally you need to upgrade the firmware in order to reset to factory defaults. However when the device is blocked, you can reinstall the same firmware version. Maybe the FAQ should be updated accordingly. SmartCard-HSM Firmware Update


Thanks again for the links above, but I can’t get this to work and now it appears that the nitrokey is dead.

I initially went for the "reset Option 2 in windows. I execute the “ResetPGP” exe file and I click enter as I don’t know the admin pw. It throws up a quick terminal and this disappears. I followed the steps but now the laptop won’t recognise the nitrokey at all. The laptop will make a noise when it is plugged in but there is no light on the key and it doesn’t show up.

For all intents and purposes this key now appears to have had it. Does anybody have any ideas here? I can’t say that I’m really impressed as I followed the instructions which are straight forward and now it looks like an expensive key might be kaput.

I’ll be very appreciative if anybody has any ideas about how this can be retrieved.

What version of Windows are you using? Can you run the following cmdlet in a PowerShell before and after plugging in the Nitrokey Storage in order to list all USB devices?

Get-PnpDevice -PresentOnly | Where-Object { $_.InstanceId -match '^USB' }

Do you have the Nitrokey App installed? Does it detect the Nitrokey? Which version of the app are you running?

I would contact as the device can be factory reset when you forget the admin PIN. A reset should make it working.

1 Like

The current documentation for Nitrokey Storage is here:

Unfortunately it does not list any GUI way to run the reset, but only offers it through GnuPG. It should be possible to run it through the Gpg4Win / Kleopatra suite:

Once you factory-reset the smart card, the PINs for User and Admin will be set to 123456 and 12345678 respectively, with the data removed as stated in the documentation page, OpenPGP factory reset column. The only credential that cannot be reset is the firmware password.

This is certainly not the expected behavior. If the Nitrokey Storage is not detected by Nitrokey App, it either:

  • cannot detect the smart card, or
  • it entered update mode.

For the latter it should be listed in the Device Manager as a ATMEL Bootloader or anything similar. In that case following the update procedure will be sufficient to bring it back. Listing the USB devices as mentioned by @nku’s post could be helpful too.
Otherwise, please check connect it to another PC (ideally with another OS) and check if the connection could be made. If not, please contact, linking to this page, and asking for the further steps (e.g. replacement / repairing if possible or more technical ways for the further investigation).

Thank you for these replies. I have managed to have a quick look at this as I don’t have time in my work week usually.

The device is now listed as “Atmel”. I have no idea how this entered update mode as this is most certainly not a road I would go down. But it is there which is great. I see it listed like this in Linux (debian) not in windows.

I’ll continue now to pursue this although time is hard during the week for me.

Thanks for the links and taking the time to post. I’m very appreciative.

1 Like