Is it possible to reset the Pin tokens if the Default Password has not been reset?
Thanks for the reply Jan…
Ok… It seems that the nitrokey is now unusable so can I assume that my only option is to discard it and boot up a fresh operating system, or can I still somehow wipe the encrypted data and leave myself with a clean operating system without the nitrokey? I would prefer the second option if possible…
Do you refer to a NitroPad?
Yes I am Jan.
I tried to do a factory reset without success at at the moment… I’m using nitrokey storage on a notropad with qubes… I followed the instructions here Factory Reset — Nitrokey Documentation
Everything went well unitil I had to choose which usb … The choices were:
1: Kinsgston (my usb stick for saving my security key) /dev/sdb1
2:Nitrokey /dev/sdc1
3:-blank- /dev/sdd
I chose 1: as it was highlighted and it was dev/sdb1, the other two being /dev/sdc1 and /dev/sdd (my assumption was the program needed to know where to store my security key but I might be wrong here)
Anyway the program carried on and accepted the default pin 12345678 and tried to boot without success. A big red screen Abort failure!
Can you tell me if I made the right choice with the selection of usb options…
Day 2: I’m still unable to do a factory reset and am now totally stumped as the process for factory reset is definitely not working… I now understand the usb process of the section so I am not making a mistake there…
I need to know what my options are as I’m looking at 1500 pounds of useless laptop… Do I need a new nitrokey or do I throw the old nitrokey away and install a new qubes OS. Even that isn’t clear to me as I believe you have installed a modified bios so I’m not even sure I could do that…
Please can you give me an indications of my options here… Thank you
Hey @sim,
essentially there are two things that could break:
nitrokey hotp-secret and/or gpg-key: Factory Reset — Nitrokey Documentation
something weird with the OS: Operating System Reinstallation — Nitrokey Documentation
Usually a nitropad should also boot into the OS without the working Nitrokey, just use “default boot” and click yourself through the various warnings, which occur due to the missing Nitrokey - you should end at the hard-disk decryption prompt.
So if you say you cannot boot into the system, you might need to do a os reinstallation. But best practice would be to 1st try to do a factory reset, which will just re-init your nitrokey. You could also try to not save the key externally, if you encounter issues after this step. (you can redo it anyways, at any time)
Hi daringer thanks for response and info,
I haven’t quite given up on nitrokey yet!
I tried factory reset a few times and didn’t work…
I’ve also tried admin option 1 changing pin which also didn’t work…
I haven’t tried any of the other options yet, should this be my next step?
Day 3:
Having changed the pin on option 1 I tried to verify it and it didn’t work!
I’m now down to 1 0 3 and very reluctant to go further here . I tried the new pin which I just added a 9 to and when that didn’t work I tried the old pin 1-8 in case it hadn’t changed it and that didn’t work either. I did a screen print of a status report before I tried to change the pin and it showed me details of Signature/Encryption/Authetication keys plus General info. In the latest status report all that has disappeared and all those headings are showing [none]
I’m not sure where to go from here!
Ok, I now tried changing my pin (option 1) once again and verified it which was ok.
However it then told me to unlock the system.
How do I do that as default boot takes me straight back to the recovery shell?
This is the current status showing no keys:
Can I still do a factory reset from this position?
I have tried a OEM Factory Reset and it doesn’t work.
I have tried updating the BIOS and that doesn’t appear to work but I may have done this the wrong way.
Could someone please help with the procedure I need to follow here…
Day 4: update…
Today I tried to unblock the Pin using a Reset Code to no avail!
Apparently the Reset Code is not available anymore…
I’m stumped and can’t find any clue as to what I can now try in order to do a factory reset…
Could anyone suggest how I could get over this, many thanks…
Ok, I now understand the system of pins and tokens properly, for those in the same situation this is the best explanation I’ve found on the subject: Nitrokey Start: Getting started guide (gnuk openpgp token) - Raymii.org
If I’ve read this right it appears that once the Admin tokens have been used up there is no way to reset the key to make it usable.
The question then is can the old key be reflashed or can I use a brand new nitrokey to gain access to the nitropad and if so, does it have to be paired in some way?
ok, the overview shows you have used up all admin-pin retries.
I would suggest the following:
- reset the nitrokey (Frequently Asked Questions (FAQ) | Nitrokey) on another computer
- reboot the nitropad with the key plugged in and do a factory reset: Factory Reset — Nitrokey Documentation
If you still have issues entering your OS, please do a Operating System Reinstallation — Nitrokey Documentation
Hi daringer,
Thanks for reply I’ve been away from my computer for a week which is why I haven’t been able to follow your instructions…
Yes all admin pin retries have been used up. I’ve just tried to unlock the encrypted volume using the nitrokey app version 1.4.2 and received message: “Could not unlock encrypted volume. Status Code: -1” is this something that I should expect or should I be able to unlock the encrypted volume, in other words do i need to do this to reset my nitrokey using the nitrokey app or is there another way I am not aware of?..
I noticed I have the option now of destroying encrypted data, is that what I should be doing here?..
If you have used up all your admin pin retries, please use the Option 3 or 4 (for linux/mac) or Option 2 (for windows) described in the FAQ here: Frequently Asked Questions (FAQ) | Nitrokey
Once you have reset your Nitrokey Storage using one of the options above, you should also destroy all encrypted data using the nitrokey app in order to have a factory-state Nitrokey.
I tried resetting the pin using option 3 and failed so at that point I’d reached my brick wall and decided to do a fresh os installation.
I downloaded the qubes os and checked the hash. Wrote the system image to a usb and followed the rest of the instructions… I created a user password and everything seemed to be going to plan. Half way through the installation the program informed me that it was closing down. I tried it a second time and the same thing happened…
- Did you use the Qubes-OEM image for the Nitropad referenced here: Operating System Reinstallation — Nitrokey Documentation ?
- Afterwards you booted from the usb-stick and the installation ran mostly automated?
- Then your Nitropad started and you typed in your hard-disk encryption password?
- Your Qubes started and you where asked to set up your user (login) and password?
Is this all correct and happend like that? Which program then told you “it was closing down”? Can you be a little more precise please?
best
- Yes, I used the Qubes-OEM image and wrote it to a USB after checking the hash.
- Yes
- No, my nitropad just closed down.
- No, The installation never appeared to finish. I set up a new password in the first part of the installation process.
There is a thin green or brown bar that comes across the bottom of the screen during installation that told me that it was closing down…