I am new user of Nitrokey Storage and I try change PIN using application version 1.2.1 (distributed on flash). No yours other application installed.
If I use default PIN 123456 to unlock encrypted volume - it is working fine. But if I try change it, application tell me “Current PIN is not correct”. Why?
If I try unlock encrypted volume with wrong PIN. Working as expected - wrong PIN and counter “tries left” is number 2. But If I try it again with CORRECT PIN - result is “wrong PIN” and counter is still 2!
I must quit application and reinsert drive to USB slot. After that - PIN working. I am confused …
If I try unlock Password safe from systray menu (again - 123456), PIN is not correct. But if I try it same from Configuration window - it is working fine.
I quit application, key eject from USB slot and plug in again. Starting application - and voila! PIN for Password safe from systray menu working. I am confused …
In documentation you write:
Brand-new Nitrokey Storage need to be initialized first. Use the Nitrokey App and select “initialize device”. This process generates AES keys and formats the entire volume with random data. Because this is a security-critical aspect we decided that users should perform it themselves.
But I do not see “initialize device” nowhere. Even if I run application with “–admin” parameter. So how do I change the encryption key?
it is odd that you could not see the “initialize device” directly at this is the case most of the time (then in main menu without ‘–admin’). But as it is I would recommend the following procedure:
Open the app with ‘–admin’ as before.
Go to “Configure” -> “Special Configure” -> “Factory reset”
After this, go to “Configure” -> “Special Configure” -> “Initialize Storage with random date”
Now the default PIN should work just fine. The problems you had can occur, if the encrypted data got not initialized correctly thus PIN does not work for the encrypted Storage.
The procedure should solve the issue. Please let us know how it turned out.
Hi @ludvik!
This behavior is unusual. Could you check in About what is your Storage’s firmware version and let me know?
Regarding initialization, we might have started shipping initialized device’s for the users’ convenience (as it takes about 1h or more for 16GB size). It is possible to do the whole operation once again (as @nitroalex described) :
(optional) selecting Factory reset from Special configure menu (--admin switch),
Important: selecting Destroy encrypted data (generates new AES key for data encryption),
(optional) selecting Initialize storage with random data from Special configure menu (--admin switch).
As for the ‘wrong current PIN’ message shown while unlocking encrypted volume, please try again after running Destroy encrypted data.
About changing the PIN - I will retest this once I will know the firmware version.
Wrong PIN while unlocking is special case - I testing behavior if I try true wrong PIN. In other cases it working fine. In my first post I describe three mistakes (one big, two small) and problem with documentation (it is solved now).
Key is very new, delivered to me yesterday. Firmware 0.50
I am really confused. I tryed change user PIN many many times … still wrong (but unlock encrypted volume OK). Now, after I try create debug file - PIN changed successfully. But now I do not unlock encrypted volume! Old PIN not working, new PIN not working!
In next step I to quit application, I unpluging key from USB and plug in again. And starting application with logging. Changing user PIN is not possible (as before), but I may unlock encrypted volume with new PIN.
How I upload this log to forum? .txt is not allowed and renaming to .jpg not help.
Initial analysis shows, that the device indeed returns ‘wrong password’ message. I do not see the exactly sent data, since by default no secrets are logged.
Could I ask you to make the test once again with the prepared debug App binary (will be the same or newer, but will log all communication with the device)? I should make it until tomorrow evening.
I have two new keys. Both behave the same way. I can not change my PIN as I wrote. So it’s not a hardware failure.
I installed a program (http://www.usblyzer.com/) to look at the USB key communication. Only install … Since then, it has worked well. I can change my PIN.
And now comes the most interesting. I uninstalled the USB analyzer. And PIN change still works!
I am sorry, that you had such problems. Luckily it is working now!
Unfortunately we can not easily see why this is happening for you. Guess is that it has something to do with programs/system config that changes/protects etc. input of HID, but we cannot know for sure.
