VMware shared nitrokey?

I’m a bit confused. I have a Nitrokey Pro 2. I’m running Debian Linux (version 10, “Buster”) as a guest in VMware workstation version 15.5.1. From the “VM” menu, under “Removable devices”, I see both “Clay Logic Nitrokey Pro” and “Shared Nitrokey Nitrokey Pro 0”. From experimentation, I think “Clay Logic Nitrokey Pro” gives me full access to the device (e.g., using the Nitrokey App to configure the device). I’m guessing that the “Shared Nitrokey” device allows the guest to have “read-only” access to the device. (So, for instance, I would expect I could use gpg with the device to sign and decrypt, but I would not be able to use the Nitrokey App to configure the device.)

I do have gpg working with the Nitrokey Pro if I connect the “Clay Logic Nitrokey Pro” to the guest. However, if I instead connect the “Shared Nitrokey Nitrokey Pro 0” to the guest, gpg does not have access to the device. (The command “gpg --card-status” returns “gpg: OpenPGP card not available: Card removed”.)

Obviously, the answer is to use the “Clay Logic Nitrokey Pro” device. But I am wondering what the “Shared Nitrokey Nitrokey Pro 0” device is and what it does.



I do not have experience with VMware unfortunately, but my (wild) guess is that one device was divided to multiple ones by interface.

Nitrokey Pro has following interfaces:

  • CCID - direct smart card communication;
  • HID - for Nitrokey App access;
  • HID keyboard (firmwares v0.9 and older) - for entering the HOTP codes via special-key shortcut.

Additionally here is the official VMware guide linked in our FAQ: