How to reset a Nitrokey?

Nitrokey Pro and Nitrokey Storage:

Option 1, if the device is not fully blocked and if you remember the valid Admin PIN use Nitrokey App to unblock the Nitrokey. Your keys won't be lost:

Open a terminal (on Windows: Press the Start button and enter "cmd") and start the Nitrokey App with "nitrokey-app --admin". Klick on the Nitrokey App's tray icon, select "Configuration" and "factory settings".

Option 2, to reset a blocked device, Windows only:

Use CryptoStickReset.

Option 3, to reset a blocked device with GnuPG 2 and Windows:

  1. Download and install Gpg4win.
  2. Download and execute this reset script.

Option 4, to reset a blocked device with GnuPG 2 and Linux:

  1. Download this file
  2. Open a command prompt (terminal) and run "gpg-connect-agent < nitrokey-reset.txt".
    In case of error  "ERR 67108983 No SmartCard daemon <GPG Agent>" please install scdaemon (e.g. "sudo apt install scdaemon").

Option 5, to reset a blocked device with GnuPG 2.1:

  1. Ensure that you use GnuPG 2.1: "gpg --version"
  2. Reset device: "gpg2 --card-edit" -> "admin" -> "factory-reset"

Option 6, to reset a blocked device using OpenSC:

Install OpenSC and execute "openpgp-tool --erase" in a terminal.

Nitrokey Start:

You can find out the version of your device by executing gpg --card-status

Nitrokey Start firmware 1.2 and newer:

  1. Ensure that you use GnuPG 2.1: "gpg --version"
  2. Reset device: "gpg2 --card-edit" -> "admin" -> "factory-reset"

Nitrokey Start firmware 1.0:

In order to reset a Nitrokey Start 1.0, you need to define a public key for firmware updates beforehand! In case of a blocked device it enables your to perform a firmware update which resets the device.

You may also define a reset code which enables the reset of the User PIN (not Admin PIN).

Nitrokey HSM:

As long as you know the unblocked SO-PIN you can initialize the device as described here. There is no way of resetting the Nitrokey HSM if the SO-PIN is forgotten or entered wrongly 15 times. In such case the device can't be used anymore.

