How to reset a Nitrokey?

Nitrokey Pro and Nitrokey Storage:

Option 1, if the device is not fully blocked and if you remember the valid Admin PIN use Nitrokey App to unblock the Nitrokey. Your keys won't be lost:

Open a terminal (on Windows: Press the Start button and enter "cmd") and start the Nitrokey App with "nitrokey-app --admin". Klick on the Nitrokey App's tray icon, select "Configuration" and "factory settings".

Option 2, to reset a blocked device, Windows only:

Use CryptoStickReset.

Option 3, to reset a blocked device with GnuPG 2 and Windows:

  1. Download and install Gpg4win.
  2. Download and execute this reset script.

Option 4, to reset a blocked device with GnuPG 2 and Linux:

  1. Download this file
  2. Open a command prompt (terminal) and run "gpg-connect-agent < nitrokey-reset.txt".
    In case of error  "ERR 67108983 No SmartCard daemon <GPG Agent>" please install scdaemon (e.g. "sudo apt install scdaemon").

Option 5, to reset a blocked device with GnuPG 2.1:

  1. Ensure that you use GnuPG 2.1: "gpg --version"
  2. Reset device: "gpg2 --card-edit" -> "admin" -> "factory-reset"

Option 6, to reset a blocked device using OpenSC:

Install OpenSC and execute "openpgp-tool --erase" in a terminal.

Nitrokey Start:

You can find out the version of your device by executing gpg --card-status (the version number is behind 'FSIJ' in the 'Reader' field). To upgrade your device see this instructions (admin PIN needed!).

Nitrokey Start firmware 1.2.6 and newer:

  1. Ensure that you use GnuPG 2.1 or higher: "gpg --version"
  2. Reset device: "gpg2 --card-edit" -> "admin" -> "factory-reset"

Nitrokey Start firmware 1.2.2 to 1.2.4:

If and only if the device is not blocked (PIN wasn't typed in wrong too often) you can use the same procedure as in newer firmware (see above). You need the reset code to unblock device or you can not use the device anymore!

Nitrokey Start firmware 1.0:

In order to reset a Nitrokey Start 1.0, you need to define a public key for firmware updates beforehand! In case of a blocked device it enables your to perform a firmware update which resets the device.

You may also define a reset code which enables the reset of the User PIN (not Admin PIN).

Nitrokey HSM:

As long as you know the unblocked SO-PIN you can initialize the device as described here. There is no way of resetting the Nitrokey HSM if the SO-PIN is forgotten or entered wrongly 15 times. In such case the device can't be used anymore.

