Installation

Windows

  1. Connect your Nitrokey to your computer and confirm all dialogs so that the USB smart card device driver gets installed almost automatically. Windows may fail to install an additional device driver for the smart card. Its safe to ignore this warning.
  2. Download and start the Nitrokey App.
  3. Go to "Menu" -> "Configure" to change the User PIN (default: 123456) and Admin PIN (default: 12345678) to your own choices.

Your Nitrokey is now ready to use. Checkout the various use cases and supported applications.

Note: For many use cases described, it is necessary to have either OpenPGP or S/MIME keys installed on the device (see below).

Key Creation with OpenPGP or S/MIME

There are two widely used standards for email encryption. While OpenPGP/GnuPG is popular among individuals, S/MIME/x.509 is mostly used by enterprises. If you are in doubt which one to choose, you should use OpenPGP.

GNU/Linux

  1. To access the OpenPGP smart card of the Nitrokey, install the package libccid.
    On Debian/Ubuntu based Distributions type in terminal: sudo apt-get update && sudo apt-get install libccid
    Note: If your distribution has a rather old version of libccid (<1.4.21) you have to add the device information by yourself (for example if you are using Ubuntu 14.04 or older). In this case please follow these instructions.
  2. Download and start the Nitrokey App. Follow the instructions to change the default User PIN (default: 123456) and Admin PIN (default: 12345678) to your own choices.

Your Nitrokey is now ready to use. Checkout the various use cases and supported applications.

Note: For many use cases described, it is necessary to have either OpenPGP or S/MIME keys installed on the device (see below).

Key Creation with OpenPGP or S/MIME

There are two widely used standards for email encryption. While OpenPGP/GnuPG is popular among individuals, S/MIME/x.509 is mostly used by enterprises. If you are in doubt which one to choose, you should use OpenPGP.

macOS

  1. Important: Once you plug in the Nitrokey, your computer will start the Keyboard Setup Assistant. Don't run through this assistant but exit it right away.

  2. Download and start the Nitrokey App. Follow the instructions to change the default User PIN (default: 123456) and Admin PIN (default: 12345678) to your own choices.

Your Nitrokey is now ready to use. Checkout the various use cases and supported applications.

Note: For some Versions of MacOS it is necessary to install custom ccid driver (for information see here), but in general MacOS should have the driver onboard.

Note: For many use cases described, it is necessary to have either OpenPGP or S/MIME keys installed on the device (see below).

Key Creation with OpenPGP or S/MIME

There are two widely used standards for email encryption. While OpenPGP/GnuPG is popular among individuals, S/MIME/x.509 is mostly used by enterprises. If you are in doubt which one to choose, you should use OpenPGP.

Windows

  1. Connect your Nitrokey to your computer and confirm all dialogs so that the USB smart card device driver gets installed almost automatically.

    Note: Windows Vista, 7, 8 and 10 may fail to install an additional device driver for the smart card. Its safe to ignore this warning.
     
  2. Download and start the Nitrokey App. Perhaps you want to store it on the unencrypted partition of your Nitrokey Storage. There won't open a window, but an icon appears in the system tray (see screenshot below). Please right-click on this icon to use all the options of the App.
  3. Open the About window from Nitrokey App's menu and check if you have the latest firmware installed. If it's not the latest, please update.
  4. Use the Nitrokey App to change the default User PIN (default: 123456) and Admin PIN (default: 12345678) to your own choices.

Your Nitrokey is now ready to use. Checkout the various use cases and supported applications.

Note: For many use cases described, it is necessary to have either OpenPGP or S/MIME keys installed on the device (see below).

Key Creation with OpenPGP or S/MIME

There are two widely used standards for email encryption. While OpenPGP/GnuPG is popular among individuals, S/MIME/x.509 is mostly used by enterprises. If you are in doubt which one to choose, you should use OpenPGP.

GNU/Linux

  1. To access the OpenPGP smart card of the Nitrokey, install the package libccid.
    On Debian/Ubuntu based Distributions type in terminal: sudo apt-get update && sudo apt-get install libccid

    Note: If your distribution has a rather old version of libccid (<1.4.21) you have to add the device information by yourself (for example if you are using Ubuntu 14.04 or older). In this case please follow these instructions.

  2. Download and start the Nitrokey App.
  3. Open the About window from Nitrokey App's menu and check if you have the latest firmware installed. If it's not the latest, please update.
  4. Use the Nitrokey App to change the default User PIN (default: 123456) and Admin PIN (default: 12345678) to your own choices.

Your Nitrokey is now ready to use. Checkout the various use cases and supported applications.

Note: For many use cases described, it is necessary to have either OpenPGP or S/MIME keys installed on the device (see below).

Key Creation with OpenPGP or S/MIME

There are two widely used standards for email encryption. While OpenPGP/GnuPG is popular among individuals, S/MIME/x.509 is mostly used by enterprises. If you are in doubt which one to choose, you should use OpenPGP.

macOS

  1. Important: Once you plug in the Nitrokey, your computer will start the Keyboard Setup Assistant. Don't run through this assistant but exit it right away.
  2. Download and start the Nitrokey App. Perhaps you want to store it on the unencrypted partition of your Nitrokey Storage.
  3. Open the About window from Nitrokey App's menu and check if you have the latest firmware installed. If it's not the latest, please update.
  4. Use the Nitrokey App to change the default User PIN (default: 123456) and Admin PIN (default: 12345678) to your own choices.

Your Nitrokey is now ready to use. Checkout the various use cases and supported applications.

Note: For some Versions of MacOS it is necessary to install custom ccid driver (for information see here), but in general MacOS should have the driver onboard.

Note: For many use cases described, it is necessary to have either OpenPGP or S/MIME keys installed on the device (see below).

Key Creation with OpenPGP or S/MIME

There are two widely used standards for email encryption. While OpenPGP/GnuPG is popular among individuals, S/MIME/x.509 is mostly used by enterprises. If you are in doubt which one to choose, you should use OpenPGP.

Windows

  1. Install Gpg4win on your Computer (https://www.gpg4win.org).
  2. Connect your Nitrokey to your computer and confirm all dialogs so that the USB smart card device driver gets installed almost automatically.
    Note: Windows may fail to install an additional device driver for the smart card. Its safe to ignore this warning.
  3. Use GnuPG to generate new keys or import existing ones.

    Note: It is indeed necessary to first import or create new keys and change the PINs afterwards. Otherwise changing User PIN will fail! Furthermore overriding keys results in PIN reset (default values), please keep this in mind!
     
  4. Change the Admin PIN (default: 12345678) and then the User PIN (default: 123456) to your own choices. Use 'gpg --card-edit' -> 'admin' -> 'passwd' to achieve this. (Please be careful to change admin PIN first and user PIN second! Otherwise the admin-less mode got activated, see this instructions for further information.)

    Firmware version 1.2.5 or below: In case you forget a PIN or enter it wrongly three times you need the reset code to unblock the PIN. Otherwise the device wouldn't be usable anymore! Therefore please set the reset code as well when initialising the key!

Your Nitrokey is now ready to use. Checkout the various use cases and supported applications.

Key Creation with OpenPGP or S/MIME

There are two widely used standards for email encryption. While OpenPGP/GnuPG is popular among individuals, S/MIME/x.509 is mostly used by enterprises. If you are in doubt which one to choose, you should use OpenPGP.

GNU/Linux

  1. Install scdaemon and GnuPG 2.1 or higher by using your package manager (e. g. apt update && apt install scdaemon gpg2 on Ubuntu).
  2. Connect your Nitrokey Start to your computer.
  3. Use GnuPG to generate new keys or import existing ones.

    Note: It is indeed necessary to first import or create new keys and change the PINs afterwards. Otherwise changing User PIN will fail! Furthermore overriding keys results in PIN reset (default values), please keep this in mind!
  4. Change the Admin PIN (default: 12345678) and then the User PIN (default: 123456) to your own choices. Use 'gpg --card-edit' -> 'admin' -> 'passwd' to achieve this. (Please be careful to change admin PIN first and user PIN second! Otherwise the admin-less mode got activated, see this instructions for further information.)

    Firmware version 1.2.5 or below: In case you forget a PIN or enter it wrongly three times you need the reset code to unblock the PIN. Otherwise the device wouldn't be usable anymore! Therefore please set the reset code as well when initialising the key!

Your Nitrokey is now ready to use. Checkout the various use cases and supported applications.

Key Creation with OpenPGP or S/MIME

There are two widely used standards for email encryption. While OpenPGP/GnuPG is popular among individuals, S/MIME/x.509 is mostly used by enterprises. If you are in doubt which one to choose, you should use OpenPGP.

Troubleshooting

On some GNU/Linux systems it is necessary to insert the UDEV rules for the Nitrokey device manually. If you followed the above instructions and get the message: 
gpg: OpenPGP card not available: No such device
please install the Nitrokey App or type the following commands in the terminal to download and install the UDEV rules: 
wget https://raw.githubusercontent.com/Nitrokey/libnitrokey/master/data/41-nitrokey.rules
sudo mv 41-nitrokey.rules /etc/udev/rules.d/

macOS

  1. Install GnuPG 2.1 or higher (https://gpgtools.org/).
  2. Connect your Nitrokey to your computer and confirm all dialogs so that the USB smart card device driver gets installed almost automatically.
  3. Use GnuPG to generate new keys or import existing ones.

    Note: It is indeed necessary to first import or create new keys and change the PINs afterwards. Otherwise changing User PIN will fail! Furthermore overriding keys results in PIN reset (default values), please keep this in mind!
  4. Change the Admin PIN (default: 12345678) and then the User PIN (default: 123456) to your own choices. Use 'gpg --card-edit' -> 'admin' -> 'passwd' to achieve this. (Please be careful to change admin PIN first and user PIN second! Otherwise the admin-less mode got activated, see this instructions for further information.)

    Firmware version 1.2.5 or below: In case you forget a PIN or enter it wrongly three times you need the reset code to unblock the PIN. Otherwise the device wouldn't be usable anymore! Therefore please set the reset code as well when initialising the key!

Your Nitrokey is now ready to use. Checkout the various use cases and supported applications.

Key Creation with OpenPGP or S/MIME

There are two widely used standards for email encryption. While OpenPGP/GnuPG is popular among individuals, S/MIME/x.509 is mostly used by enterprises. If you are in doubt which one to choose, you should use OpenPGP.

Windows

  1. Install OpenSC. Alternatively, install this driver (source).
  2. If you didn't do so already, change the default SO-PIN ("3537363231383830") to your own choices. See these instructions. Afterwards you can begin to generate new keys.

Your Nitrokey is now ready to use. Checkout the various use cases and supported applications.

GNU/Linux

  1. Install OpenSC. You need at least version 0.19. You can find recent builds for debian-based systems like Ubuntu here if your system does not have the newest version of OpenSC. Alternatively, install this driver (source).
  2. If you didn't do so already, change the default SO-PIN ("3537363231383830") to your own choices. See these instructions. Afterwards you can begin to generate new keys.

Your Nitrokey is now ready to use. Checkout the various use cases and supported applications.

macOS

  1. Install OpenSC. Alternatively, install this driver (source).
  2. If you didn't do so already, change the default SO-PIN ("3537363231383830") to your own choices. See these instructions. Afterwards you can begin to generate new keys.

Your Nitrokey is now ready to use. Checkout the various use cases and supported applications.

Windows

Configuration

The first time you plug in the Nitrokey FIDO U2F Windows may need some time to configure the device.

The Nitrokey FIDO U2F can be used with these browsers:

  1. Google Chrome
  2. Firefox (you need to configure it like described here)
  3. macOS Safari with Safari-FIDO-U2F plugin

Open one of the websites supporting U2F. Login to the website and have a look at the settings for enabling two-factor authentication. Connect the Nitrokey FIDO U2F for registering it with your website account when requested to. After successfully configuring the device you need to connect your Nitrokey FIDO U2F for every login to this website.

If you can't find the settings for two-factor authentication, you may have a look at dongleauth.info. In most cases there is a link to the documentation of the supported webservice.

Note: Google only accepts the Chrome browser for registering the Nitrokey FIDO U2F. Logging in with the Nitrokey FIDO U2F works fine with Firefox though.

Usage

Plug in the device if the service you are logging in to prompts you to do so. If the device was already plugged in, you need to confirm the action by touching the device on the spot printed on the case.

GNU/Linux

Configuration

The Nitrokey FIDO U2F can be used with these browsers:

  1. Google Chrome or Chromium
  2. Firefox (you need to configure it like described here)
  3. macOS Safari with Safari-FIDO-U2F plugin

Open one of the websites supporting U2F. Login to the website and have a look at the settings for enabling two-factor authentication. Connect the Nitrokey FIDO U2F for registering it with your website account when requested to. After successfully configuring the device you need to connect your Nitrokey FIDO U2F for every login to this website.

If you can't find the settings for two-factor authentication, you may have a look at dongleauth.info. In most cases there is a link to the documentation of the supported webservice.

Note: Google only accepts the Chrome/Chromium browser for registering the Nitrokey FIDO U2F. Logging in with the Nitrokey FIDO U2F works fine with Firefox though.

Usage

Plug in the device if the service you are logging in to prompts you to do so. If the device was already plugged in, you need to confirm the action by touching the device on the spot printed on the case.

Troubleshooting

If the Nitrokey is not accepted immediately, you may need to copy this file 41-nitrokey.rules to /etc/udev/rules.d/. After copying the file, restart udev via sudo service udev restart.

macOS

Configuration

The Nitrokey FIDO U2F can be used with these browsers:

  1. Google Chrome
  2. Firefox (you need to configure it like described here)
  3. macOS Safari with Safari-FIDO-U2F plugin

Open one of the websites supporting U2F. Login to the website and have a look at the settings for enabling two-factor authentication. Connect the Nitrokey FIDO U2F for registering it with your website account when requested to. After successfully configuring the device you need to connect your Nitrokey FIDO U2F for every login to this website.

If you can't find the settings for two-factor authentication, you may have a look at dongleauth.info. In most cases there is a link to the documentation of the supported webservice.

Note: Google only accepts the Chrome browser for registering the Nitrokey FIDO U2F. Logging in with the Nitrokey FIDO U2F works fine with Firefox though.

Usage

Plug in the device if the service you are logging in to prompts you to do so. If the device was already plugged in, you need to confirm the action by touching the device on the spot printed on the case.

Nitrokey - Made in Berlin