Your Nitrokey is now ready to use. Checkout the various use cases and supported applications.
Note: For many use cases described, it is necessary to have either OpenPGP or S/MIME keys installed on the device (see below).
sudo apt-get update && sudo apt-get install libccid
Your Nitrokey is now ready to use. Checkout the various use cases and supported applications.
Note: For many use cases described, it is necessary to have either OpenPGP or S/MIME keys installed on the device (see below).
Important: Once you plug in the Nitrokey, your computer will start the Keyboard Setup Assistant. Don't run through this assistant but exit it right away.
Your Nitrokey is now ready to use. Checkout the various use cases and supported applications.
Note: For some Versions of MacOS it is necessary to install custom ccid driver (for information see here), but in general MacOS should have the driver onboard.
Note: For many use cases described, it is necessary to have either OpenPGP or S/MIME keys installed on the device (see below).
Your Nitrokey is now ready to use. Checkout the various use cases and supported applications.
Note: For many use cases described, it is necessary to have either OpenPGP or S/MIME keys installed on the device (see below).
To access the OpenPGP smart card of the Nitrokey, install the package libccid.
On Debian/Ubuntu based Distributions type in terminal: sudo apt-get update && sudo apt-get install libccid
Note: If your distribution has a rather old version of libccid (<1.4.21) you have to add the device information by yourself (for example if you are using Ubuntu 14.04 or older). In this case please follow these instructions.
Your Nitrokey is now ready to use. Checkout the various use cases and supported applications.
Note: For many use cases described, it is necessary to have either OpenPGP or S/MIME keys installed on the device (see below).
Your Nitrokey is now ready to use. Checkout the various use cases and supported applications.
Note: For some Versions of MacOS it is necessary to install custom ccid driver (for information see here), but in general MacOS should have the driver onboard.
Note: For many use cases described, it is necessary to have either OpenPGP or S/MIME keys installed on the device (see below).
Your Nitrokey is now ready to use. Checkout the various use cases and supported applications.
apt update && apt install scdaemon gpg2
on Ubuntu).Your Nitrokey is now ready to use. Checkout the various use cases and supported applications.
gpg: OpenPGP card not available: No such deviceplease install the Nitrokey App or type the following commands in the terminal to download and install the UDEV rules:
wget https://raw.githubusercontent.com/Nitrokey/libnitrokey/master/data/41-nitrokey.rules sudo mv 41-nitrokey.rules /etc/udev/rules.d/
Your Nitrokey is now ready to use. Checkout the various use cases and supported applications.
Your Nitrokey is now ready to use. Checkout the various use cases and supported applications.
Your Nitrokey is now ready to use. Checkout the various use cases and supported applications.
Your Nitrokey is now ready to use. Checkout the various use cases and supported applications.
The first time you plug in the Nitrokey FIDO U2F Windows may need some time to configure the device.
The Nitrokey FIDO U2F supports two-factor authentication (2FA). With two-factor authentication (2FA), the Nitrokey FIDO U2F is checked in addition to the password.
The Nitrokey FIDO U2F can be used with any current browser.
Note: Google only accepts the Chrome browser for registering the Nitrokey FIDO U2F. Logging in works fine with Firefox though.
Note: The Nitrokey App can not be used for the Nitrokey FIDO U2F.
The Nitrokey FIDO U2F supports two-factor authentication (2FA). With two-factor authentication (2FA), the Nitrokey FIDO U2F is checked in addition to the password.
The Nitrokey FIDO U2F can be used with any current browser.
Note: Google only accepts the Chrome browser for registering the Nitrokey FIDO U2F. Logging in works fine with Firefox though.
Note: The Nitrokey App can not be used for the Nitrokey FIDO U2F.
etc/udev/rules.d/
. In very rare cases, the system will need the older version of this file.sudo service udev restart
.The Nitrokey FIDO U2F supports two-factor authentication (2FA). With two-factor authentication (2FA), the Nitrokey FIDO U2F is checked in addition to the password.
The Nitrokey FIDO U2F can be used with any current browser.
Note: Google only accepts the Chrome browser for registering the Nitrokey FIDO U2F. Logging in works fine with Firefox though.
Note: The Nitrokey App can not be used for the Nitrokey FIDO U2F.
The Nitrokey FIDO2 supports two-factor authentication (2FA) and passwordless authentication:
The Nitrokey FIDO2 can be used with any current browser.
Note: Google only accepts the Chrome browser for registering the Nitrokey FIDO2 Logging in works fine with Firefox though.
Note: The Nitrokey App can not be used for the Nitrokey FIDO2.
The Nitrokey FIDO2 supports two-factor authentication (2FA) and passwordless authentication:
The Nitrokey FIDO2 can be used with any current browser.
Note: Google only accepts the Chrome browser for registering the Nitrokey FIDO2 Logging in works fine with Firefox though.
Note: The Nitrokey App can not be used for the Nitrokey FIDO2.
etc/udev/rules.d/
. In very rare cases, the system will need the older version of this file.sudo service udev restart
.The Nitrokey FIDO2 supports two-factor authentication (2FA) and passwordless authentication:
The Nitrokey FIDO2 can be used with any current browser.
Note: Google only accepts the Chrome browser for registering the Nitrokey FIDO2 Logging in works fine with Firefox though.
Note: The Nitrokey App can not be used for the Nitrokey FIDO2.
With the NitroPad X230, malicious changes to the BIOS, operating system, and software can be easily detected. For example, if you left your NitroPad in a hotel room, you can use your Nitrokey to check if it has been tampered with while you were away. If an attacker modifies the NitroPad's firmware or operating system, the Nitrokey will detect this (instructions below).
If you have ordered the unit with the option "sealed screws and sealed bag", please check the sealing before unpacking. If you do not know what this means, please skip this section.
Each time you start the NitroPad, you should - if possible - connect your Nitrokey. If the Nitrokey is plugged in and the system has not been modified, the following screen will appear when the NitroPad is turned on.
The box marked in red contains the information that the BIOS has not been changed and that the shared secret of the NitroPad and the Nitrokey match. But this information is not sufficient, because an attacker could have faked it! But if at the same time the Nitrokey also flashes green, everything is fine. An attacker would have to have had access to the NitroPad and Nitrokey to achieve this result. It is therefore important that you do not leave both devices unattended.
If the information on the NitroPad does not match the information on the Nitrokey, the background would turn red and the message "Invalid Code" would appear. This could indicate that manipulation has taken place.
How the boot process may look like if the system has been changed (for example after an update) and what error messages may otherwise occur is described further below.
By the way: the NitroPad X230 can also be started without the Nitrokey. If you don't have the Nitrokey with you, but are sure that the hardware has not been changed, you can boot your system without checking.
After purchase, the passwords are set to a default value and must be changed by you:
The NitroPad firmware checks certain system files for changes. If your operating system has updated important components, you will be warned the next time you boot the NitroPad. This could look like this, for example:
That's why it's important to restart your NitroPad under controlled conditions after a system update. Only when the new status has been confirmed can you leave the device unattended again. Otherwise, you will not be able to distinguish a possible attack from a system update. Detailed instructions for a system update can be found here.
+++ Found verified kexec boot params gpg: verify signatures failed: Unknown system error Invalid signature on kexec boot params !!!!! Failed default boot New value of PCR[4]: XXXXXXXXXXXXXXXXXXXXXXXXXXXXX !!!!!Starting recovery shell /boot #
With the NitroPad X230, malicious changes to the BIOS, operating system, and software can be easily detected. For example, if you left your NitroPad in a hotel room, you can use your Nitrokey to check if it has been tampered with while you were away. If an attacker modifies the NitroPad's firmware or operating system, the Nitrokey will detect this (instructions below).
If you have ordered the unit with the option "sealed screws and sealed bag", please check the sealing before unpacking. If you do not know what this means, please skip this section.
Each time you start the NitroPad, you should - if possible - connect your Nitrokey. If the Nitrokey is plugged in and the system has not been modified, the following screen will appear when the NitroPad is turned on.
The box marked in red contains the information that the BIOS has not been changed and that the shared secret of the NitroPad and the Nitrokey match. But this information is not sufficient, because an attacker could have faked it! But if at the same time the Nitrokey also flashes green, everything is fine. An attacker would have to have had access to the NitroPad and Nitrokey to achieve this result. It is therefore important that you do not leave both devices unattended.
If the information on the NitroPad does not match the information on the Nitrokey, the background would turn red and the message "Invalid Code" would appear. This could indicate that manipulation has taken place.
How the boot process may look like if the system has been changed (for example after an update) and what error messages may otherwise occur is described further below.
By the way: the NitroPad X230 can also be started without the Nitrokey. If you don't have the Nitrokey with you, but are sure that the hardware has not been changed, you can boot your system without checking.
After purchase, the passwords are set to a default value and must be changed by you:
The NitroPad firmware checks certain system files for changes. If your operating system has updated important components, you will be warned the next time you boot the NitroPad. This could look like this, for example:
That's why it's important to restart your NitroPad under controlled conditions after a system update. Only when the new status has been confirmed can you leave the device unattended again. Otherwise, you will not be able to distinguish a possible attack from a system update. Detailed instructions for a system update can be found here.
+++ Found verified kexec boot params gpg: verify signatures failed: Unknown system error Invalid signature on kexec boot params !!!!! Failed default boot New value of PCR[4]: XXXXXXXXXXXXXXXXXXXXXXXXXXXXX !!!!!Starting recovery shell /boot #