Software Releases

v0.4.22.nitrokey

pynitrokey - 20. May 2022 - 11:45
  • Add new certificate values for Nitrokey 3.
  • Dependency update.
Categories: Software Releases

v1.5-RC9

Nitrokey App - 30. April 2022 - 11:09

RC. libnitrokey update to v3.7

Categories: Software Releases

Release v1.0.3

Nitrokey 3 Firmware - 11. April 2022 - 16:52

This release fixes a FIDO authentication issue with Google.

Categories: Software Releases

v1.0.3-rc.1

Nitrokey 3 Firmware - 7. April 2022 - 12:33

This release candidate fixes the FIDO2 authentication with Google.

  • Correct the FIDO2 attestation certificate (fixes authentication issue with Google, #36)
Categories: Software Releases

v0.4.21.nitrokey

pynitrokey - 31. March 2022 - 13:04
  • Support guided Nitrokey Storage's update procedure on Linux. Experimental on other OSes.
  • User Interface updates.
Categories: Software Releases

NitroPad X230 and T430 v1.4

NitroPad HEADS Firmware - 23. March 2022 - 14:58
Main Changes
  • Coreboot version 4.13
  • Support QubesOS >= 4.1
  • Reduced Heads menu for non maximized images
Important Notes

For all operating systems except for QubesOS this firmware update is not necessary! Please be aware that installing this update will replace the graphical dialogues with text-only dialogues.

To update your existing Nitropad T430 or X230 use the .npf files only! If the .npf is not accepted by Heads, this means your Heads version is not 1.3.1, so either update to this version first or simply unzip the .npf file and use the .rom inside.

The -maximized images include a reduced ME and therefore the original, graphical HEADS menu. It is not possible to update your Nitropad from the running system using a -maximized image. If you try to update your Nitropad from a running system using a -maximized image, YOU WILL BRICK YOUR NITROPAD. The -maximized image must only be used with an external flasher device.

Please read the documentation for further details.

Signature

Verify the detached signature using:

gpg --verify sha256sum.sig sha256sum

You expect an output like this one:

❯ gpg --verify sha256sum.sig sha256sum gpg: Signature made Wed 23 Mar 2022 02:55:11 PM CET gpg: using RSA key C7E32619E2F71736F5910BB144CB2D868DD16BDA gpg: Good signature from "Markus Meissner <meissner@nitrokey.com>" [ultimate] gpg: aka "Markus Meissner <coder@safemailbox.de>" [ultimate]
Categories: Software Releases

v1.0.1

Nitrokey 3 Firmware - 17. March 2022 - 9:29
v1.0.1 (2022-01-15) Bugfixes
  • fido-authenticator: use smaller CredentialID - fixes issues with some services FIDO usage (fido-authenticator#8)
  • trussed: update P256 library - fixes signing failure in some cases (#31)

Edit: note, using smaller CredentialID is a breaking change, which will make all FIDO2 registrations invalid. Please make sure you have backup 2FA method set on the account.

Please find the documentation to update your Nitrokey 3 here:

Notes
  1. In the next pynitrokey release we plan to support automatic firmware download.
  2. Firmware is signed and verified both before writing and on the device (thanks to the SB2 format). It does not need additional checksums or signatures for verification. It is not possible to use wrong or old binary (downgrade protection is active).

Output under Linux:

$ nitropy nk3 update firmware-nk3xn-lpc55-v1.0.1.sb2 Nitrokey tool for Nitrokey FIDO2, Nitrokey Start, Nitrokey 3 & NetHSM Current firmware version: v1.0.1 Updated firmware version: v1.0.1 The version of the firmware image is the same as on the device. Do you want to continue anyway? [y/N]: y Please do not remove the Nitrokey 3 or insert any other Nitrokey 3 devices during the update. Do you want to perform the firmware update now? [y/N]: y Please press the touch button to reboot the device into bootloader mode ... [\] Performing firmware update (may take several minutes) ... done Successfully updated the firmware to version v1.0.1.

Edit 19.01.22 (sz): Redundant files have been removed from the assets list.

Categories: Software Releases

v0.4.20.nitrokey

pynitrokey - 15. March 2022 - 15:21

UI. Catch uncaught exceptions during devices listing. Correct wording.

Categories: Software Releases

V0.57

Nitrokey Storage Firmware - 4. March 2022 - 17:56
After the update only the Unencrypted and Encrypted Volumes data will be retained. Password Safe, OTPs and Hidden Volumes will be lost.

Update guide:

Use of nitrokey-storage-V0.57.hex firmware file should be preferred.
This is a release with the free space of the image filled with random data (taken from the attached random.bin). The other hex file with the reproducible suffix contains only the compiler produced output, without this extension. Both should work identically. The difference is, that the random data will show up in the results of the firmware image export for the former, which by design should make harder to hide a malicious code in the firmware.

This firmware requires Nitrokey App v1.4 to fully operate. Otherwise the OTP slot writing and configuration update will not work.
Known limitations:
- Write to the 15th TOTP slot is disabled (until the next firmware) due to a bug - #91;
- Write to OTP slots in Nitrokey Apps v1.3.2 and older is silently (without a warning to user) disabled due to a modified authorization method (#22). At the moment only Nitrokey App v1.4 can handle it. Other features works as usual.

Firmware is signed with szczepan@nitrokey.com, key id: 868184069239FF65DE0BCD7D D9BAE35991DE5B22
(valid until 2023-01-11). ID can be confirmed to be the same with one on the main download site - https://www.nitrokey.com/download.

$ gpg2 --verify sha256sum.sig gpg: assuming signed data in 'sha256sum' gpg: Signature made Fri 04 Mar 2022 05:42:27 PM CET gpg: using RSA key 868184069239FF65DE0BCD7DD9BAE35991DE5B22 gpg: Good signature from "Szczepan Zalega <szczepan.zalega@gmail.com>" [ultimate] gpg: aka "Szczepan Zalega (Nitrokey) <szczepan@nitrokey.com>" [ultimate]

Built with optimizations disabled (-O0), using GCC 4.3.3 (AVR_Toolchain_3.0_124).
avr32-gcc (AVR_Toolchain_3.0_124) 4.3.3

Firmware changes:

  • Validate HV setup input data #115
  • Correct firmware binary export boundaries #113
  • Additional barriers during flash writing for the better data coherency

Development:

  • Make input data validation for other commands explicit
  • Updated helpers
  • Remove obsolete commands
  • Disable build of the debug code (previously removed during linking time, now not build at all)
  • Add map file for post-build analysis

Tested on Linux Fedora 34:

  • libnitrokey test suite v3.7-RC2-5-g03303c8
  • firmware update path: v0.56 -> v0.57 -> v0.56

Maintenance note: firmware built locally, using known to work compiler version from the previous releases. New compiler will be introduced on the next release.

Categories: Software Releases

V0.57-RC1: RC. Make input validation explicit. Correct HV setup validation. Remo…

Nitrokey Storage Firmware - 4. March 2022 - 12:19

…ve unused commands. Correct firmware export.

Categories: Software Releases

v0.4.19.nitrokey

pynitrokey - 3. March 2022 - 16:53
  • Add support for Nitrokey Storage commands

Some of the Nitrokey Storage's features are now available through pynitrokey.
For the alternative approach please check nitrocli:

Categories: Software Releases

v1.0.2

Nitrokey 3 Firmware - 22. February 2022 - 14:05

This release should improve handling on Windows.

v1.0.2 (2022-01-22) Bugfixes
  • FIDO2: send keepalive ctaphid messages only while handling cbor messages

Please find the documentation to update your Nitrokey 3 here:

Notes
  1. pynitrokey now supports automatic firmware download. Please refer to documentation to use it.
  2. Update under Windows is now performed under 10 seconds, which is a significant improvement. We are still testing it, thus the --experimental switch is still needed.
  3. Firmware is signed and verified both before writing and on the device (thanks to the SB2 format). It does not need additional checksums or signatures for verification. It is not possible to use wrong or old binary (downgrade protection is active).
Categories: Software Releases

v0.4.18.nitrokey

pynitrokey - 17. February 2022 - 18:34

This is a quick release, correcting the main device listing command.

Note: Windows installer does not execute correctly, complaining about missing Python libraries. To be corrected. Removed for now.
Please use standalone binary for the time being.

Categories: Software Releases

v0.4.17.nitrokey

pynitrokey - 17. February 2022 - 17:25
  • Correct Nitrokey 3 update process on Windows
  • Add Nitrokey Start RNG command

Update process on Windows is still marked as experimental, however this should change in the next versions. The update process is now significantly faster, reaching less than 10 seconds in execution.

Note: Windows installer might not execute correctly, complaining about missing Python libraries. To be corrected.
Please use standalone binary for the time being.

Categories: Software Releases

Nitrokey Start v12 - Support new hardware - HW5

Nitrokey Start Firmware - 16. February 2022 - 14:24

Add support for the HW5 to the unified firmware.
Maintenance release - no need to update.
Update from the previous firmware releases on HW4 might result in non-working LED.
"Green" branch firmware (an upgrade from RTM.1) is not provided in this release.

Detailed description:

  • Update chopstx for the HW5 support (GD32 based).
  • Include BOARD_ID in the application config string.
  • Allow to get original board name from the SYS page through USB strings.
  • Move AES first forward table FT0 to the application page, to make space
    for the additional hardware detection code in the SYS page.
  • Add helper for review of the final listing (lss file).
  • Add RNG tests helper, and results for the RTM.12 firmware.

Binaries available in prebuilt/RTM.12/ directory:

Built in isolated Docker environment with:

  • arm-none-eabi-gcc (15:8-2019-q3-1+b1) 8.3.1 20190703 (release) [gcc-8-branch revision 273027]

All tests pass on HW3-5.

Categories: Software Releases

v0.4.16.nitrokey

pynitrokey - 9. February 2022 - 11:10

Nitrokey FIDO2 and NK3 update process correction

Categories: Software Releases

v0.4.15.nitrokey

pynitrokey - 8. February 2022 - 10:34

Nitrokey 3 update validation, corrected UI for missed confirmation and speed up (updated spsdk). Remove obsolete dependencies.

Categories: Software Releases

v0.4.15.nitrokey

pynitrokey - 8. February 2022 - 10:19

Bump version

Categories: Software Releases

v0.4.14.nitrokey: Nitrokey 3 update validation, corrected UI for missed confirmation an…

pynitrokey - 8. February 2022 - 10:15

…d speed up (updated spsdk). Remove obsolete deps.

Categories: Software Releases

2.4.1 Maintenance release - smaller MCU flash support

Nitrokey FIDO2 Firmware - 2. February 2022 - 16:23

Maintenance release done to support smaller MCU flash #67 #68 . No functional changes.
No need to update for the regular users.

Edit: reuploaded the signed Nitrokey FIDO2 firmware from the previous release for pynitrokey. See:

@szszszsz 2-2-2022 : Adding 2.4.1 firmware signed.

Categories: Software Releases