Skip to main content

Raymii.org Logo (IEC resistor symbol)logo

Quis custodiet ipsos custodes?
Home | About | All pages | RSS Feed | Gopher

Nitrokey Start: Getting started guide (gnuk openpgp token)

Published: 14-08-2016 | Author: Remy van Elst | Text only version of this article


Table of Contents


The Nitrokey Start is an OpenPGP USB token. It supports three 2048 bit GPG keysand is based on gnuk version 1.0.4. Gnuk is an implementation of USBcryptographic token for GPG. A cryptographic token is a store of private keysand it computes cryptographic functions on the device. The main difference withother GPG cards like the Nitrokey Pro, Yubikey or the OpenPGP card is that thisdevice does not use a smartcard. Whereas the other devices are basically USBsmartcard readers, the Nitrokey Start has everything in it's firmware. Thereforeit is a very cheap device ($29) and a great choice if you want token based GPGsecurity but don't want to spend much on an expensive other key.

Compared with for example the Yubikey, the Nitrokey's big advantage is that boththe software (firmware) and the hardware are open source. If you want you canbuy the microcontroller, flash the firmware and print the case from the Cadfile.

Two Nitrokey Pro's and the Nitrokey Start

This article is a getting started guide where I talk about the initial setup ofthe device, setting up a user PIN, an admin PIN and a reset code, generating thekey and subkeys on the device, or loading external keys into the device andusage examples with GPG, OpenSSH and Thunderbird.

This article is largely compatible with other gnuk tokens and other OpenPGPSmartcards like the Nitrokey Pro or the Yubikey.

If you like this article, consider sponsoring me by trying out a Digital OceanVPS. With this link you'll get $100 credit for 60 days). (referral link)

Nitrokey has multiple models like the Start, Storage, Pro and HSM. I'mespecially fond of the Nitrokey HSM. I've written a getting started articlefor that as well. It explains what the HSM is, how to set it up and how to useit with OpenSSH for example.

The build quality of the device is excellent. Sturdy and quality. It doesn'tfeel like flimsy chinese crap at all, since it isn't that. Durable Germany madequality here.

I have multiple articles on the Nitrokeys, so make sure to check out theother articles as well.

Initial setup

On Ubuntu, install the following packages:

apt-get install opensc pcscd paperkey haveged gnupg2 gnupg-agent pinentry-curses libccid scdaemon libksba8 libpth20

On Arch linux, follow the Wiki.

If the software is installed, plug in the Nitrokey Start and execute thefollowing command:

gpg --card-status

Output:

Reader ...........: Nitrokey Nitrokey Start (FSIJ-1.0.4-52FF6E06) 00 00Application ID ...: D276000124010200FFFE52FF6E060000Version ..........: 2.0Manufacturer .....: unmanaged S/N rangeSerial number ....: 52FF6E06Name of cardholder: [not set]Language prefs ...: [not set]Sex ..............: unspecifiedURL of public key : [not set]Login data .......: [not set]Signature PIN ....: forcedKey attributes ...: rsa2048 rsa2048 rsa2048Max. PIN lengths .: 127 127 127PIN retry counter : 3 3 3Signature counter : 0Signature key ....: [none]Encryption key....: [none]Authentication key: [none]General key info..: [none]

The output above is of an uninitialized token. As you can see, it's a OpenPGPCard version 2 compatible token. Three keys are supported, the max pin length islisted and the PIN error counters are all at three (default value).

Setting up a user PIN, an admin PIN and a reset code

The Nitrokey Start, actually gnuk, has a few different options when it comesto PIN codes. There is the User PIN (PW1), which you use for day to dayoperations like unlocking the token, signing and encrypting things. The minimumlength for the User pin is 6 characters.

The Admin PIN (PW3) is used for card/token administration, like loading keysonto the device, generating keys or changing information like the owner data onthe card. The minimum length for the Admin PIN is 8 characters.

If you enter the wrong user PIN three times the card is blocked. It can thenonly be reset with the Admin PIN or reset code. If you enter the wrong Admin pinthree times the card will become unusable.

Last is the reset code, this code can be used only to reset the user PIN. Theminimum length for the Reset Code is 8 characters. The reset code error countercan be reset with the Admin PIN.

So what is the difference between the Admin PIN and reset code? If you receive acard from, for example your employer, it will have data and keys filled in(name, organization, public key url etc). Generally it will not be the case thatyou are allowed to change that, so you will not know the Admin PIN. If youentered the user PIN wrong three times, you cannot use the Admin PIN to resetthe User PIN. This is where the RESET CODE comes in. This code can only be usedto reset the User PIN (PW1).

If you give the wrong PIN two times and then the correct PIN, the error counteris reset. (Both admin and user PIN.)

Admin-less PIN

gnuk has a special option that allows you to use the same PIN for user andadmin. This is in their documentation and will be active if you set theUser PIN BEFORE the Admin PIN. They state that for day to day operations it'smore convinient, but it is also less secure.

Admin-less mode is incompatible with the official GnuPG card specification.

Admin PIN reset

If you ever enter the admin PIN wrong three times in a row the device isunusable. The above reset code can only be used to reset the User PIN. In anormal GnuPG Smartcard you can send special reset ADPU commands to the smartcardand make it usable again, although all the keys are wiped.

For a gnuk token like the Nitrokey the procedure is different. You need to storea public key first and then later on, if the token is hosed, upgrade thefirmware. That public key you stored will be used to sign the update.

I'm having some compile issues for the firmware and the key upload since all myversions (gcc, libusb, python) are way to new. I'll create a seperate articlefor this once I got it all figured out and working.

Initialize the Nitrokey

We're going to set up the card for the first time. Fire up GPG and get started:

gpg --card-edit

The same output as from --card-status but now it gives you an interactiveprompt:

gpg/card> 

Using the help command to see the available commands:

quit           quit this menuadmin          show admin commandshelp           show this helplist           list all available datafetch          fetch the key specified in the card URLpasswd         menu to change or unblock the PINverify         verify the PIN and list all dataunblock        unblock the PIN using a Reset Code

We are going to set values, so switch to admin mode:

gpg/card> adminAdmin commands are allowed

There are a lot more commands available now:

gpg/card> helpquit           quit this menuadmin          show admin commandshelp           show this helplist           list all available dataname           change card holder's nameurl            change URL to retrieve keyfetch          fetch the key specified in the card URLlogin          change the login namelang           change the language preferencessex            change card holder's sexcafpr          change a CA fingerprintforcesig       toggle the signature force PIN flaggenerate       generate new keyspasswd         menu to change or unblock the PINverify         verify the PIN and list all dataunblock        unblock the PIN using a Reset Codefactory-reset  destroy all keys and data

The first thing you want to do is set the Admin PIN. Make sure it's only knownto you.

gpg/card> passwdgpg: OpenPGP card no. D276000124010200FFFE52FF6E060000 detected1 - change PIN2 - unblock PIN3 - change Admin PIN4 - set the Reset CodeQ - quitYour selection? 3

In my case a dialog box popped up to ask for the current Admin PIN (12345678).Then it asks you twice for the new Admin PIN.

Set up a user PIN, choice 1 - change PIN. Same thing, it will ask you for thecurrent user PIN (123456) and for a new PIN two times.

Finally set up a reset code, choice 4 - set the Reset Code. It will ask youfor the current admin PIN, then two times for a new reset code.

We continue on to further personalize the card. Let it know your name:

gpg/card> nameCardholder's surname: van ElstCardholder's given name: Remy

Your gender:

gpg/card> sexSex ((M)ale, (F)emale or space): F

Your preferred country code / language:

gpg/card> langLanguage preferences: nl

If you want, you can place your public key on a website and let people downloadit:

gpg/card> urlURL to retrieve public key: https://raymii.org/s/inc/current_gpg.key 

At any point you can list the current data:

gpg/card> listReader ...........: Nitrokey Nitrokey Start (FSIJ-1.0.4-52FF6E06) 00 00Application ID ...: D276000124010200FFFE52FF6E060000Version ..........: 2.0Manufacturer .....: unmanaged S/N rangeSerial number ....: 52FF6E06Name of cardholder: Remy van ElstLanguage prefs ...: nlSex ..............: femaleURL of public key : https://raymii.org/s/inc/current_gpg.keyLogin data .......: [not set]Signature PIN ....: forcedKey attributes ...: rsa2048 rsa2048 rsa2048Max. PIN lengths .: 127 127 127PIN retry counter : 3 3 3Signature counter : 0Signature key ....: [none]Encryption key....: [none]Authentication key: [none]General key info..: [none]

When done, save and quit with the quit command. Next we will discuss GPG keygeneration and some things to keep in mind when deciding to generate keys on thecard or load external keys.

A note on GPG keys and subkeys

GnuPG keys can have attributes to limit their usage. You can have a key whichyou can only use for signing data, and one that you can only use to encryptdata, or one key that has both attributes.

GnuPG has the concept of subkeys. Subkeys just like normal keys, except thatthey are bound to a master keypair. A subkey can be used for signing,authentication or for encryption. Subkeys can be revoked independently of theirmaster keypair and can be stored seperately from the master keypair. Subkeys areassociated to your master keypair.

When generating a new keypair, GnuPG creates a keypair with the signing-onlyattribute as the master key. It then generates a subkey with the encryption-onlyattribute.

For key management it is extremely useful to be able to independently revoke asubkeypair. Imagine that you do not use subkeys and your laptop gets stolen. Youdidn't set up full-disk-encryption, because of time or effort required, and nowyou're toast. The thief has your master GPG key and can, if they brute forceyour passphrase, decrypt anything and impersonate you via the identity. You canuse your revocation certificate (which you hopefully saved) to revoke thekeypair, but now you need to visit all the people that signed your key to get anew key signed.

If you generate your master keypair offline, for example, via a Debian Live CD(Tails) and save it to a secure place (use paperkey to print it and placeit in a vault, next to an encrypted USB disk), you can later use the masterkeypair to revoke your laptop-subkey and generate a new one. Your master key isstill safe in the safe and all the people that signed your key don't have to re-sign your new key.

To sign other people's keys you do need to boot up your offline setup and useyour primary master keypair to sign other keypairs.

I also recommend to set an expiry date of a year or two on your master publickey. Do note that private keys never expire, only public keys do. You can extendthe date on a pubkey easily with gpg --edit-key 0xKEY_ID and then expire.

The Debian Wiki has a very extensive guide on GPG subkeys.

If you want to convert your current key to subkeys, here is a good guide.

Generating the key and subkeys on the device

You can choose to generate an entirely new keypair on this device. Do note thatyou cannot get the keypair out, so if the token is lost or broken, your keys arelost. It is also possible to load an external key on the device, we'll coverthat later in the guide.

If you want to generate a key only on the device, make sure you use an existingkey to sign that key, and use this key to sign the existing key so that you havea cross-signature and people know that keypair belongs to you.

After you've initialised the Nitrokey we can generate a key on the device. Startup gpg:

gpg --card-editadmingenerate

The first question is:

Make off-card backup of encryption key? (Y/n) 

This will create a file on your host machine with the private key. In thespecific case you are generating keys on the device and not on your machine, youmight not want to do this.

It will then ask you for the Admin PIN and the User PIN. Enter those.

It will ask you for a key expiry date. Note that this is the public key only andcan be updated later on easily. Set an expiry of 1 year so that if you don't usethis key, it doesn't linger on the keyservers:

Please specify how long the key should be valid.         0 = key does not expire      <n>  = key expires in n days      <n>w = key expires in n weeks      <n>m = key expires in n months      <n>y = key expires in n yearsKey is valid for? (0) 1yKey expires at Mon Aug 14 08:15:42 2017 CESTIs this correct? (y/N) y

Enter your user data for the GPG key:

    GnuPG needs to construct a user ID to identify your key.    Real name: Remy van Elst Nitrokey    Email address:     Comment: Nitrokey Start Key    You selected this USER-ID:        "Remy van Elst Nitrokey (Nitrokey Start Key) <email@domain.tld>"    Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O

The on-device key generation takes a while, my key took about 4 minutes.

You will be asked for a passphrase for the key. Enter that twice.

When the generation is finished the following message appears:

We need to generate a lot of random bytes. It is a good idea to performsome other action (type on the keyboard, move the mouse, utilize thedisks) during the prime generation; this gives the random numbergenerator a better chance to gain enough entropy.gpg: key 0x7237395DC5696F9F marked as ultimately trustedgpg: revocation certificate stored as '/home/remy/.gnupg/openpgp-revocs.d/D78A0B1E407EBD678435CCC77237395DC5696F9F.rev'public and secret key created and signed.

Using the list command in the gpg prompt you can now see the keypairs:

[...]Signature counter : 4Signature key ....: D78A 0B1E 407E BD67 8435  CCC7 7237 395D C569 6F9F      created ....: 2016-08-14 06:17:48Encryption key....: 2E7D 26B3 5D9E B690 4C56  3174 78F9 DDE9 9FFF 73F2      created ....: 2016-08-14 06:17:48Authentication key: D91C 38A7 294C BD63 275F  0D87 7AC8 3DB0 C0EB 9447      created ....: 2016-08-14 06:17:48General key info..: pub  rsa2048/0x7237395DC5696F9F 2016-08-14 Remy van Elst Nitrokey (Nitrokey Start Key) <user@domain.tld>sec>  rsa2048/0x7237395DC5696F9F  created: 2016-08-14  expires: 2017-08-14                                  card-no: FFFE 52FF6E06ssb>  rsa2048/0x7AC83DB0C0EB9447  created: 2016-08-14  expires: 2017-08-14                                  card-no: FFFE 52FF6E06ssb>  rsa2048/0x78F9DDE99FFF73F2  created: 2016-08-14  expires: 2017-08-14                                  card-no: FFFE 52FF6E06

If you want you can now sign your new key with the old key. My new key id is7237395DC5696F9F. My regular key ID is 2B6755BD1B7F88DC:

gpg -u 2B6755BD1B7F88DC  --sign-key 7237395DC5696F9F

Output:

 Primary key fingerprint: D78A 0B1E 407E BD67 8435  CCC7 7237 395D C569 6F9F     Remy van Elst Nitrokey (Nitrokey Start Key) <user@domain.tld>This key is due to expire on 2017-08-14.Are you sure that you want to sign this key with yourkey "Remy van Elst <user@domain.tld>" (0x2B6755BD1B7F88DC)

You will then be asked for your password.

To cross-sign, reverse the process:

gpg -u 7237395DC5696F9F --sign-key 2B6755BD1B7F88DC

Output:

 Primary key fingerprint: 4DDE 73DB 5030 B539 2681  3A50 2B67 55BD 1B7F 88DC     Remy van Elst <user@domain.tld>This key is due to expire on 2019-05-31.Are you sure that you want to sign this key with yourkey "Remy van Elst Nitrokey (Nitrokey Start Key) <user@domain.tld>" (0x7237395DC5696F9F)Really sign? (y/N) y

You will be asked for your USER PIN for the Nitrokey.

Afterwards send both keys to the keyserver:

gpg --send-key 7237395DC5696F9Fgpg --send-key 2B6755BD1B7F88DC

If, for whatever reason, you need to revoke this keypair, import the revocationcertificate that GnuPG generated for you:

gpg: revocation certificate stored as '/home/remy/.gnupg/openpgp-revocs.d/D78A0B1E407EBD678435CCC77237395DC5696F9F.rev'

But, you need to edit the file first:

To avoid an accidental use of this file, a colon has been insertedbefore the 5 dashes below.  Remove this colon with a text editorbefore importing and publishing this revocation certificate.:-----BEGIN PGP PUBLIC KEY BLOCK-----

After you've done that, import the revocation certificate:

gpg --import /home/remy/.gnupg/openpgp-revocs.d/D78A0B1E407EBD678435CCC77237395DC5696F9F.rev

Output:

gpg: key 0x7237395DC5696F9F: "Remy van Elst Nitrokey (Nitrokey Start Key) <user@domain.tld>" revocation certificate importedgpg: Total number processed: 1gpg:    new key revocations: 1gpg: public key of ultimately trusted key 0xB9073AEB64937870 not foundgpg: marginals needed: 3  completes needed: 1  trust model: pgpgpg: depth: 0  valid:   3  signed:  13  trust: 0-, 0q, 0n, 0m, 0f, 3ugpg: depth: 1  valid:  13  signed:   4  trust: 12-, 0q, 0n, 0m, 1f, 0ugpg: next trustdb check due at 2016-09-01

Send the updated and revoked key to the keyservers:

gpg --send-key 7237395DC5696F9F

Loading external keys into the device

If you already have a keypair and subkeys, you can import those to the device.This is a good guide for setting up a machine for offline key generationand subkeys. I already have my master key so I won't cover it here.

I will add my key with key ID 2B6755BD1B7F88DC to the card. Fire up gpg forthis key:

gpg --expert --edit-key 2B6755BD1B7F88DC

We provice --expert since we are going to add three different subkeys to thiskey to load on the card. If you already have these subkeys, then it's notrequired.

My master key is 4096 bit, which the Nitrokey doesn't support. Therefore we alsoneed to generate these specific subkeys, they must be 2048 bit.

Add an Authentication subkey:

gpg> addkeyPlease select what kind of key you want:   (3) DSA (sign only)   (4) RSA (sign only)   (5) Elgamal (encrypt only)   (6) RSA (encrypt only)   (7) DSA (set your own capabilities)   (8) RSA (set your own capabilities)  (10) ECC (sign only)  (11) ECC (set your own capabilities)  (12) ECC (encrypt only)  (13) Existing keyYour selection? 8

Disable the Encrypt and Sign attributes:

Possible actions for a RSA key: Sign Encrypt Authenticate Current allowed actions: Sign Encrypt    (S) Toggle the sign capability   (E) Toggle the encrypt capability   (A) Toggle the authenticate capability   (Q) FinishedYour selection? SPossible actions for a RSA key: Sign Encrypt Authenticate Current allowed actions: Encrypt    (S) Toggle the sign capability   (E) Toggle the encrypt capability   (A) Toggle the authenticate capability   (Q) FinishedYour selection? E

Add the Authenticate attribute:

Possible actions for a RSA key: Sign Encrypt Authenticate Current allowed actions:    (S) Toggle the sign capability   (E) Toggle the encrypt capability   (A) Toggle the authenticate capability   (Q) FinishedYour selection? A

Continue on with the keysize (2048) and the expiry date (1 year):

Your selection? QRSA keys may be between 1024 and 4096 bits long.What keysize do you want? (2048) Requested keysize is 2048 bitsPlease specify how long the key should be valid.         0 = key does not expire      <n>  = key expires in n days      <n>w = key expires in n weeks      <n>m = key expires in n months      <n>y = key expires in n yearsKey is valid for? (0) 1yKey expires at Mon Aug 14 09:47:19 2017 CESTIs this correct? (y/N) yReally create? (y/N) y

The key is now being generated:

We need to generate a lot of random bytes. It is a good idea to performsome other action (type on the keyboard, move the mouse, utilize thedisks) during the prime generation; this gives the random numbergenerator a better chance to gain enough entropy.sec  rsa4096/0xD4A50E9CC37ACA81     created: 2014-09-02  expires: 2017-08-14  usage: SCA      trust: unknown       validity: fullssb  rsa4096/0x107F143B25325ED6     created: 2014-09-02  expires: 2016-09-01  usage: E   ssb  rsa2048/0x168C7E40842796D4     created: 2016-08-14  expires: 2017-08-14  usage: A   [  full  ] (1). R. van Elst <remy@cloudvps.com>

Repeat the above process and generate two more keys. One with ONLY the Encrypt(E) attribute and one with only the Sign (S) attribute. When that's done, thelist command should look like this:

ssb  rsa2048/0x168C7E40842796D4     created: 2016-08-14  expires: 2017-08-14  usage: A   ssb  rsa2048/0x76E7BD244019228B     created: 2016-08-14  expires: 2017-08-14  usage: E   ssb  rsa2048/0xDB3C494B3DF91C55     created: 2016-08-14  expires: 2017-08-14  usage: S 

Select the key to transfer to the card. We need to do all three the new keys. Inmy case, it's key 2:

gpg> key 2

The key gets a * added:

ssb* rsa2048/0x168C7E40842796D4     created: 2016-08-14  expires: 2017-08-14  usage: A 

Transfer the key to the Nitrokey:

gpg> keytocard

Confirm the key position in the card:

Please select where to store the key:   (3) Authentication keyYour selection? 3

You will be asked for the key passphrase and the Admin PIN.

If you issue the gpg --card-status command in another terminal you can seethat this key is added:

Signature counter : 0Signature key ....: [none]Encryption key....: [none]Authentication key: 80A9 C670 8CF2 26BB 0B05  BB11 168C 7E40 8427 96D4      created ....: 2016-08-14 07:45:16General key info..: [none]

Issue the key 2 command on the GPG prompt again to unselect this key, andcontinue with the next key:

gpg> key 2gpg> key 3

Output:

ssb* rsa2048/0x76E7BD244019228B     created: 2016-08-14  expires: 2017-08-14  usage: E  

Place it on the Nitrokey:

gpg> keytocard

Output:

Please select where to store the key:   (2) Encryption keyYour selection? 2

Again you will be asked for the Key passphrase. Afterwards in another terminal,validate that this key is loaded:

gpg --card-status

Output:

Signature counter : 0Signature key ....: [none]Encryption key....: CDBD 9425 CA43 1FA0 D433  9976 76E7 BD24 4019 228B      created ....: 2016-08-14 07:49:25Authentication key: 80A9 C670 8CF2 26BB 0B05  BB11 168C 7E40 8427 96D4      created ....: 2016-08-14 07:45:16General key info..: [none]

Repeat the process for the last key, unselect key 3 and select key 4:

gpg> key 3gpg> key 4

Output:

ssb* rsa2048/0xDB3C494B3DF91C55     created: 2016-08-14  expires: 2017-08-14  usage: S 

Place it on the card:

Please select where to store the key:   (1) Signature key   (3) Authentication keyYour selection? 1

Save and quit the prompt:

gpg> save

Check with gpg --card-status that all the keys are loaded:

Signature counter : 0Signature key ....: 8832 C6F8 2D1C D75C 9507  25A4 DB3C 494B 3DF9 1C55      created ....: 2016-08-14 07:50:28Encryption key....: CDBD 9425 CA43 1FA0 D433  9976 76E7 BD24 4019 228B      created ....: 2016-08-14 07:49:25Authentication key: 80A9 C670 8CF2 26BB 0B05  BB11 168C 7E40 8427 96D4      created ....: 2016-08-14 07:45:16General key info..: sub  rsa2048/0xDB3C494B3DF91C55 2016-08-14 R. van Elst <remy@cloudvps.com>sec   rsa4096/0xD4A50E9CC37ACA81  created: 2014-09-02  expires: 2017-08-14ssb   rsa4096/0x107F143B25325ED6  created: 2014-09-02  expires: 2016-09-01ssb>  rsa2048/0x168C7E40842796D4  created: 2016-08-14  expires: 2017-08-14                                  card-no: FFFE 52FF6E06ssb>  rsa2048/0x76E7BD244019228B  created: 2016-08-14  expires: 2017-08-14                                  card-no: FFFE 52FF6E06ssb>  rsa2048/0xDB3C494B3DF91C55  created: 2016-08-14  expires: 2017-08-14                                  card-no: FFFE 52FF6E06

Export your public key:

gpg --export --armor D4A50E9CC37ACA81

Save this on your filesystem. We are going to remove the private keys from yourmachine, since they are on the Nitrokey. You do need your public key later on.

Just to make sure, before removing any GPG keys, make a backup of your~/.gnupg folder:

cp -ar ~/.gnupg ~/.gnupg-backup-$(date +%s)

Unplug the Nitrokey. Then delete the secret keys for this keypair:

gpg --delete-secret-key D4A50E9CC37ACA81

Confirm it a few times.

To use the smartcard on another PC, you first need to import the public keyfirst. On the current machine, to use the keys, first run:

gpg --card-status

To test, create a small test file:

echo 'this is a small test file' > test

Sign that with this specific key:

gpg --sign -u D4A50E9CC37ACA81 test

You will be asked for the User PIN of the Nitrokey. Afterwards there is atest.gpg file. You can verify that file is signed:

gpg --verify -u 2B6755BD1B7F88DC  test.gpg 

Output:

gpg: Signature made Sun Aug 14 10:56:48 2016 CESTgpg:                using RSA key 0xDB3C494B3DF91C55gpg: Good signature from "R. van Elst <remy@cloudvps.com>" [full]Primary key fingerprint: 5DD7 711A F8C4 72D7 BEEF  03D0 D4A5 0E9C C37A CA81     Subkey fingerprint: 8832 C6F8 2D1C D75C 9507  25A4 DB3C 494B 3DF9 1C55

If the Nitrokey is not present when you want to sign, gpg will tell you toplease insert the correct smartcard.

Overwriting (deleting) keys on the Nitrokey

Nitrokey Start (actually gnuk) doesn't support overriding keys. Once generatedor written, you should use a Python script provided by GnuK, gnuk removekeys_libusb.py to remove keys before trying to write a new one.

Do note that I got errors while using this script. There is a non libusbversio that did work for me. First make sure you have pyscard installed:

pip2 install pyscard

Clone the git repository:

git clone https://github.com/Nitrokey/nitrokey-start-firmware.gitcd nitrokey-start-firmware

IF YOU EXECUTE THE BELOW SCRIPT ALL YOUR KEYS WILL BE REMOVED

Execute the non libusb removal script:

python2 tool/gnuk_remove_keys.py -p

It will ask you for the ADMIN PIN:

Admin password: <12345678>

Output:

Token: Nitrokey Nitrokey Start (FSIJ-1.0.4-52FF6E06) 00 00ATR: 3B DA 11 FF 81 B1 FE 55 1F 03 00 31 84 73 80 01 80 00 90 00 E4

You can afterwards check that all the keys are removed:

gpg --card-status

Output:

Signature counter : 0Signature key ....: [none]Encryption key....: [none]Authentication key: [none]General key info..: [none]

If you receive errors like:

smartcard.Exceptions.CardConnectionException: Unable to connect with protocol: T0 or T1. Sharing violation.

Or

  File "tool/gnuk_remove_keys.py", line 54, in cmd_verify    raise ValueError, ("%02x%02x" % (sw1, sw2))ValueError: 6982

Then just remove and insert the key and try again.

Usage examples with GPG

To encrypt a file for recipient with key 2B6755BD1B7F88DC, use the followingcommand:

gpg --sign --encrypt  -u D4A50E9CC37ACA81 -r 2B6755BD1B7F88DC test

If you want to just encrypt the file, remove the --sign flag. -r is therecipient, -u is your key. If you remove the sign flag, the other personcannot validate that the file came from you.

To sign a message and have the ASCII output, use the following command:

gpg --sign --armor -u D4A50E9CC37ACA81   test

Enter the User PIN, and afterwards check the output:

$ cat test.asc -----BEGIN PGP MESSAGE-----owEBVAGr/pANAwAKAds8SUs9+RxVAawkYgR0ZXN0V7AzN3RoaXMgaXMgYSBzbWFsbCB0ZXN0IGZpbGUKiQEcBAABCgAGBQJXsDM3AAoJENs8SUs9+RxV9zwH/R/CFYztFJ/TniMWEwUOQ8YvyM2b7Sj4mcw+7yI/db1J6jsdGuoisWrIhvs0tp3i6qtKIjWVSrGSHcnv+Ur6k2YYqfAEpybw1ixAa/XwVZjUJaSfLm8uqYDD4pMhBupky/OVfZTlaI/hhZuaPShAt3f8Zg6ZwqIk8OqM6HCe+eSSflC/HVDyt4WKtq0JcZtIjzKbvsGDjfHrtabzoKdGLmG2y1GT5wrDIM8nInn66Q3uPm/jNlnEH1M93Z4DnY3/jm/+hu+3DjJFximcSlt3H0kQ7c1y2FXNiufXP+LPmB5QooZouZ5ILSaIiQenoi28T5/aQPv4P9BiMreZVKzZ6IQ==Ztv5-----END PGP MESSAGE-----

If you receive an encrypted and signed message, you can decypt it with thefollowing command:

gpg --decrypt test.gpg 

You will be asked to enter your user PIN. Output:

gpg: encrypted with 2048-bit RSA key, ID 0x76E7BD244019228B, created 2016-08-14      "R. van Elst <remy@cloudvps.com>"this is a small test filegpg: Signature made Sun Aug 14 12:12:35 2016 CESTgpg:                using RSA key 0x2B6755BD1B7F88DCgpg: Good signature from "Remy van Elst <relst@relst.nl>" [ultimate]Primary key fingerprint: 4DDE 73DB 5030 B539 2681  3A50 2B67 55BD 1B7F 88DC

Usage examples with OpenSSH

OpenSSH requires to have a subkey with the Authentication attribute. We don'tuse a complicated GPG agent setup or key conversion, but we utilize OpenSC.The Nitrokey Start can also be used with OpenSC just as the Nitrokey HSM.

Make sure the Nitrokey is plugged in. Execute the following command to add themodule to the ssh-agent:

ssh-add -s opensc-pkcs11.so

Output:

Enter passphrase for PKCS#11: Card added: opensc-pkcs11.so

You can check that the keys are available now with the -l flag:

ssh-add -l

Output:

2048 SHA256:INvUw/LHzO/loNzzAu99FYlvYpq1o3IgPgjJJuDt/FE opensc-pkcs11.so (RSA)2048 SHA256:rb0keTL7bQFtr1C5Rii/c6hTcTIM+OYeZ/aqHWJf9+0 opensc-pkcs11.so (RSA)2048 SHA256:QR/Wr8YAvRQW1rA6Y9UnORZvbXflFB6uG9l2PqxRS2A opensc-pkcs11.so (RSA)

With the -L flag you also get the public keys for use in~/.ssh/authorized_keys:

ssh-add -l

Output:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDuDJUnbB81eUOZ+I0FZk35Yk9S4MyAPIJIcpN5jywNUcX5DJdgXNv/k4gm2grCIAdhACMK6sxnH2jd7e23Iq3LhDLz+I8Stc3qzKqnl1agD87IG2+trCCz2Odd7nIxRr3me5eutEDhvwqLX1aXiH/UEcUOOWGQ6Vu7iDOlia2s5p5qr5F4tbiD0TwdmiTvqtgMPyiXMIk4OCttB5dLyY/7hplfBSYXGgGujQEx6Q7OaHeGc983ZbfLnWvSWqEEfHnQG4IemhgHGU4ZuPdgfc8BgYDBPBFXtcG5lv3SREpupFVnWXm5L8bh3y3j7twlZamlCA7Sk7Vf29UDsbZ/1COT opensc-pkcs11.sossh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDgfplUpYCDOGGU9hnZdiHYvetm6Fz7vflcTh/PdQl+9E20ocOXK7IEmm70ABv5Sp5wESIrzyrchUfKo1mvALdxy3Xb1Qc1WC7NQfmUOpMJ4ztNwTB8Jy+Qs2XzMRXGq6RU8RlZcrer7gj0QQIzIxkDrwLG21SByt/hyVUqSI31tQwqs/SKP9cKxcZLAIzReeu2JAqr6U2O62O6/SVYWTa5XV6HKs3PLBsNfjojfGHPYfheSEdY7tMkAZ6uaQsW0FelwdSYoVjhejk29H9AsIuz6Ivp5oscHZhIR9kesnhPj7SBZV2/CFEWSvwmuyNlH3UNr8kvZbdcWPZbLCeLlDTj opensc-pkcs11.sossh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyDuf4vqd4G0CboNKqOOV8UMsYRF/KvPnKO2bZHS46PFMOjBLz0eDQku+YFeNu9wE4uEuBN1eAkvArp5cBTEds8F+qHAoj7C6lRNGrevxBBG/i5m8N6WLl6Ser1P7SZBRv+YF7ErDWDvuHm5GzrD7DU/sVH15ZT+MUDPZ5ANL0PcCYUafxBVigBTNb1siab86sHLDsv+JqYvVyY7qwnog57WyG3C51+GfxmglwDYZeCtBVrP0FKnnaWXnsJIDiE8YlaaUmvQErEDr5NEzNQj5pKcP9Di0IXdPkjBp0AcHZE2u34nT6L0YXKreaWPcyq1eUJC83+x8YRhgQ+C9u1Yip opensc-pkcs11.so

But which key is the Authentication key? Find out with pkcs15-tool:

pkcs15-tool --list-keys

Output:

Using reader with a card: Nitrokey Nitrokey Start (FSIJ-1.0.4-52FF6E06) 00 00Private RSA Key [Signature key]    Object Flags   : [0x3], private, modifiable    Usage          : [0x20C], sign, signRecover, nonRepudiation    Access Flags   : [0x1D], sensitive, alwaysSensitive, neverExtract, local    ModLength      : 2048    Key ref        : 0 (0x0)    Native         : yes    Auth ID        : 01    ID             : 01    MD:guid        : 2c444dd0-08c1-0684-5f26-4eb852d0bb81Private RSA Key [Encryption key]    Object Flags   : [0x3], private, modifiable    Usage          : [0x22], decrypt, unwrap    Access Flags   : [0x1D], sensitive, alwaysSensitive, neverExtract, local    ModLength      : 2048    Key ref        : 1 (0x1)    Native         : yes    Auth ID        : 02    ID             : 02    MD:guid        : f4238588-7a7d-29bd-c130-27a565150066Private RSA Key [Authentication key]    Object Flags   : [0x3], private, modifiable    Usage          : [0x222], decrypt, unwrap, nonRepudiation    Access Flags   : [0x1D], sensitive, alwaysSensitive, neverExtract, local    ModLength      : 2048    Key ref        : 2 (0x2)    Native         : yes    Auth ID        : 02    ID             : 03    MD:guid        : d2f08102-b940-3efe-9e91-50f8d377a1d7

The key with ID 3 is the authentication key. Get the SSH key for that ID:

pkcs15-tool --read-ssh-key 3

Output:

Using reader with a card: Nitrokey Nitrokey Start (FSIJ-1.0.4-52FF6E06) 00 00ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyDuf4vqd4G0CboNKqOOV8UMsYRF/KvPnKO2bZHS46PFMOjBLz0eDQku+YFeNu9wE4uEuBN1eAkvArp5cBTEds8F+qHAoj7C6lRNGrevxBBG/i5m8N6WLl6Ser1P7SZBRv+YF7ErDWDvuHm5GzrD7DU/sVH15ZT+MUDPZ5ANL0PcCYUafxBVigBTNb1siab86sHLDsv+JqYvVyY7qwnog57WyG3C51+GfxmglwDYZeCtBVrP0FKnnaWXnsJIDiE8YlaaUmvQErEDr5NEzNQj5pKcP9Di0IXdPkjBp0AcHZE2u34nT6L0YXKreaWPcyq1eUJC83+x8YRhgQ+C9u1Yip Authentication key

Add that to a server's ~/.ssh/authorized_keys file and you are able to loginwithout being asked a password:

$ ssh root@85.222.224.108Warning: Permanently added '85.222.224.108' (ECDSA) to the list of known hosts.Welcome to Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-31-generic x86_64) * Documentation:  https://help.ubuntu.com * Management:     https://landscape.canonical.com * Support:        https://ubuntu.com/advantageroot@smartcard:~# cat /var/log/auth.log Aug 14 12:41:48 ubuntu sshd[1754]: Accepted password for root from 192.168.20.332 port 50330 ssh2Aug 14 12:41:48 ubuntu sshd[1754]: pam_unix(sshd:session): session opened for user root by (uid=0)Aug 14 12:42:06 ubuntu sshd[1754]: Received disconnect from 192.168.20.332 port 50330:11: disconnected by userAug 14 12:42:06 ubuntu sshd[1754]: Disconnected from 192.168.20.332 port 50330[...]Aug 14 12:42:08 ubuntu sshd[1776]: Postponed publickey for root from 192.168.20.332 port 50366 ssh2 [preauth]Aug 14 12:42:09 ubuntu sshd[1776]: Accepted publickey for root from 192.168.20.332 port 50366 ssh2: RSA SHA256:QR/Wr8YAvRQW1rA6Y9UnORZvbXflFB6uG9l2PqxRS2AAug 14 12:42:09 ubuntu sshd[1776]: pam_unix(sshd:session): session opened for user root by (uid=0)

When you're done with all the sessions, close them and remove the Nitrokey fromthe ssh-agent:

ssh-add -e opensc-pkcs11.so

Output:

Card removed: opensc-pkcs11.so

ssh-add -l shouldn't show the keys anymore.

Usage examples with Thunderbird

Using Enigmail with Thunderbird is very easy. If you've set up theNitrokey Start as shown above with OpenPGP, Enigmail will automatically find thekey and use it, if it's inserted, no further setup required. Here's thesmartcard information screen:

When sending an email, it will automatically ask you for the PIN:

If you receive an encrypted email, it will also automatically ask you for thePIN and decrypt the email:

Literally no setup required. I've rarely seen this kind of encrypton be soeasily setup, major props to Thunderbird, Enigmail and GPG here.

Tags: articles, gnupg, gpg, nitrokey, nitrokey-start, openssh, smartcard, ssh, start, thunderbird