@szszszsz szszszsz released this Nov 23, 2018

Assets 5

This update fixes Nitrokey App communication issue under Windows 10 1809: NitrokeyApp#392. It is optional for users not using this operating system, or not using the Nitrokey App there. The only change is redefining the HID descriptor, which will make the device to not be identified as a virtual keyboard and allow to connect by non-system applications. As a consequence of removing the virtual keyboard, the 'special key double press OTP insertion' feature will now not work (it might be restored in future firmware versions).

Issue affects only communication with the Nitrokey App. Smart card communication should not be affected.

Firmware is signed with szczepan@nitrokey.com, key id: 868184069239FF65DE0BCD7D D9BAE35991DE5B22 (valid until 2019-01-10). ID can be confirmed with the one on the main download site.

Update instructions

Since the update mode cannot be activated under Windows 10 1809 using the Nitrokey App (due to mentioned issue), we will provide alternative solution to execute the update in the following days. Users of multiple OSes can resort to activating the update on another system.

@szszszsz szszszsz released this Jun 27, 2018 · 2 commits to master since this release

Assets 5

Use Admin PIN to change Unencrypted Volume read-only/read-write state.
This feature requires Nitrokey App v1.3.1 to work.

Firmware is signed with szczepan@nitrokey.com, key id: 868184069239FF65DE0BCD7D D9BAE35991DE5B22. ID can be confirmed with the one on the main download site.

Edit 2018-07-02: Unencrypted Volume is now read-only by default. To change it to read-write please use 'Configuration' sub-menu in Nitrokey App. Older Nitrokey App versions will report, that supplied PIN is invalid, while trying to change the state due to protocol change. Please use v1.3.1 to do so.


Details

Reactivate old commands:

  • ENABLE_ADMIN_READONLY_UNCRYPTED_LUN
  • ENABLE_ADMIN_READWRITE_UNCRYPTED_LUN

Disable:

  • ENABLE_READONLY_UNCRYPTED_LUN
  • ENABLE_READWRITE_UNCRYPTED_LUN

Not changed:

  • ENABLE_ADMIN_READONLY_ENCRYPTED_LUN
  • ENABLE_ADMIN_READWRITE_ENCRYPTED_LUN

New: blinking command

@szszszsz szszszsz released this Jun 14, 2018 · 12 commits to master since this release

Assets 5

Handle missing AES key's DO (data object).
In older firmwares, if the DO was not found, empty AES key was used for encrypting data on Encrypted Volume. Removal of the AES key's DO is only possible by making a factory reset via CCID/smart card interface (e.g. using GnuPG). If the latter was never done or the AES key was regenerated afterwards (e.g. via the device's factory reset or Destroy encrypted data, issued in Nitrokey App), the key has the correct, randomized value and the data are encrypted correctly. New firmware tests for the key correctness and disallow Encrypted Volume unlock, if it is not random.

Update is strongly advised. Please make a backup of your data before proceeding, as they might not be accessible further.

Announcement with the details and an update guide will be sent in a near future. It will mention a new application created lately (for Windows and macOS) to ease the update process - Nitrokey Update Tool.
Please see the commit's messages for the technical details.

Firmware is signed with szczepan@nitrokey.com, key id: 868184069239FF65DE0BCD7D D9BAE35991DE5B22. ID can be confirmed with the one on the download site.

@rudbo rudbo released this Jan 21, 2018 · 23 commits to master since this release

Assets 10

Fix: Don't clear last HID APP command when CCID interface is active

Reactivate old commands
ENABLE_READONLY_UNCRYPTED_LUN
ENABLE_READWRITE_UNCRYPTED_LUN

Disable
ENABLE_ADMIN_READONLY_UNCRYPTED_LUN
ENABLE_ADMIN_READWRITE_UNCRYPTED_LUN
ENABLE_ADMIN_READONLY_ENCRYPTED_LUN
ENABLE_ADMIN_READWRITE_ENCRYPTED_LUN

@rudbo rudbo released this Jan 20, 2018 · 24 commits to master since this release

Assets 6

External Versionnr 0.49
Internal Versionnr 0

Fix: Don't clear last HID APP command when CCID interface is active

New commands in firmware, unlock with admin password
ENABLE_ADMIN_READONLY_UNCRYPTED_LUN
ENABLE_ADMIN_READWRITE_UNCRYPTED_LUN
ENABLE_ADMIN_READONLY_ENCRYPTED_LUN
ENABLE_ADMIN_READWRITE_ENCRYPTED_LUN

Disable commands
ENABLE_READONLY_UNCRYPTED_LUN
ENABLE_READWRITE_UNCRYPTED_LUN

Assets 5

szszszsz: Warning - MacOS users: this release may handle your encrypted volumes improperly. For details please see link.

Assets 3

The SCSI command SYNCHRONIZE_CACHE (0x35) is in WIN10 "Creators Update" not optional

Device is connected after 20 minutes on latest Windows 10 "Creators Update" #33
#33

partitions are mounted multiple times #29
#29