Nitrokey Pro 使用方法

Windows管理Nitrokey Pro使用Gpg4win(https://gpg4win.org/),此工具会自动安装GnuPG,设置Nitrokey Pro信息的时候会用到GnuPG的命令行工具。

 

GnuPG命令行说明

gpg --card-status 查看智能卡状态

gpg --card-edit 编辑智能卡

fetch 可以从设置的url中获取公钥

admin 显示管理命令

passwd 可以修改PIN与Admin PIN码

gpg --export-ssh-key ************************* 导出ssh用的公钥(符合ssh的规范)

 

设置记录

默认PIN(用于日常操作,如解锁令牌,签名和加解密等):123456

默认Admin PIN:12345678

重置码:(*******************)用户重置PIN

name: myname

url: http://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0xF83BB3599EF21740 (用ubuntu的速度比较快)

lang: cn

sex: M

login: username

 

换到其它电脑上使用Nitrokey Pro时候,要先导入对应的公钥,否则gpg无法使用Nitrokey Pro。

 

如果忘了Nitrokey Pro的密码官方提供了一个工具(CryptoStickReset.exe),可以初始化(很彻底和新买的一样)。

 

参考

https://raymii.org/s/articles/Nitrokey_Start_Getting_started_guide.html

https://www.nitrokey.com/de/putty

 

 

--------------------------------其它--------------------------------

修改信任

$ gpg --edit-key <Uid>

gpg (GnuPG) 1.4.11; Copyright (C) 2010 Free Software Foundation, Inc.

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.

 

pub  1024D/6EDA5E6F  created: 2013-08-29  expires: never       usage: SCA

trust: full          validity: unknown

sub  1024g/32E0CB1C  created: 2013-08-29  expires: never       usage: E

[ unknown] (1). <Uid>

 

gpg> trust

pub  1024D/6EDA5E6F  created: 2013-08-29  expires: never       usage: SCA

trust: full          validity: unknown

sub  1024g/32E0CB1C  created: 2013-08-29  expires: never       usage: E

[ unknown] (1). <Uid>

 

Please decide how far you trust this user to correctly verify other users' keys

(by looking at passports, checking fingerprints from different sources, etc.)

 

1 = I don't know or won't say

2 = I do NOT trust

3 = I trust marginally

4 = I trust fully

5 = I trust ultimately

m = back to the main menu

 

Your decision? 5

Do you really want to set this key to ultimate trust? (y/N) y

 

pub  1024D/6EDA5E6F  created: 2013-08-29  expires: never       usage: SCA

trust: ultimate      validity: unknown

sub  1024g/32E0CB1C  created: 2013-08-29  expires: never       usage: E

[ unknown] (1). <Uid>

Please note that the shown key validity is not necessarily correct

unless you restart the program.

 

gpg> quit

 

将以有密钥导入到Nitrokey Pro中

$ gpg --edit-key 559C215F

gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.

 

Secret key is available.

 

pub  1024D/559C215F  created: 2009-05-04  expires: never       usage: SC

trust: ultimate      validity: ultimate

sub  2048g/5457F4E7  created: 2009-05-04  expires: never       usage: E

sub  1024R/E1D9B30D  created: 2009-05-13  expires: never       usage: S

sub  1024R/EDDA691E  created: 2009-05-13  expires: never       usage: E

[ultimate] (1). Martin Gollowitzer (Testing environment) <gollo@fsfe.org>

 

Command> toggle

 

sec  1024D/559C215F  created: 2009-05-04  expires: never

ssb  2048g/5457F4E7  created: 2009-05-04  expires: never

ssb  1024R/E1D9B30D  created: 2009-05-13  expires: never

ssb  1024R/EDDA691E  created: 2009-05-13  expires: never

(1)  Martin Gollowitzer (Testing environment) <gollo@fsfe.org>

 

Command> key 2

 

sec  1024D/559C215F  created: 2009-05-04  expires: never

ssb  2048g/5457F4E7  created: 2009-05-04  expires: never

ssb* 1024R/E1D9B30D  created: 2009-05-13  expires: never

ssb  1024R/EDDA691E  created: 2009-05-13  expires: never

(1)  Martin Gollowitzer (Testing environment) <gollo@fsfe.org>

 

Command> keytocard

Signature key ....: [none]

Encryption key....: [none]

Authentication key: [none]

 

Please select where to store the key:

(1) Signature key

(3) Authentication key

Your selection? 1

 

You need a passphrase to unlock the secret key for

user: "Martin Gollowitzer (Testing environment) <gollo@fsfe.org>"

1024-bit RSA key, ID E1D9B30D, created 2009-05-13

 

gpg: generating new key

gpg: 3 Admin PIN attempts remaining before card is permanently locked

 

Admin PIN

 

sec  1024D/559C215F  created: 2009-05-04  expires: never

ssb  2048g/5457F4E7  created: 2009-05-04  expires: never

ssb* 1024R/E1D9B30D  created: 2009-05-13  expires: never

card-no: 0001 00000229

ssb  1024R/EDDA691E  created: 2009-05-13  expires: never

(1)  Martin Gollowitzer (Testing environment) <gollo@fsfe.org>

 

Command> key 2

 

sec  1024D/559C215F  created: 2009-05-04  expires: never

ssb  2048g/5457F4E7  created: 2009-05-04  expires: never

ssb  1024R/E1D9B30D  created: 2009-05-13  expires: never

card-no: 0001 00000229

ssb  1024R/EDDA691E  created: 2009-05-13  expires: never

(1)  Martin Gollowitzer (Testing environment) <gollo@fsfe.org>

 

Command> key 3

 

sec  1024D/559C215F  created: 2009-05-04  expires: never

ssb  2048g/5457F4E7  created: 2009-05-04  expires: never

ssb  1024R/E1D9B30D  created: 2009-05-13  expires: never

card-no: 0001 00000229

ssb* 1024R/EDDA691E  created: 2009-05-13  expires: never

(1)  Martin Gollowitzer (Testing environment) <gollo@fsfe.org>

 

Command> keytocard

Signature key ....: [none]

Encryption key....: [none]

Authentication key: [none]

 

Please select where to store the key:

(2) Encryption key

Your selection? 2

 

You need a passphrase to unlock the secret key for

user: "Martin Gollowitzer (Testing environment) <gollo@fsfe.org>"

1024-bit RSA key, ID EDDA691E, created 2009-05-13

 

gpg: generating new key

 

sec  1024D/559C215F  created: 2009-05-04  expires: never

ssb  2048g/5457F4E7  created: 2009-05-04  expires: never

ssb  1024R/E1D9B30D  created: 2009-05-13  expires: never

card-no: 0001 00000229

ssb* 1024R/EDDA691E  created: 2009-05-13  expires: never

card-no: 0001 00000229

(1)  Martin Gollowitzer (Testing environment) <gollo@fsfe.org>

 

Command> save