pynitrokey

A command line interface for the Nitrokey FIDO2, Nitrokey Start, Nitrokey 3 and NetHSM.

Quickstart

$ pipx install pynitrokey
$ nitropy --help

Documentation

The user documentation for the nitropy CLI is available on docs.nitrokey.com. See also the product documentation for more information on the available commands:

Switching Nitrokey Start identities

Alternative MI switching method

`pynitrokey` installation is not always possible, hence describing below alternative method to change the Identity on the Nitrokey Start. It suffices to have any CCID application installed, and send the following APDU `00 85 00 {ID}` (hex), where `ID` is in range `[0;2]`. After receiving this command Nitrokey Start will reboot with the selected identity. Here is how to do it using GnuPG: ```text # Setting ID to 2 $ gpg-connect-agent --hex "scd apdu 00 85 00 02" /bye ERR 65539 Unknown version in packet # Alternative error messsage ERR 65572 Bad certificate ``` The error message here is expected due to immediate reboot of the device, and with losing the connection. When the ID change is attempted to be done immediately, the following response could be received: ``` ERR 100663406 Card removed ``` To restore the communication, either kill the `gpg-agent` or run `gpg --card-status` again. Tip: alternative `gpg-connect-agent reloadagent /bye` is not sufficient.

Compatibility

nitropy requires Python 3.9 or later.

Development

Information for developers and contributors can be found in the Developer Guide.

Contributors

pynitrokey development has been supported by these contributors:

Maintainers

Current maintainers can be found in MAINTAINERS.md file.

License

Licensed similarly to upstream, under either of

Apache License, Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)

at your option.

Nitrokey / pynitrokey

readme