pynitrokey
A command line interface for the Nitrokey FIDO2, Nitrokey Start, Nitrokey 3 and NetHSM.
Quickstart
$ pipx install pynitrokey
$ nitropy --help
Documentation
The user documentation for the nitropy
CLI is available on docs.nitrokey.com. See also the product documentation for more information on the available commands:
Switching Nitrokey Start identities
Alternative MI switching method
`pynitrokey` installation is not always possible, hence describing below alternative method to change the Identity on the Nitrokey Start. It suffices to have any CCID application installed, and send the following APDU `00 85 00 {ID}` (hex), where `ID` is in range `[0;2]`. After receiving this command Nitrokey Start will reboot with the selected identity.
Here is how to do it using GnuPG:
```text
# Setting ID to 2
$ gpg-connect-agent --hex "scd apdu 00 85 00 02" /bye
ERR 65539 Unknown version in packet
# Alternative error messsage
ERR 65572 Bad certificate
```
The error message here is expected due to immediate reboot of the device, and with losing the connection.
When the ID change is attempted to be done immediately, the following response could be received:
```
ERR 100663406 Card removed
```
To restore the communication, either kill the `gpg-agent` or run `gpg --card-status` again.
Tip: alternative `gpg-connect-agent reloadagent /bye` is not sufficient.
Compatibility
nitropy
requires Python 3.9 or later.
Development
Information for developers and contributors can be found in the Developer Guide.
Contributors
pynitrokey
development has been supported by these contributors:
Maintainers
Current maintainers can be found in MAINTAINERS.md file.
License
Licensed similarly to upstream, under either of
at your option.