Skip to content

Releases: Nitrokey/nitrokey-storage-firmware

V0.57

04 Mar 16:55
@szszszsz szszszsz
V0.57
This tag was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Learn about vigilant mode.
f114941
This commit was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
V0.57 Latest
Latest

After the update only the Unencrypted and Encrypted Volumes data will be retained. Password Safe, OTPs and Hidden Volumes will be lost.

Update guide:

Use of nitrokey-storage-V0.57.hex firmware file should be preferred.
This is a release with the free space of the image filled with random data (taken from the attached random.bin). The other hex file with the reproducible suffix contains only the compiler produced output, without this extension. Both should work identically. The difference is, that the random data will show up in the results of the firmware image export for the former, which by design should make harder to hide a malicious code in the firmware.

This firmware requires Nitrokey App v1.4 to fully operate. Otherwise the OTP slot writing and configuration update will not work.
Known limitations:
- Write to the 15th TOTP slot is disabled (until the next firmware) due to a bug - #91;
- Write to OTP slots in Nitrokey Apps v1.3.2 and older is silently (without a warning to user) disabled due to a modified authorization method (#22). At the moment only Nitrokey App v1.4 can handle it. Other features works as usual.

Firmware is signed with szczepan@nitrokey.com, key id: 868184069239FF65DE0BCD7D D9BAE35991DE5B22
(valid until 2023-01-11). ID can be confirmed to be the same with one on the main download site - https://www.nitrokey.com/download.

$ gpg2 --verify sha256sum.sig
gpg: assuming signed data in 'sha256sum'
gpg: Signature made Fri 04 Mar 2022 05:42:27 PM CET
gpg:                using RSA key 868184069239FF65DE0BCD7DD9BAE35991DE5B22
gpg: Good signature from "Szczepan Zalega <szczepan.zalega@gmail.com>" [ultimate]
gpg:                 aka "Szczepan Zalega (Nitrokey) <szczepan@nitrokey.com>" [ultimate]

Built with optimizations disabled (-O0), using GCC 4.3.3 (AVR_Toolchain_3.0_124).
avr32-gcc (AVR_Toolchain_3.0_124) 4.3.3

Firmware changes:

  • Validate HV setup input data #115
  • Correct firmware binary export boundaries #113
  • Additional barriers during flash writing for the better data coherency

Development:

  • Make input data validation for other commands explicit
  • Updated helpers
  • Remove obsolete commands
  • Disable build of the debug code (previously removed during linking time, now not build at all)
  • Add map file for post-build analysis

Tested on Linux Fedora 34:

  • libnitrokey test suite v3.7-RC2-5-g03303c8
  • firmware update path: v0.56 -> v0.57 -> v0.56

Maintenance note: firmware built locally, using known to work compiler version from the previous releases. New compiler will be introduced on the next release.

Assets 7
Loading

v0.56-RC2

30 Jul 10:36
@nitrokey-ci nitrokey-ci
v0.56-RC2
This tag was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Learn about vigilant mode.
6e6319a
This commit was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.56-RC2 Pre-release
Pre-release 
RC. Add HMAC to the EV AES key
Assets 5
Loading

V0.56

31 Jul 15:55
@nitrokey-ci nitrokey-ci
V0.56
This tag was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Learn about vigilant mode.
6fd0fcd
This commit was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
V0.56

After the update only the Unencrypted and Encrypted Volumes data will be retained. Password Safe, OTPs and Hidden Volumes will be lost.

Update guide:

Use of nitrokey-storage-V0.56.hex firmware file should be preferred.
This is the first release with the free space of the image filled with random data (taken from the attached random.bin). The other hex file with the reproducible suffix contains only the compiler produced output, without this extension. Both should work identically. The difference is, that the random data will show up in the results of the firmware image export for the former, which by design should make harder to hide a malicious code in the firmware.

This firmware requires Nitrokey App v1.4 to fully operate. Otherwise the OTP slot writing and configuration update will not work.
Known limitations:
- Write to the 15th TOTP slot is disabled (until the next firmware) due to a bug - #91;
- Write to OTP slots in Nitrokey Apps v1.3.2 and older is silently (without a warning to user) disabled due to a modified authorization method (#22). At the moment only Nitrokey App v1.4 can handle it. Other features works as usual.

Firmware is signed with szczepan@nitrokey.com, key id: 868184069239FF65DE0BCD7D D9BAE35991DE5B22
(valid until 2022-01-11). ID can be confirmed to be the same with one on the main download site - https://www.nitrokey.com/download.

$ gpg2 --verify sha256sum.sig
gpg: assuming signed data in 'sha256sum'
gpg: Signature made Sat 31 Jul 2021 05:48:36 PM CEST
gpg:                using RSA key 868184069239FF65DE0BCD7DD9BAE35991DE5B22
gpg: Good signature from "Szczepan Zalega <szczepan.zalega@gmail.com>" [ultimate]
gpg:                 aka "Szczepan Zalega (Nitrokey) <szczepan@nitrokey.com>" [ultimate]

Built with optimizations disabled (-O0), using GCC 4.3.3 (AVR_Toolchain_3.0_124).
avr32-gcc (AVR_Toolchain_3.0_124) 4.3.3

Firmware changes:

  • Add HMAC control sum to EV AES key, and abort EV unlock operation if it does not match;
  • HMAC is generated on the first use of the EV key, and removed on the AES key regeneration and factory reset;
  • The returned error is WRONG_PASSWORD for the backward compatibility purposes (to be changed in the future);
  • Removed obsolete matrix-input feature, and connected implementation;
  • Introduce more time-rigid memory comparison function where needed;
  • Reintroduce logs collection through debug file written to UV (disabled for the release);

Development:

  • Add helpers for the development (build, upload through bootloader and test in one step, without debugger);
  • Divide the main Makefile for better readability;
  • Remove obsolete code;

Tested on Linux Fedora 33:

  • libnitrokey test suite v3.6-21-g0748451
  • firmware update path: v0.55 -> v0.56 -> v0.55

Maintenance note: firmware built locally, using known to work compiler version from the previous releases. New compiler will be introduced on the next release.

Assets 7
Loading

V0.55: Correct configuration handling

30 Dec 14:23
@szszszsz szszszsz
V0.55
This tag was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Learn about vigilant mode.
f376b08
This commit was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
V0.55: Correct configuration handling

After the update only the Unencrypted and Encrypted Volumes data will be retained. Password Safe, OTPs and Hidden Volumes will be lost.

Update guide:

This firmware requires Nitrokey App v1.4 to fully operate. Otherwise the OTP slot writing and configuration update will not work.
Known limitations:
- Write to the 15th TOTP slot is disabled (until the next firmware) due to a bug - #91;
- Write to OTP slots in Nitrokey Apps v1.3.2 and older is silently (without a warning to user) disabled due to a modified authorization method (#22). At the moment only Nitrokey App v1.4 can handle it (will be released in coming days released already). Other features works as usual.

Firmware is signed with szczepan@nitrokey.com, key id: 868184069239FF65DE0BCD7D D9BAE35991DE5B22
(valid until 2021-01-12). ID can be confirmed to be the same with one on the main download site - https://www.nitrokey.com/download.

$ gpg2 --verify nitrokey-storage-V0.55.hex.sig
gpg: assuming signed data in 'nitrokey-storage-V0.55.hex'
gpg: Signature made Wed 30 Dec 2020 03:12:54 PM CET
gpg:                using RSA key 868184069239FF65DE0BCD7DD9BAE35991DE5B22
gpg: Good signature from "Szczepan Zalega <szczepan.zalega@gmail.com>"
gpg:                 aka "Szczepan Zalega (Nitrokey) <szczepan@nitrokey.com>"

Built with optimizations disabled (-O0), using GCC 4.3.3 (AVR_Toolchain_3.0_124).

Firmware changes:

  • Guard configuration structure access to avoid rare event resulting in data loss
  • Mark global variables volatile, where accessed between tasks
  • Timeout and reset DMA channels on failure
  • Introduce smart card start up delay to favor internal processes
  • Increased firmware version to v0.55
  • Configuration access refactorization for easier data manipulation

Development:

  • Import project to Atmel Studio 7
  • Allow to build using Makefile
  • Add stub for CMake usage
  • Remove obsolete code
  • Add initial support for stack guard protection

Connected: #98

Tested on:

  • macOS 10.15.2
  • Linux Fedora 32
  • Windows 10 20H2

with:

  • libnitrokey 3.6 (Python test suites; skipped on Windows)
  • Nitrokey App v1.4 (manual test)

For tests firmware was built using GCC 4.3.3 (AVR_Toolchain_3.0_124), -O0.
Firmware upgrade and downgrade tested on the previous latest firmware.

Test suite was modified to account TOTP#15 slot being disabled.

Assets 5
Loading

V0.55: Correct configuration handling

16 Dec 14:39
@szszszsz szszszsz
V0.55_rc1
This tag was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Learn about vigilant mode.
349cf6f
Compare
Choose a tag to compare
V0.55: Correct configuration handling Pre-release
Pre-release

This release focuses on fixing #100 #98 #97. So far during the tests the mentioned have not occurred.

Please check whenever possible.
After the update only the Unencrypted and Encrypted Volumes data will be retained. Password Safe, OTPs and Hidden Volumes will be lost.
Built with optimizations enabled (Os). Possibly increased throughput on the EV/HV (tested 8MBps read, 7MBps write).

GPG signed:

$ gpg2 --verify nitrokey-storage-firmware-linux-V0.55_rc1-g349cf6f.hex.sig
gpg: assuming signed data in 'nitrokey-storage-firmware-linux-V0.55_rc1-g349cf6f.hex'
gpg: Signature made Wed 16 Dec 2020 03:34:49 PM CET
gpg:                using RSA key 868184069239FF65DE0BCD7DD9BAE35991DE5B22
gpg: Good signature from "Szczepan Zalega <szczepan.zalega@gmail.com>" [ultimate]
gpg:                 aka "Szczepan Zalega (Nitrokey) <szczepan@nitrokey.com>" [ultimate]
Assets 4
Loading

V0.54: OTP support improvements

24 Jun 12:05
@szszszsz szszszsz
V0.54
This tag was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Learn about vigilant mode.
0b1ed2d
This commit was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
V0.54: OTP support improvements

This firmware requires Nitrokey App v1.4 to fully operate. Otherwise the OTP slot writing and configuration update will not work.

In this update mostly OTP features are improved. Namely:

Known limitations:

  • Write to the 15th TOTP slot is disabled (until the next firmware) due to a bug - #91;
  • Write to OTP slots in Nitrokey Apps v1.3.2 and older is silently (without a warning to user) disabled due to a modified authorization method (#22). At the moment only Nitrokey App v1.4 can handle it (will be released in coming days). Other features works as usual.

Tested with libnitrokey Nitrokey/libnitrokey@a8028a7 (with TOTP slot count set to 14).

Firmware is signed with szczepan@nitrokey.com, key id:
868184069239FF65DE0BCD7D D9BAE35991DE5B22
(valid until 2020-01-11). ID can be confirmed to be the same with one on the main download site - https://www.nitrokey.com/download.

Assets 4
Loading

Test release for v0.54

18 Mar 19:36
@szszszsz szszszsz
pre-v0.54-2
This tag was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Learn about vigilant mode.
e5e1f5b
Compare
Choose a tag to compare
Test release for v0.54 Pre-release
Pre-release

Test release with features:

  • 320 bit OTP secret
  • 64 bit HOTP counter
  • OS startup HOTP verification

Contains DEBUG measures activated. Not rebased on master yet.

Assets 3
Loading

Fix Windows 1809 communication issue

23 Nov 11:22
@szszszsz szszszsz
V0.53
This tag was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Learn about vigilant mode.
905976e
This commit was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Fix Windows 1809 communication issue

This update fixes Nitrokey App communication issue under Windows 10 1809: NitrokeyApp#392. It is optional for users not using this operating system, or not using the Nitrokey App there. The only change is redefining the HID descriptor, which will make the device to not be identified as a virtual keyboard and allow to connect by non-system applications. As a consequence of removing the virtual keyboard, the 'special key double press OTP insertion' feature will now not work (it might be restored in future firmware versions).

Issue affects only communication with the Nitrokey App. Smart card communication should not be affected.

Firmware is signed with szczepan@nitrokey.com, key id: 868184069239FF65DE0BCD7D D9BAE35991DE5B22 (valid until 2019-01-10). ID can be confirmed with the one on the main download site.

Update instructions

Since the update mode cannot be activated under Windows 10 1809 using the Nitrokey App (due to mentioned issue), we will provide alternative solution to execute the update in the following days. Users of multiple OSes can resort to activating the update on another system.

Assets 5
Loading

Use Admin PIN to change Unencrypted Volume read-only/read-write state

27 Jun 16:59
@szszszsz szszszsz
V0.52
This tag was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Learn about vigilant mode.
9f1c19f
This commit was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Use Admin PIN to change Unencrypted Volume read-only/read-write state

Use Admin PIN to change Unencrypted Volume read-only/read-write state.
This feature requires Nitrokey App v1.3.1 to work.

Firmware is signed with szczepan@nitrokey.com, key id: 868184069239FF65DE0BCD7D D9BAE35991DE5B22. ID can be confirmed with the one on the main download site.

Edit 2018-07-02: Unencrypted Volume is now read-only by default. To change it to read-write please use 'Configuration' sub-menu in Nitrokey App. Older Nitrokey App versions will report, that supplied PIN is invalid, while trying to change the state due to protocol change. Please use v1.3.1 to do so.

Details

Reactivate old commands:

  • ENABLE_ADMIN_READONLY_UNCRYPTED_LUN
  • ENABLE_ADMIN_READWRITE_UNCRYPTED_LUN

Disable:

  • ENABLE_READONLY_UNCRYPTED_LUN
  • ENABLE_READWRITE_UNCRYPTED_LUN

Not changed:

  • ENABLE_ADMIN_READONLY_ENCRYPTED_LUN
  • ENABLE_ADMIN_READWRITE_ENCRYPTED_LUN

New: blinking command

Assets 5
Loading

Handle missing AES key's DO

14 Jun 13:29
@szszszsz szszszsz
V0.51
This tag was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Learn about vigilant mode.
851aa1b
This commit was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Handle missing AES key's DO

Handle missing AES key's DO (data object).
In older firmwares, if the DO was not found, empty AES key was used for encrypting data on Encrypted Volume. Removal of the AES key's DO is only possible by making a factory reset via CCID/smart card interface (e.g. using GnuPG). If the latter was never done or the AES key was regenerated afterwards (e.g. via the device's factory reset or Destroy encrypted data, issued in Nitrokey App), the key has the correct, randomized value and the data are encrypted correctly. New firmware tests for the key correctness and disallow Encrypted Volume unlock, if it is not random.

Update is strongly advised. Please make a backup of your data before proceeding, as they might not be accessible further.

Announcement with the details and an update guide will be sent in a near future. It will mention a new application created lately (for Windows and macOS) to ease the update process - Nitrokey Update Tool.
Please see the commit's messages for the technical details.

Firmware is signed with szczepan@nitrokey.com, key id: 868184069239FF65DE0BCD7D D9BAE35991DE5B22. ID can be confirmed with the one on the download site.

Assets 5
Loading