Skip to content

Handle missing AES key's DO
Compare
Choose a tag to compare
@szszszsz szszszsz released this 14 Jun 13:29
· 202 commits to master since this release
V0.51
This tag was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Learn about vigilant mode.
851aa1b
This commit was signed with the committer’s verified signature. The key has expired.
szszszsz Szczepan Zalega
GPG key ID: D9BAE35991DE5B22
Expired
Learn about vigilant mode.

Handle missing AES key's DO (data object).
In older firmwares, if the DO was not found, empty AES key was used for encrypting data on Encrypted Volume. Removal of the AES key's DO is only possible by making a factory reset via CCID/smart card interface (e.g. using GnuPG). If the latter was never done or the AES key was regenerated afterwards (e.g. via the device's factory reset or Destroy encrypted data, issued in Nitrokey App), the key has the correct, randomized value and the data are encrypted correctly. New firmware tests for the key correctness and disallow Encrypted Volume unlock, if it is not random.

Update is strongly advised. Please make a backup of your data before proceeding, as they might not be accessible further.

Announcement with the details and an update guide will be sent in a near future. It will mention a new application created lately (for Windows and macOS) to ease the update process - Nitrokey Update Tool.
Please see the commit's messages for the technical details.

Firmware is signed with szczepan@nitrokey.com, key id: 868184069239FF65DE0BCD7D D9BAE35991DE5B22. ID can be confirmed with the one on the download site.

Assets 5
Loading