v1.3.0-rc.1

This is the first release candidate with support for the secrets app (OTP).

Please update pynitrokey to v0.4.34 or newer before installing the firmware update.

To flash the RC firmware, download the correct firmware image and update with:

nitropy nk3 update <downloaded-file>

Warning: On Nitrokey 3 Mini devices, the internal filesystem will be migrated during the update.

• Migration will only work if your internal filesystem does not contain more than 45 Resident Keys. If you have more please remove some.
• After the update it might take up to 3 minutes for the first boot.

Never unplug the device while the LED is active!

Known issues

• To update, it is recommended to use pynitrokey v0.4.34 or newer.
• For the Nitrokey 3 Mini, see the migration warning above.
• If you have used the OTP app in the alpha firmware, you should reset it before updating
• The firmware reports version v1.3.0-rc1 but the correct version is v1.3.0-rc.1
• This firmware does not include the OpenPGP application. We will release a new v1.3.0 alpha version with OpenPGP soon. It is not possible to downgrade to a v1.2.2 alpha after installing this firmware.

Applications

• admin-app v0.1.0-nitrokey.2
• fido-authenticator v0.1.1 (FIDO2)
• secrets v0.8.0 (OTP)

Changed

Features

• Add secrets app (#186), implementing OTP functionality
• Return full version in status command (#172)
• Return storage information in status command (#183)
• Reduce risk of data loss by adding journaling to the internal flash (#160)

Changed

• LPC55: use the embedded runner (#97)

Bugfixes

• Use upstream usbd-ccid, including fixed panics and compatibility issues (#164)
• Improve compatibility of FIDO (#180)
• Fix a panic with ctaphid (#184)

v1.2.2-alpha.20230224

This is an Alpha Release for the Nitrokey 3. This is NOT intended for production use, make sure you have backups for your keys/logins before updating your Nitrokey.

To flash the alpha firmware, download the correct firmware image and update with:

nitropy nk3 update <downloaded-file>

You can always update back to the stable firmware using:

nitropy nk3 update

Please use these files together with pynitrokey for updating:

• NK3A Mini: alpha-nk3am-nrf52-v1.2.2-alpha.20230224.zip
• NK3 A/C NFC: alpha-nk3xn-lpc55-v1.2.2-alpha.20230224.sb2

Known issues:

• The first boot after the firmware update can take longer than usual (up to 20 seconds). This can cause the update command to fail with an error message (Device not found). If this is the case, please wait for one minute and then run nitropy nk3 list. The updated device should now show up.
• If you used the OTP feature with the last alpha release v1.2.2-alpha.20221130, you have to reset the OTP application before the update by running nitropy nk3 otp reset. Otherwise all OTP commands will hang after the update. In this case, you have to go back to the last alpha, run the reset, and then update again.

Changes:

• Report the full firmware version and add a device status indicator
• opcard updated to v0.3.0
  • bugfixes and improved compatibility with OpenSC, see the opcard changelog
• otp updated to v0.6.0 (requires pynitrokey v0.4.33 or later):
  • encrypt data stored on the flash
  • add user presence checks
  • improve stability

v1.2.2-alpha.20221130

This is an Alpha Release for the Nitrokey 3. This is NOT intended for production use, make sure you have backups for your keys/logins before updating your Nitrokey.

To flash the alpha firmware, download the correct firmware image and update with:

nitropy nk3 update <downloaded-file>

You can always update back to the stable firmware using:

nitropy nk3 update

Known issues:

• Updating from a previous alpha release will require a factory reset of the OpenPGP smartcard application after the firmware update.
  This can be done using by installing OpenSC and running the following command:

  opensc-tool -s 00:A4:04:00:06:D2:76:00:01:24:01:00 -s 00:E6:00:00  -s 00:44:00:00
  

  This selects the OpenPGP application on the card and then resets it. Warning: unplug any other OpenPGP smartcard before running this command. Please make sure you have at least libccid version: 1.5.0 otherwise Nitrokey 3 won't work through CCID.

Changes:

• Supporting all Nitrokey 3 devices now (Nitrokey 3A NFC, Nitrokey 3C NFC, Nitrokey 3A Mini)
• opcard updated to v0.2.0
  • now including RSA support
  • only 2048bit keys can be generated
• otp first release v0.3.0
  • create/get/delete OTPs (TOTP & HOTP)
  • use pynitrokey for manage/use the OTPs

Please use these files together with pynitrokey for updating:

• NK3A Mini: https://github.com/Nitrokey/nitrokey-3-firmware/releases/download/v1.2.2-alpha.20221130/alpha-nk3am-nrf52-v1.2.2-alpha.20221130.zip
• NK3 A/C NFC: https://github.com/Nitrokey/nitrokey-3-firmware/releases/download/v1.2.2-alpha.20221130/alpha-nk3xn-lpc55-v1.2.2-alpha.20221130.sb2

v1.2.2-alpha.20221125

This release is currently in internal testing, signed binaries to be used with nitropy will be uploaded within the next days
Found another bug, fixed and directly releasing another Alpha...

Alpha Release v1.2.2 + opcard.0.2.0 + oath.0.3.0

The release files have been removed, we are investigating a reported issue...

Release v1.2.2

This release contains additional internal tests.
v1.2.1 was skipped due to an incorrectly determined (bug)fix.

Bugfixes

• change fido-authenticator version from 0.1 to 0.1.1 (not needed, to be reverted) (#87)

Features

• add proper Reboot::is_locked for nRF52 (#89)
• add i2c/se050 test to LPC55 (panicks in provisioner mode) (#90)

v1.2.0

This release contains various bugfixes and stability improvements.

Bugfixes

• fido-authenticator: Return an error instead of panicking if the credential ID is too long (#49)
• Implement CCID abort handling, fixing an issue where GnuPG would stall for up to a minute on the first operation if a Nitrokey 3 is connected and recognized as a CCID device (#22)
• fido-authenticator: Fix handling of U2F commands over NFC (fido-authenticator#18)
• interchange: Fix unsound usage of UnsafeCell (interchange#4)
• Improve APDU handling (iso7816#4, iso7816#5, apdu-dispatch#5)
• Update all dependencies

v1.1.0

This release adds support for the NRF52 MCU, changes the LED color to red on panics and allows the user to skip the additional user presence check for the first FIDO2 operation within two seconds after boot.

Features

• embedded runner to allow building for different SoCs from within a common code-base
• Change the LED color to red on panics (#52)
• Skip the additional user presence check for the first Get Assertion or Authenticate request within two seconds after boot (#61)

v1.1.0-rc.1

This is the first official nRF52 release(candidate) for the Nitrokey 3A Mini.

Features

• embedded runner to allow building for different SoCs from within a common code-base
• This pre-release only includes binaries for the nRF52
• All features from the v1.0.4 release are included
• Change the LED color to red on panics (#52)
• Skip the additional user presence check for the first Get Assertion or Authenticate request within two seconds after boot (#61)

v1.0.4

This release improves compatibility with Windows 10 and with OpenSSH and changes the LED patterns.

Features

• Change the LED patterns so that the LED is off by default and blinks white during a user confirmation request or when winking (#34)
• Add a single white LED blink for 0.5 seconds after startup (#34)
• Support retrieval of OpenSSH resident keys (#48)

Bugfixes

• Improve stability of FIDO2 operations on Windows 10 (#54)