Skip to content

Releases: Nitrokey/nitrokey-3-firmware

v1.7.2-test.20240813

13 Aug 12:02
@nitrokey-ci nitrokey-ci
v1.7.2-test.20240813
This tag was signed with the committer’s verified signature.
sosthene-nitrokey
GPG key ID: 36DA48A4C827B354
Learn about vigilant mode.
553fff1
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.7.2-test.20240813 Pre-release
Pre-release

Features

  • fido-authenticator: Implement the largeBlobKey extension and the largeBlobs command (fido-authenticator#38)
  • OpenPGP: add support for additional curves when using the se050 backend: (#524)
    • NIST P-384
    • NIST P-521
    • brainpoolp256r1
    • brainpoolp384r1
    • brainpoolp512r1

Fixes

Assets 14
Loading

v1.7.2-test.20240808

08 Aug 09:43
@nitrokey-ci nitrokey-ci
v1.7.2-test.20240808
This tag was signed with the committer’s verified signature.
sosthene-nitrokey
GPG key ID: 36DA48A4C827B354
Learn about vigilant mode.
30cc5fc
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.7.2-test.20240808 Pre-release
Pre-release

This release is currently in internal testing, signed binaries to be used with nitropy will be uploaded within the next days

Assets 13
Loading

v1.7.2-test.20240625

25 Jun 15:22
@nitrokey-ci nitrokey-ci
v1.7.2-test.20240625
This tag was signed with the committer’s verified signature.
sosthene-nitrokey
GPG key ID: 36DA48A4C827B354
Learn about vigilant mode.
3fd83c9
This commit was signed with the committer’s verified signature.
robin-nitrokey Robin Krahl
GPG key ID: 34F47D2F044B8F17
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.7.2-test.20240625 Pre-release
Pre-release

Bugfixes

  • PIV: Fix incompatibility with Windows Logon (#516)
Assets 14
Loading

v1.7.2

11 Jun 18:25
@nitrokey-ci nitrokey-ci
v1.7.2
This tag was signed with the committer’s verified signature.
robin-nitrokey Robin Krahl
GPG key ID: 34F47D2F044B8F17
Learn about vigilant mode.
e633e13
This commit was signed with the committer’s verified signature.
robin-nitrokey Robin Krahl
GPG key ID: 34F47D2F044B8F17
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.7.2 Latest
Latest

Bugfixes

  • fido-authenticator: Fix incompatibility when enumerating resident keys with libfido2/ssh-agent (#496)
  • Ensure that an application reset erases all relevant objects on the secure element (trussed-se050-backend#30)
Assets 14

v1.7.1

06 May 18:53
@nitrokey-ci nitrokey-ci
v1.7.1
This tag was signed with the committer’s verified signature.
robin-nitrokey Robin Krahl
GPG key ID: 34F47D2F044B8F17
Learn about vigilant mode.
f22e6e3
This commit was signed with the committer’s verified signature.
robin-nitrokey Robin Krahl
GPG key ID: 34F47D2F044B8F17
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.7.1

Bugfixes

Known Issues

  • ssh-agent cannot access the resident key used for SSH logins with firmware versions v1.7.0 and v1.7.1. This will be fixed in v1.7.2. (#496)

Notes

This release is not compatible with any Nitrokey/Nitropad HEADS versions before v2.5. To use this firmware version together with HEADS you strictly need to use a Nitropad firmware release v2.5+. For upstream HEADS this is any commit after this version was released.

Assets 14
Loading

v1.7.0

24 Apr 10:00
@nitrokey-ci nitrokey-ci
v1.7.0
This tag was signed with the committer’s verified signature.
robin-nitrokey Robin Krahl
GPG key ID: 34F47D2F044B8F17
Learn about vigilant mode.
6e122a2
This commit was signed with the committer’s verified signature.
robin-nitrokey Robin Krahl
GPG key ID: 34F47D2F044B8F17
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.7.0

This release adds SE050 support to opcard, updates fido-authenticator to support CTAP 2.1 and introduces app and device factory reset.

Features

  • Report errors when loading the configuration during initialization and disable opcard if an error occured (#394)
  • Fix LED during user presence check for NK3AM (#93)
  • fido-authenticator: Implement CTAP 2.1
  • OpenPGP: fix locking out after an aborted factory-reset operation (#443)
  • Add an SE050 driver and its tests (#335)
  • Use SE050 entropy to bootstrap the random number generator (#335)
  • Enable SE050 support in OpenPGP by default (#471)
  • Support app and device factory reset (#383, #479)

Known Issues

  • ssh-agent cannot access the resident key used for SSH logins with firmware versions v1.7.0 and v1.7.1. This will be fixed in v1.7.2. (#496)

Notes

  • When upgrading from the test firmware release v1.6.0-test.20231218, OpenPGP keys will not be retained after the update if the opcard.use_se050_backend config option has been set to true.
Assets 14
Loading

v1.7.0-rc.3

16 Apr 15:51
@nitrokey-ci nitrokey-ci
v1.7.0-rc.3
This tag was signed with the committer’s verified signature.
robin-nitrokey Robin Krahl
GPG key ID: 34F47D2F044B8F17
Learn about vigilant mode.
08dec77
This commit was signed with the committer’s verified signature.
robin-nitrokey Robin Krahl
GPG key ID: 34F47D2F044B8F17
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.7.0-rc.3 Pre-release
Pre-release

Features

  • Support app and device factory reset (#383, #479)

Notes

  • When upgrading from the test firmware release v1.6.0-test.20231218, OpenPGP keys will not be retained after the update if the opcard.use_se050_backend config option has been set to true.
Assets 14
Loading

v1.7.0-rc.2

12 Apr 14:26
@nitrokey-ci nitrokey-ci
v1.7.0-rc.2
This tag was signed with the committer’s verified signature.
robin-nitrokey Robin Krahl
GPG key ID: 34F47D2F044B8F17
Learn about vigilant mode.
8f13f7e
This commit was signed with the committer’s verified signature.
robin-nitrokey Robin Krahl
GPG key ID: 34F47D2F044B8F17
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.7.0-rc.2 Pre-release
Pre-release

Features

  • Add an SE050 driver and its tests (#335)
  • Use SE050 entropy to bootstrap the random number generator (#335)
  • Enable SE050 support in OpenPGP by default (#471)

Notes

  • When upgrading from the test firmware release v1.6.0-test.20231218, OpenPGP keys will not be retained after the update if the opcard.use_se050_backend config option has been set to true.
Assets 14
Loading

v1.7.0-rc.1

06 Mar 12:32
@nitrokey-ci nitrokey-ci
v1.7.0-rc.1
This tag was signed with the committer’s verified signature.
robin-nitrokey Robin Krahl
GPG key ID: 34F47D2F044B8F17
Learn about vigilant mode.
107971a
This commit was signed with the committer’s verified signature.
robin-nitrokey Robin Krahl
GPG key ID: 34F47D2F044B8F17
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.7.0-rc.1 Pre-release
Pre-release

Changelog

Features

  • Report errors when loading the configuration during initialization and disable opcard if an error occured (#394)
  • Fix LED during user presence check for NK3AM (#93)
  • fido-authenticator: Implement CTAP 2.1
  • OpenPGP: fix locking out after an aborted factory-reset operation (#443)
Assets 14
Loading

v1.6.0-test.20231218

18 Dec 13:27
@nitrokey-ci nitrokey-ci
v1.6.0-test.20231218
This tag was signed with the committer’s verified signature.
sosthene-nitrokey
GPG key ID: 36DA48A4C827B354
Learn about vigilant mode.
90362e0
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.6.0-test.20231218 Pre-release
Pre-release

This update requires pynitrokey v0.4.35 or newer. You can install it with:

$ nitropy nk3 update --version v1.6.0-test.20231218

Changes

(since v1.6.0-test.20231206)

Opcard (OpenPGP): Add experimental configuration option to enable the SE050 secure element backend. This can be done, with pynitrokey v0.4.44: nitropy nk3 set-config opcard.use_se050_backend true.

This will cause a factory-reset of opcard data. On older versions of nitropy, the command may work but will require a power cycle of the device before opcard is functional.

This new backend will increase the security of PIN protected operations. It will also improve the performance of cryptographic operation, especially RSA. This means that when the secure element backend is enabled, RSA 4096 bit keys can now be generated on-device.

Fixed

  • Piv: Fixed generation of RSA keys.

Functions

Stable

Unstable

Assets 14
Loading