OpenPGP Touch Confirmation (UIF)¶
Compatible Nitrokeys |
|||||||
---|---|---|---|---|---|---|---|
✓ active |
⨯ inactive |
⨯ inactive |
⨯ inactive |
⨯ inactive |
⨯ inactive |
⨯ inactive |
⨯ inactive |
The Nitrokey 3 OpenPGP Card functionality supports touch button confirmations (so called User Interaction Flags, UIF) when performing cryptographic key operations. It can be configured separately for each operation (Signature, Decryption and Authentication).
UIF supports 3 modes:
Disabled: The device never prompts for user presence, which is the default behaviour
Enabled: The device always prompts for user presence
Permanentaly Enabled: Behaves like Enabled, but can only be reverted to Disabled through a factory-reset
Configuration¶
With GnuPG 2.3 or more recent:
$ gpg --card-edit
…
UIF setting ......: Sign=off Decrypt=off Auth=off
…
gpg/card> admin
Then, set the UIF flag accordingly:
For signature operation:
uif 1 on
oruif 1 off
or withuif 1 permanent
.For decryption operation:
uif 2 on
oruif 2 off
oruif 2 permanent
.For authentication operation:
uif 3 on
oruif 3 off
oruif 3 permanent
.