The multiple identites feature allows to use 3 virtual smart cards in place of one, giving bigger flexibility in the every day use, as well as separation between user identities (business, personal etc.) or even allowing usage of it for more than one user (PINs are separate).
All of the smart cards have separate data objects, meaning they all could have different keys, certificates stored, and PINs set. Identities do not intereact between each other.
This means each identity needs to be resetted on its own.
Old versions (below 1.2.5) of the firmware might need special treatment (see below). Usage —–
To change the identity it suffices to send a custom CCID command. This could be achieved with
Connect your Nitrokey Start and verify that it got recognized.
$ nitropy start list *** Nitrokey tool for Nitrokey FIDO2 & Nitrokey Start :: 'Nitrokey Start' keys: FSIJ-1.2.15-87042524: Nitrokey Nitrokey Start (RTM.10)
Change the identity, by replacing
$ nitropy start set-identity <ID> *** Nitrokey tool for Nitrokey FIDO2 & Nitrokey Start Trying to set identity to <ID>4 device has reset, and should now have the new identity
$ gpg --card-edit` -> admin -> factory-reset
This will reset the current identity. To reset all identitites the following needs to be done:
$ nitropy start set-identity 2` $ gpg --card-edit` -> admin -> factory-reset $ nitropy start set-identity 1` $ gpg --card-edit` -> admin -> factory-reset $ nitropy start set-identity 0` $ gpg --card-edit` -> admin -> factory-reset
It deletes all keys, pins, configurations and meta data associated with the respective identity.
This step is optional with new firmware.. You can add a reset code which enable the reset of the User PIN (not the Admin PIN). For older Firmware it is recommended since it is needed to reset the device (see below)
If and only if the device is not blocked (PIN wasn’t typed in wrong too often) you can use the same procedure as in newer firmware (see above). You need the reset code to unblock device or you can not use the device anymore!