Setting KDF-DO¶
(Nitrokey Start - macOS)
At the moment it is only possible to set the KDF-DO, when the Nitrokey Start is empty (just after a factory reset).
Overview¶
Run factory reset
Set up KDF-DO using GnuPG
Change Admin PIN (optional; without keys only Admin PIN change is possible)
Import / generate keys
Change User and Admin PIN
Setting KDF-DO using GnuPG¶
Run gpg2 –card-edit
$ admin
$ kdf-setup
Enter Admin PIN
Verify current state state by looking at the card details (gpg2 –card-status), where KDF setting ……: on should be visible, e.g.:
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 0
KDF setting ......: on
Signature key ....: [none]
Tested with¶
gpg (GnuPG) 2.2.20 / 2.2.25
Nitrokey Start RTM.10
Curve 25519 keys