There are two types of factory resets for Nitrokey Storage devices:
- a factory reset of the OpenPGP smart card, for example using
gpg --card-edit, followed by
- a factory reset of the entire Nitrokey device using the Nitrokey App.
Also, it is possible to generate a new AES key that is used to encrypt the Password Safe and the Encrypted Volume without performing a factory reset.
The Nitrokey App always generates a new AES key after performing a factory reset.
The following table describes the differences between these three operations:
|Property||OpenPGP factory reset||Nitrokey factory reset||Generate AES key|
|Requires admin PIN||no||yes||yes|
|Destroys OpenPGP keys||yes||yes||no|
|Destroys Password Safe||yes ||yes||yes |
|Destroys One-Time Passwords||no||yes||yes |
|Destroys Encrypted Volume||yes ||yes ||yes |
|||(1, 2, 3, 4, 5) Clears the encryption key without overwriting the encrypted data.|
|||This is expected to change in new Nitrokey Storage firmware versions.|