Factory Reset

(Nitrokey Storage 2 - Linux)

There are two types of factory resets for Nitrokey Storage devices:

  • a factory reset of the OpenPGP smart card, for example using gpg --card-edit, followed by admin and finally: factory-reset
  • a factory reset of the entire Nitrokey device using the Nitrokey App.

Also, it is possible to generate a new AES key that is used to encrypt the Password Safe and the Encrypted Volume without performing a factory reset.


The Nitrokey App always generates a new AES key after performing a factory reset.

The following table describes the differences between these three operations:

Property OpenPGP factory reset Nitrokey factory reset Generate AES key
Requires admin PIN no yes yes
Destroys OpenPGP keys yes yes no
Destroys Password Safe yes [1] yes yes [1]
Destroys One-Time Passwords no yes yes [2]
Destroys Encrypted Volume yes [1] yes [1] yes [1]
[1](1, 2, 3, 4, 5) Clears the encryption key without overwriting the encrypted data.
[2]This is expected to change in new Nitrokey Storage firmware versions.