Reasons for resetting to factory settings¶
- Your Nitrokey is locked (e.g. due to multiple incorrect PIN entries)
- You have installed an operating system yourself (e.g. after changing the hard disk)
- Your operating system does not start
- Connect any USB flash drive to the NitroPad. (You need that USB flash drive for saving your security key)
- Connect your Nitrokey to the NitroPad.
- Turn on the NitroPad.
- Select “Options”.
- Select “OEM-Factory Reset”.
- Confirm the “OEM Factory Reset” with “Continue”.
- You will be asked if you want to set the User and Admin/TPM PIN yourself. You press Enter to continue without changing the PINs.
- You will then be asked if manual user information should be added. You confirm with ‘y’ and enter your name and then the email address.
Would you like to set a custom password?[y/N]: Would you like to set custom user Information for the GnPG key?[y/N]: y Please enter the following Information... Real name: "your name" Email adress: "your email-adress" Comment: Checking for USB media... New value of PCR: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx [ xx.xxxxxx] sd 6:0:0:0: [sdb] No Caching mode page found [ xx.xxxxxx] sd 6:0:0:0: [sdb] Assuming drive cache: write through Checking for GPG Key... Detecting and setting boot device... Boot device set to /dev/sda1 Resetting TPM... Resetting GPG Key... (this will take a minute or two)
- If you are using Nitrokey storage, you must then select the drive. If the drives /dev/sdb1, /dev/sdc, /dev/sdd1 are displayed, select /dev/sdd1. If the drives /dev/sdb1, /dev/sdc1, /dev/sdd are displayed, select /dev/sdb1.
- The rest of the configuration will be done automatically. You confirm the subsequent restart.
- After the restart the OTP secret must be created. Confirm the process with Enter.
- Confirm that new OTP Secrets should be created.
- When prompted, enter the Admin PIN and TPM password. Both are by default: “12345678”.
- You should then reach the Start menu.
- Press Enter to start the “Default Boot”.
If you see the message that no default exists yet, please follow the procedure described in “Troubleshooting: Default Boot Menu”.
- Once the operating system starts until the encryption password is requested, you are done.
- Finally, copy the public PGP key from the data stick to your computer, e.g. to use it for e-mail encryption.