Releases: Nitrokey/nitrokey-3-firmware
v1.5.0-test.20230605
This update requires pynitrokey v0.4.35 or newer. You can install it with:
$ nitropy nk3 update --version v1.5.0-test.20230605
Functions
Stable
- admin-app v0.1.0-nitrokey.2
- fido-authenticator v0.1.1-nitrokey.4 (FIDO2)
- secrets v0.11.0 (OTP and Passwords)
- opcard v1.1.0 (OpenPGP)
Unstable
- piv-authenticator v0.3.1
v1.5.0
This update requires pynitrokey v0.4.35 or newer. You can install it with:
$ nitropy nk3 update --version v1.5.0
Functions
- admin-app v0.1.0-nitrokey.2
- fido-authenticator v0.1.1-nitrokey.4 (FIDO2)
- secrets v0.11.0 (OTP and Passwords)
- opcard v1.1.0 (OpenPGP)
Changes
Features
- Upgrade the secrets function to version 0.11.0, adding support for static passwords, and KeepassXC integration (#278)
Changed
- Upgrade the OpenPGP function to version 1.1.0, fixing minor specification compliance issues and an unlikely data corruption scenario
Fixed
- Upgrade ctaphid-dispatch, fixing panics after cancelled operations
v1.4.0
This release adds OpenPGP Card functionality to the stable firmware and improves the One-Time Password (OTP) feature.
This update requires pynitrokey v0.4.35 or newer. You can install it with:
$ nitropy nk3 update --version v1.4.0
Known issues
- To update, you have to use
pynitrokey
v0.4.35 or newer.
Functions
- admin-app v0.1.0-nitrokey.2
- fido-authenticator v0.1.1-nitrokey.4 (FIDO2)
- secrets v0.10.0 (OTP)
- opcard v1.0.0 (OpenPGP)
Changes
Features
- usbip: Add
--efs
option to store the external filesystem in a file. - Add variant to the status reported by admin-app (#206)
- fido-authenticator: Limit number of resident credentials to ten (#207)
- Add opcard to the stable firmware (#100)
Changed
- Update applications:
- opcard v1.0.0
- secrets-app v0.10.0
v1.4.0-rc.2
This release candidates adds OpenPGP card functionality to the stable firmware and improves the One-Time Password (OTP) feature. Compared to the previous release candidate, it includes a bugfix for overwriting FIDO2 resident keys.
This update requires pynitrokey v0.4.35 or newer. You can install it with:
$ nitropy nk3 update --version v1.4.0-rc.2
Known issues
- To update, you have to use
pynitrokey
v0.4.35 or newer.
Functions
- admin-app v0.1.0-nitrokey.2
- fido-authenticator v0.1.1-nitrokey.4 (FIDO2)
- secrets v0.10.0 (OTP)
- opcard v1.0.0 (OpenPGP)
Changes
(from v1.4.0-rc.1)
Bugfixes
- Fix overwriting existing resident FIDO2 credentials (#254)
v1.4.0-rc.1
This release candidates adds OpenPGP card functionality to the stable firmware and improves the One-Time Password (OTP) feature.
This update requires pynitrokey v0.4.35 or newer. You can install it with:
$ nitropy nk3 update --version v1.4.0-rc.1
Known issues
- To update, you have to use
pynitrokey
v0.4.35 or newer. - There is an issue with overwriting an existing resident FIDO2 key with the same user ID (#254).
Functions
- admin-app v0.1.0-nitrokey.2
- fido-authenticator v0.1.1-nitrokey.3 (FIDO2)
- secrets v0.10.0 (OTP)
- opcard v1.0.0 (OpenPGP)
Changes
Features
- usbip: Add
--efs
option to store the external filesystem in a file. - Add variant to the status reported by admin-app (#206)
- fido-authenticator: Limit number of resident credentials to ten (#207)
- Add opcard to the stable firmware (#100)
Changed
- Update applications:
- opcard v1.0.0
- secrets-app v0.10.0
v1.3.1-test.20230417
Important |
---|
This is a testing Release for the Nitrokey 3. This is NOT intended for production use - make sure you have backups for your keys/logins before updating your Nitrokey. |
Please update pynitrokey to v0.4.35 or newer before installing the firmware update. |
This testing release adds a PIV functionality. Like OpenPGP functionality, it is considered unstable and only available in testing releases. Please report any issue you encounter.
You can flash the test firmware with:
nitropy nk3 update --version v1.3.1-test.20230417
You can always update back to the stable firmware using:
nitropy nk3 update
Functions
stable
- admin-app v0.1.0-nitrokey.2
- fido-authenticator v0.1.1-nitrokey.1 (FIDO2)
- secrets v0.9.0 (OTP)
unstable
Changed
- Opcard data was moved to external flash and gained additional encryption of user data
- Opcard now supports RSA 3072
- PIV is now available.
v1.3.1
This release adds support for One-Time Passwords (OTP).
This update requires pynitrokey v0.4.35 or newer.
Warning: On Nitrokey 3A Mini devices, the internal filesystem will be migrated during the update.
- Migration will only work if your internal filesystem does not contain more than 45 Resident Keys. If you have more please remove some before updating.
- After the update it might take up to 3 minutes for the first boot.
Never unplug the device while the LED is active!
Known issues
- To update, you have to use
pynitrokey
v0.4.35 or newer. - For the Nitrokey 3A Mini, see the migration warning above.
- If you have used One-Time Passwords in the alpha firmware, you should reset it before updating.
- Directly after the update,
nitropy nk3 test
ornitropy nk3 status
may report an IFS or EFS error. This is expected and should be fixed by rebooting the device. Please open an issue or contact support if the error still occurs after a reboot. - This firmware does not include the OpenPGP Card. We will release a new v1.3.1 alpha version with OpenPGP Card soon. It is not possible to downgrade to an old alpha after installing this firmware.
Functions
- admin-app v0.1.0-nitrokey.2
- fido-authenticator v0.1.1 (FIDO2)
- secrets v0.9.0 (OTP)
Changed
Features
- Add secrets app (#186), implementing OTP functionality
- Return full version in status command (#172)
- Return storage information in status command (#183)
- Reduce risk of data loss by adding journaling to the internal flash (#160)
Changed
- LPC55: use the embedded runner (#97)
Bugfixes
v1.3.0
This release is currently in internal testing, signed binaries to be used with nitropy will be uploaded within the next days
This release adds support for One-Time Passwords (OTP) via the Secrets App.
This update requires pynitrokey v0.4.35 or newer.
Warning: On Nitrokey 3 Mini devices, the internal filesystem will be migrated during the update.
- Migration will only work if your internal filesystem does not contain more than 45 Resident Keys. If you have more please remove some.
- After the update it might take up to 3 minutes for the first boot.
Never unplug the device while the LED is active!
Known issues
- To update, you have to use
pynitrokey
v0.4.35 or newer. - For the Nitrokey 3 Mini, see the migration warning above.
- If you have used the OTP app in the alpha firmware, you should reset it before updating.
- Directly after the update,
nitropy nk3 test
ornitropy nk3 status
may report an IFS or EFS error. This is expected and should be fixed by rebooting the device. Please open an issue or contact support if the error still occurs after a reboot.
Applications
- admin-app v0.1.0-nitrokey.2
- fido-authenticator v0.1.1 (FIDO2)
- secrets v0.8.0 (OTP)
Changed
Features
- Add secrets app (#186), implementing OTP functionality
- Return full version in status command (#172)
- Return storage information in status command (#183)
- Reduce risk of data loss by adding journaling to the internal flash (#160)
Changed
- LPC55: use the embedded runner (#97)
Bugfixes
v1.3.0-alpha.20230320
Important |
---|
This is an Alpha Release for the Nitrokey 3. This is NOT intended for production use - make sure you have backups for your keys/logins before updating your Nitrokey. |
Please update pynitrokey to v0.4.34 or newer before installing the firmware update. |
To flash the alpha firmware, download the correct firmware image and update with:
nitropy nk3 update <downloaded-file>
You can always update back to the stable firmware using:
nitropy nk3 update
Warning: On Nitrokey 3 Mini devices, the internal filesystem will be migrated during the update (unless you already installed v1.3.0-rc.1
).
- Migration will only work if your internal filesystem does not contain more than 45 Resident Keys. If you have more please remove some.
- After the update it might take up to 3 minutes for the first boot.
Never unplug the device while the LED is active!
Please use these files together with pynitrokey for updating:
- NK3A Mini: alpha-nk3am-nrf52-v1.3.0-alpha.20230320.zip
- NK3 A/C NFC: alpha-nk3xn-lpc55-v1.3.0-alpha.20230320.sb2
Known issues
- To update, it is recommended to use
pynitrokey
v0.4.34 or newer. - For the Nitrokey 3 Mini, see the migration warning above.
Applications
stable
- admin-app v0.1.0-nitrokey.2
- fido-authenticator v0.1.1 (FIDO2)
- secrets v0.8.0 (OTP)
alpha
- opcard v0.3.0 (OpenPGP)
Changes
This alpha release combines the changes from v1.3.0-rc.1 with the OpenPGP card functionality.
v1.3.0-rc.1
This is the first release candidate with support for the secrets app (OTP).
Please update pynitrokey to v0.4.34 or newer before installing the firmware update.
To flash the RC firmware, download the correct firmware image and update with:
nitropy nk3 update <downloaded-file>
Warning: On Nitrokey 3 Mini devices, the internal filesystem will be migrated during the update.
- Migration will only work if your internal filesystem does not contain more than 45 Resident Keys. If you have more please remove some.
- After the update it might take up to 3 minutes for the first boot.
Never unplug the device while the LED is active!
Known issues
- To update, it is recommended to use
pynitrokey
v0.4.34 or newer. - For the Nitrokey 3 Mini, see the migration warning above.
- If you have used the OTP app in the alpha firmware, you should reset it before updating
- The firmware reports version
v1.3.0-rc1
but the correct version isv1.3.0-rc.1
- This firmware does not include the OpenPGP application. We will release a new v1.3.0 alpha version with OpenPGP soon. It is not possible to downgrade to a v1.2.2 alpha after installing this firmware.
Applications
- admin-app v0.1.0-nitrokey.2
- fido-authenticator v0.1.1 (FIDO2)
- secrets v0.8.0 (OTP)
Changed
Features
- Add secrets app (#186), implementing OTP functionality
- Return full version in status command (#172)
- Return storage information in status command (#183)
- Reduce risk of data loss by adding journaling to the internal flash (#160)
Changed
- LPC55: use the embedded runner (#97)