Skip to content

Releases: Nitrokey/nitrokey-3-firmware

v1.5.0-test.20230605

05 Jun 15:57
v1.5.0-test.20230605
ebe45bf
Compare
Choose a tag to compare
v1.5.0-test.20230605 Pre-release
Pre-release

This update requires pynitrokey v0.4.35 or newer. You can install it with:

$ nitropy nk3 update --version v1.5.0-test.20230605

Functions

Stable

Unstable

v1.5.0

31 May 15:38
v1.5.0
b230f92
Compare
Choose a tag to compare

This update requires pynitrokey v0.4.35 or newer. You can install it with:

$ nitropy nk3 update --version v1.5.0

Functions

Changes

Features

  • Upgrade the secrets function to version 0.11.0, adding support for static passwords, and KeepassXC integration (#278)

Changed

  • Upgrade the OpenPGP function to version 1.1.0, fixing minor specification compliance issues and an unlikely data corruption scenario

Fixed

  • Upgrade ctaphid-dispatch, fixing panics after cancelled operations

v1.4.0

05 May 09:03
v1.4.0
1b846ad
Compare
Choose a tag to compare

This release adds OpenPGP Card functionality to the stable firmware and improves the One-Time Password (OTP) feature.

This update requires pynitrokey v0.4.35 or newer. You can install it with:

$ nitropy nk3 update --version v1.4.0

Known issues

  • To update, you have to use pynitrokey v0.4.35 or newer.

Functions

Changes

Features

  • usbip: Add --efs option to store the external filesystem in a file.
  • Add variant to the status reported by admin-app (#206)
  • fido-authenticator: Limit number of resident credentials to ten (#207)
  • Add opcard to the stable firmware (#100)

Changed

  • Update applications:
    • opcard v1.0.0
    • secrets-app v0.10.0

v1.4.0-rc.2

02 May 12:56
v1.4.0-rc.2
e6537e9
Compare
Choose a tag to compare
v1.4.0-rc.2 Pre-release
Pre-release

This release candidates adds OpenPGP card functionality to the stable firmware and improves the One-Time Password (OTP) feature. Compared to the previous release candidate, it includes a bugfix for overwriting FIDO2 resident keys.

This update requires pynitrokey v0.4.35 or newer. You can install it with:

$ nitropy nk3 update --version v1.4.0-rc.2

Known issues

  • To update, you have to use pynitrokey v0.4.35 or newer.

Functions

Changes

(from v1.4.0-rc.1)

Bugfixes

  • Fix overwriting existing resident FIDO2 credentials (#254)

v1.4.0-rc.1

27 Apr 14:46
v1.4.0-rc.1
b567ac1
Compare
Choose a tag to compare
v1.4.0-rc.1 Pre-release
Pre-release

This release candidates adds OpenPGP card functionality to the stable firmware and improves the One-Time Password (OTP) feature.

This update requires pynitrokey v0.4.35 or newer. You can install it with:

$ nitropy nk3 update --version v1.4.0-rc.1

Known issues

  • To update, you have to use pynitrokey v0.4.35 or newer.
  • There is an issue with overwriting an existing resident FIDO2 key with the same user ID (#254).

Functions

Changes

Features

  • usbip: Add --efs option to store the external filesystem in a file.
  • Add variant to the status reported by admin-app (#206)
  • fido-authenticator: Limit number of resident credentials to ten (#207)
  • Add opcard to the stable firmware (#100)

Changed

  • Update applications:
    • opcard v1.0.0
    • secrets-app v0.10.0

v1.3.1-test.20230417

17 Apr 10:40
v1.3.1-test.20230417
d7425a6
Compare
Choose a tag to compare
v1.3.1-test.20230417 Pre-release
Pre-release
Important
This is a testing Release for the Nitrokey 3. This is NOT intended for production use - make sure you have backups for your keys/logins before updating your Nitrokey.
Please update pynitrokey to v0.4.35 or newer before installing the firmware update.

This testing release adds a PIV functionality. Like OpenPGP functionality, it is considered unstable and only available in testing releases. Please report any issue you encounter.

You can flash the test firmware with:

nitropy nk3 update --version v1.3.1-test.20230417

You can always update back to the stable firmware using:

nitropy nk3 update

Functions

stable

unstable

Changed

  • Opcard data was moved to external flash and gained additional encryption of user data
  • Opcard now supports RSA 3072
  • PIV is now available.

v1.3.1

06 Apr 08:59
v1.3.1
081191e
Compare
Choose a tag to compare

This release adds support for One-Time Passwords (OTP).

This update requires pynitrokey v0.4.35 or newer.

Warning: On Nitrokey 3A Mini devices, the internal filesystem will be migrated during the update.

  • Migration will only work if your internal filesystem does not contain more than 45 Resident Keys. If you have more please remove some before updating.
  • After the update it might take up to 3 minutes for the first boot.

Never unplug the device while the LED is active!

Known issues

  • To update, you have to use pynitrokey v0.4.35 or newer.
  • For the Nitrokey 3A Mini, see the migration warning above.
  • If you have used One-Time Passwords in the alpha firmware, you should reset it before updating.
  • Directly after the update, nitropy nk3 test or nitropy nk3 status may report an IFS or EFS error. This is expected and should be fixed by rebooting the device. Please open an issue or contact support if the error still occurs after a reboot.
  • This firmware does not include the OpenPGP Card. We will release a new v1.3.1 alpha version with OpenPGP Card soon. It is not possible to downgrade to an old alpha after installing this firmware.

Functions

Changed

Features

  • Add secrets app (#186), implementing OTP functionality
  • Return full version in status command (#172)
  • Return storage information in status command (#183)
  • Reduce risk of data loss by adding journaling to the internal flash (#160)

Changed

  • LPC55: use the embedded runner (#97)

Bugfixes

  • Use upstream usbd-ccid, including fixed panics and compatibility issues (#164)
  • Improve compatibility of FIDO (#180)
  • Fix a panic with ctaphid (#184)

v1.3.0

31 Mar 13:36
v1.3.0
2e035ca
Compare
Choose a tag to compare
v1.3.0 Pre-release
Pre-release

This release is currently in internal testing, signed binaries to be used with nitropy will be uploaded within the next days

This release adds support for One-Time Passwords (OTP) via the Secrets App.

This update requires pynitrokey v0.4.35 or newer.

Warning: On Nitrokey 3 Mini devices, the internal filesystem will be migrated during the update.

  • Migration will only work if your internal filesystem does not contain more than 45 Resident Keys. If you have more please remove some.
  • After the update it might take up to 3 minutes for the first boot.

Never unplug the device while the LED is active!

Known issues

  • To update, you have to use pynitrokey v0.4.35 or newer.
  • For the Nitrokey 3 Mini, see the migration warning above.
  • If you have used the OTP app in the alpha firmware, you should reset it before updating.
  • Directly after the update, nitropy nk3 test or nitropy nk3 status may report an IFS or EFS error. This is expected and should be fixed by rebooting the device. Please open an issue or contact support if the error still occurs after a reboot.

Applications

Changed

Features

  • Add secrets app (#186), implementing OTP functionality
  • Return full version in status command (#172)
  • Return storage information in status command (#183)
  • Reduce risk of data loss by adding journaling to the internal flash (#160)

Changed

  • LPC55: use the embedded runner (#97)

Bugfixes

  • Use upstream usbd-ccid, including fixed panics and compatibility issues (#164)
  • Improve compatibility of FIDO (#180)
  • Fix a panic with ctaphid (#184)

v1.3.0-alpha.20230320

20 Mar 10:08
v1.3.0-alpha.20230320
ad0c374
Compare
Choose a tag to compare
v1.3.0-alpha.20230320 Pre-release
Pre-release
Important
This is an Alpha Release for the Nitrokey 3. This is NOT intended for production use - make sure you have backups for your keys/logins before updating your Nitrokey.
Please update pynitrokey to v0.4.34 or newer before installing the firmware update.

To flash the alpha firmware, download the correct firmware image and update with:

nitropy nk3 update <downloaded-file>

You can always update back to the stable firmware using:

nitropy nk3 update

Warning: On Nitrokey 3 Mini devices, the internal filesystem will be migrated during the update (unless you already installed v1.3.0-rc.1).

  • Migration will only work if your internal filesystem does not contain more than 45 Resident Keys. If you have more please remove some.
  • After the update it might take up to 3 minutes for the first boot.

Never unplug the device while the LED is active!

Please use these files together with pynitrokey for updating:

Known issues

  • To update, it is recommended to use pynitrokey v0.4.34 or newer.
  • For the Nitrokey 3 Mini, see the migration warning above.

Applications

stable

alpha

Changes

This alpha release combines the changes from v1.3.0-rc.1 with the OpenPGP card functionality.

v1.3.0-rc.1

13 Mar 15:47
v1.3.0-rc.1
a6e4c91
Compare
Choose a tag to compare
v1.3.0-rc.1 Pre-release
Pre-release

This is the first release candidate with support for the secrets app (OTP).

Please update pynitrokey to v0.4.34 or newer before installing the firmware update.

To flash the RC firmware, download the correct firmware image and update with:

nitropy nk3 update <downloaded-file>

Warning: On Nitrokey 3 Mini devices, the internal filesystem will be migrated during the update.

  • Migration will only work if your internal filesystem does not contain more than 45 Resident Keys. If you have more please remove some.
  • After the update it might take up to 3 minutes for the first boot.

Never unplug the device while the LED is active!

Known issues

  • To update, it is recommended to use pynitrokey v0.4.34 or newer.
  • For the Nitrokey 3 Mini, see the migration warning above.
  • If you have used the OTP app in the alpha firmware, you should reset it before updating
  • The firmware reports version v1.3.0-rc1 but the correct version is v1.3.0-rc.1
  • This firmware does not include the OpenPGP application. We will release a new v1.3.0 alpha version with OpenPGP soon. It is not possible to downgrade to a v1.2.2 alpha after installing this firmware.

Applications

Changed

Features

  • Add secrets app (#186), implementing OTP functionality
  • Return full version in status command (#172)
  • Return storage information in status command (#183)
  • Reduce risk of data loss by adding journaling to the internal flash (#160)

Changed

  • LPC55: use the embedded runner (#97)

Bugfixes

  • Use upstream usbd-ccid, including fixed panics and compatibility issues (#164)
  • Improve compatibility of FIDO (#180)
  • Fix a panic with ctaphid (#184)