[Gnuk-users] factory-reset

Jan Suhr jan at nitrokey.com
Tue Oct 11 07:58:19 UTC 2016


Dear Niibe!
As you know we provide Nitrokey Start which is flashed with Gnuk 1.0. In 
general its working fine except one issue: Once all PINs are locked the 
device can't be reset easily. In consequence users who face this issue 
(and who usually don't want to flash the device themself) needs to 
return the device to us. Of course not all users are experts so that 
unfortunately many users are facing this issue.

If in the future we ship the more attractive Gnuk 1.2 I'm afraid that 
even more users will block their device. From my perspective it would be 
much better if Gnuk behaves like original OpenPGP Card which can be 
factory-reset without any PIN. Of course you have your good reasons to 
built Gnuk as it is. Perhaps it would be a solution to provide a 
compilation option to enable/disable device reset?

Alternatively: I don't know the end-to-end use case for the reset code. 
Is it desired for enterprise scenarios where the company provides Gnuk 
devices to their employee? What I have in mind is: Would it be an option 
to change reset code so that it could trigger a factory-reset?

Please let me know what you think.

Best regards,
Jan



More information about the gnuk-users mailing list