Nitrokey-app in debian-minimal?

Hey i am hitting a wall trying to do exacly what you have done, i have NitroKey-App installed in sys-usb and gpg --card-status shows the nitro key all is well there, but when ever i load the app it never shows the nitrokey (always disconnected). i have tried added udev rules, any suggestions what i should try next?

Have you sudo usermod -a -G plugdev user?

Yes sir i have,
but if i run groups command i only get user qubes

have you done it in the template?

then shut down the template and restarted the qube?

I actually don’t use the Nitrokey App in daily life and it turns that on debian 11 minimal based templates it also doesn’t work for me anymore. It DOES however work when I run sudo nitrokey-app, which suggests it is a group / permission issue.

I usually only do (split-)gpg and the HOTP at boot time.

i am wanting to more or less do what you had in this post along wiht HOTP, i just tried in the template,
:sudo usermod -a -G plugdev user
:groups
user qubes
vary odd

i also want to suspend to disk if the key is removed but thats a future problem

it wouldn’t show up right away and actually I found that my user wasn’t in the respective group either when I tested. restarting the qube now to test again…

… and yep. Now user is in the plugdev group and it still doesn’t work except if I run sudo nitrokey-app.

Since I don’t actually use it much, that’s as much time as I am willing to invest at this time. But if you figure it out, please share.

i just rebooted, i am now in the group in the template and in vault now
but nitrokey app still no go

even running sudo nitrokey-app its a no go

@Sven k ill see what i can do, this is closer then i was

@Sven did you need to add a udev rule? i have one atm maybe i need to remove it

@Sven did you need to add a udev rule? i have one atm maybe i need to remove it

Nope. All I did was install nitrokey-app and add the user to the plugdev group.

In addition, since this is my vault these packages are installed:

  • qubes-usb-proxy (so I can assign the nitrokey to the vault)

  • qubes-gpg-split + scdaemon, pcscd, libccid, pinentry-gtk2 to allow GPG card function and PIN entry dialog

  • keepassx

  • gnome-calculator (because vault always runs and I bound this one to a keyboard hotkey)

  • qubes-core-agent-passwordless-root

  • qubes-app-shutdown-idle

The last two are installed in all my qubes, even though in vault I do not use the shutdown-idle script. So with all the above I can assign the Nitrokey to my vault and run nitrokey-app with sudo and it works. No udev rules added. So maybe start from scratch with a debian-11-minimal and just apply the above? That should at least give you the ability to run it with sudo.

i did exactly that and still no go,
vary odd and kind of frustrating.

just tried the key on my windows computer fresh buiild windows 10 detects the card fine, run the windows app didnt work

Uh, that sounds like a Nitrokey quality issue then. I recommend contacting them.

yea funny how new hardware these days only half works i should have tried that sooner

@vblimits I split off our conversation from the original thread, linked the original in your first post and moved the whole thing to ‘User Support’. Finally I marked your post about it also not working in Windows as the ‘solution’.

well i am getting told i need to be using libNitroKey 3.6 currently 3.5 go look at that the repo no updates in 20 days and isnt passing build atm. not happy
https://github.com/Nitrokey/libnitrokey

well i just spent an hour trying to build libnitrokey-3.6 and i can not get all the dependencies i am stuck on hidapi-libusb
any ideas?

I would recommend contacting nitrokey support. I had an issue some time back and when I contacted them they didn’t know about it. It was a problem with debian. They were super helpful and solved the problem.

Just a suggestion.

1 Like

So the best solution to use nitrokey in qubes is? Why don’t they have some universal easy solution in debian then? It’s open source… Someone e-mail them and ask them to fix that please.