Official NixOS Wiki

Nitrokey: Difference between revisions

← Older edit
Lilly (talk | contribs)
2 edits
VisualWikitext
Klinger (talk | contribs)
trusted
946 edits
Tags: Mobile edit Mobile web edit
Lilly (talk | contribs)
2 edits
add cli applications for nitrokey storage and nitrokey pro
 
(8 intermediate revisions by 5 users not shown)
Line 1: Line 1:
This article describes how you can use your [https://www.nitrokey.com Nitrokey] [[Wikipedia:Nitrokey|Nitrokey]] with NixOS
<languages/>


<translate>
This article describes how you can use your [[Wikipedia:Nitrokey|Nitrokey]] with NixOS.
There are multiple variants of Nitrokeys, with the newest being the "Nitrokey 3". Different products support different security operations like FIDO2, One-Time-Passwords and S/MIME and OpenPGP key handling <ref>https://en.wikipedia.org/wiki/Nitrokey#Technical_features</ref>.
</translate>
<translate>
==Installation==
==Installation==
You also want to add the nitrokey udev rules and enable the gpg agent
 
While Nitrokey devices operate via USB (a standard port & protocol), to use it in a meaningful way, udev rules need to be added to the system to make the USB device available to regular users.
</translate>
 
<translate>
===Shell===
 
Depending on your Nitrokey device, there are different CLI applications to interact with it.
 
* {{nixos:package|nitrocli}} (CLI) and {{nixos:package|nitrokey-app}} (GUI) for ''Nitrokey Pro'' and ''Nitrokey Storage''
* {{nixos:package|pynitrokey}} (CLI) and {{nixos:package|nitrokey-app2}} (GUI) for ''Nitrokey 3''.
 
{{info|You will not be able to interact with Nitrokey devices unless you include appropriate udev rules on your system or have elevated privileges.}}
 
</translate>
 
<translate>
===System Setup===
 
To make Nitrokey devices usable by regular users, enable the appropriate hardware option.
This will set up correct udev rules.
</translate>
 
{{code|lang=nix|1=hardware.nitrokey.enable = true;}}
 
<translate>
== Tips and Tricks ==
 
=== GPG Support ===
 
{{expand|scope=Section|What exactly do these options do and which functionality does that enable for your nitrokey device?}}
 
<syntaxHighlight lang=nix>
<syntaxHighlight lang=nix>
services.udev.packages = [ pkgs.nitrokey-udev-rules ];
programs = {
programs = {
   ssh.startAgent = false;
   ssh.startAgent = false;
Line 13: Line 50:
};
};
</syntaxHighlight>
</syntaxHighlight>
</translate>
<translate>
=== KeePassXC ===
[https://keepassxc.org/ KeePassXC] supports securing a password database with Nitrokey hardware tokens. The [https://docs.nitrokey.com/software/nk-app2/keepassxc official Nitrokey documentation] has details on how a Nitrokey device must be set up to work with KeePassXC.
However, some NixOS Options should be set to make it work:
</translate>
{{code|lang=nix|1=
services.pcscd.enable = true;
environment.systemPackages = [ pkgs.nitrokey-app2 ];
}}
<translate>
==References==
<references/>
</translate>
<translate>
<!--T:4-->
[[Category:Hardware]]
</translate>
Retrieved from "https://wiki.nixos.org/wiki/Nitrokey"