Nitropy Nitrokey GmbH
winget install --id=NitrokeyGmbH.Nitropy -e A command line interface for the Nitrokey FIDO2, Nitrokey Start, Nitrokey 3 and NetHSM.
Nitropy is a command-line interface tool designed to manage and interact with Nitrokey FIDO2, Nitrokey Start, Nitrokey 3, and NetHSM devices. It provides essential functionality for securely managing cryptographic operations and device configurations.
Key features of Nitropy include support for multiple Nitrokey device types, secure management of cryptographic operations, the ability to switch identities on Nitrokey Start devices, seamless integration into existing workflows via a command-line interface, compatibility across Linux, macOS, and Windows operating systems, and installation via winget.
Ideal for IT professionals, developers, system administrators, and security teams, Nitropy enhances security by enabling secure management of cryptographic operations. It improves efficiency with its CLI-based approach, simplifies device management across different environments, and reduces complexity in identity switching for Nitrokey Start devices.
README
pynitrokey
A command line interface for the Nitrokey FIDO2, Nitrokey Start, Nitrokey 3 and NetHSM.
Quickstart
$ pipx install pynitrokey
$ nitropy --help
Documentation
The user documentation for the nitropy CLI is available on docs.nitrokey.com. See also the product documentation for more information on the available commands:
Switching Nitrokey Start identities
Alternative MI switching method
pynitrokey installation is not always possible, hence describing below alternative method to change the Identity on the Nitrokey Start. It suffices to have any CCID application installed, and send the following APDU 00 85 00 {ID} (hex), where ID is in range [0;2]. After receiving this command Nitrokey Start will reboot with the selected identity.
Here is how to do it using GnuPG:
# Setting ID to 2
$ gpg-connect-agent --hex "scd apdu 00 85 00 02" /bye
ERR 65539 Unknown version in packet
# Alternative error messsage
ERR 65572 Bad certificate
The error message here is expected due to immediate reboot of the device, and with losing the connection.
When the ID change is attempted to be done immediately, the following response could be received:
ERR 100663406 Card removed
To restore the communication, either kill the gpg-agent or run gpg --card-status again.
Tip: alternative gpg-connect-agent reloadagent /bye is not sufficient.
Compatibility
nitropy requires Python 3.10 or later.
Development
Information for developers and contributors can be found in the Developer Guide.
Contributors
pynitrokey development has been supported by these contributors:
Maintainers
Current maintainers can be found in MAINTAINERS.md file.
License
pynitrokey is licensed under either of
- Apache License, Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
at your option.
pynitrokey also contains code originating from these projects:
- gnuk by NIIBE Yutaka, GPL-3.0-or-later
- libnitrokey by Nitrokey GmbH, LGPL-3.0-only
- solo1-cli by SoloKeys Developers, Apache-2.0 or MIT
For more information, see the SDPX license headers in each file.