Delete AES keys of Nitrokey Storage after reset

If smartcard Nitrokey Storage was factory-reset, we delete AES keys on it as well. Explaination: After oem-factory-reset was started the AES on the Nitrokey Storage that is used for the encrypted volume and the password safe is is not usable anymore because the smart card was factory-reset. To make it usable, a user needs to delete it via Nitrokey App. By doing so, the HOTP secret is deleted as well, resulting in a bad warning in Heads. Therefore, we are resetting AES key right after factory-reset with hotp_verification
2024-12-19 04:57:55 +00:00 · 2020-06-30 18:29:42 +02:00 · 2020-06-30 18:29:42 +02:00 · 30236ffbaa
commit 30236ffbaa
parent e0f0655b5d
1 changed files with 4 additions and 0 deletions
--- a/initrd/bin/oem-factory-reset
+++ b/initrd/bin/oem-factory-reset
@ -70,6 +70,10 @@ gpg_key_reset()
        ERROR=`cat /tmp/gpg_card_edit_output`
        whiptail_error_die "GPG Key factory reset failed!\n\n$ERROR"
    fi
+    # If NK Storage is inserted, reset AES keys as well
+    if [ ! $(lsusb | grep -q "20a0:") ] &&  [ -x /bin/hotp_verification ] ; then
+	/bin/hotp_verification regenerate ${ADMIN_PIN_DEF}
+    fi
    # Generate OEM GPG keys
    {
        echo admin