• Changelog

nitrocli is a program that provides a command line interface for interaction with Nitrokey Pro, Nitrokey Storage, and Librem Key devices.

The following commands are currently supported:

• list: List all attached Nitrokey devices.
• status: Report status information about the Nitrokey.
• lock: Lock the Nitrokey.
• config: Access the Nitrokey's configuration
  • get: Read the current configuration.
  • set: Change the configuration.
• encrypted: Work with the Nitrokey Storage's encrypted volume.
  • open: Open the encrypted volume. The user PIN needs to be entered.
  • close: Close the encrypted volume.
• hidden: Work with the Nitrokey Storage's hidden volume.
  • create: Create a hidden volume.
  • open: Open a hidden volume with a password.
  • close: Close a hidden volume.
• otp: Access one-time passwords (OTP).
  • get: Generate a one-time password.
  • set: Set an OTP slot.
  • status: List all OTP slots.
  • clear: Delete an OTP slot.
• pin: Manage the Nitrokey's PINs.
  • clear: Remove the user and admin PIN from gpg-agent's cache.
  • set: Change the admin or the user PIN.
  • unblock: Unblock and reset the user PIN.
• pws: Access the password safe (PWS).
  • get: Query the data on a PWS slot.
  • set: Set the data on a PWS slot.
  • status: List all PWS slots.
  • clear: Delete a PWS slot.
• unencrypted: Work with the Nitrokey Storage's unencrypted volume.
  • set: Change the read-write mode of the unencrypted volume.

Usage is as simple as providing the name of the respective command as a parameter (note that some commands are organized through subcommands, which are required as well), e.g.:

# Open the nitrokey's encrypted volume.
$ nitrocli storage open

$ nitrocli status
Status:
  model:             Storage
  serial number:     0x00053141
  firmware version:  v0.54
  user retry count:  3
  admin retry count: 3
  Storage:
    SD card ID:        0x05dcad1d
    SD card usage:     24% .. 99% not written
    firmware:          unlocked
    storage keys:      created
    volumes:
      unencrypted:     active
      encrypted:       active
      hidden:          inactive

# Close it again.
$ nitrocli storage close

More examples, a more detailed explanation of the purpose, the potential subcommands, as well as the parameters of each command are provided in the man page.

In addition to Rust itself and Cargo, its package management tool, the following dependencies are required:

• hidapi: In order to provide USB access this library is used.
• GnuPG: The gpg-connect-agent program allows the user to enter PINs.

Packages are available for:

• Arch Linux: nitrocli
• Debian: nitrocli (since Debian Buster)
• Gentoo Linux: app-crypt/nitrocli ebuild
• Ubuntu: nitrocli (since Ubuntu 19.04)

nitrocli is published on crates.io and can directly be installed from there:

$ cargo install nitrocli --root=$PWD/nitrocli

After cloning the repository the build is as simple as running:

$ cargo build --release

It is recommended that the resulting executable be installed in a directory accessible via the PATH environment variable.

Repository comes with a flake.nix file, so it can be run directly: