From 1629c9d21d0b58e80763345883e0966147028459 Mon Sep 17 00:00:00 2001 From: Markus Meissner Date: Tue, 27 Jan 2026 15:19:07 +0100 Subject: [PATCH] extensions: faq has title in new line for translation support --- source/_ext/faq_item.py | 16 +++--- source/components/nethsm/faq.rst | 12 ++-- source/components/nextbox/faq/generic.rst | 36 ++++++++---- source/components/nextbox/faq/hardware.rst | 30 ++++++---- source/components/nextbox/faq/nextcloud.rst | 27 ++++++--- .../components/nextbox/faq/remote-access.rst | 21 ++++--- source/components/nextbox/faq/software.rst | 18 ++++-- source/components/nitrokeys/fido2/faq.rst | 18 ++++-- source/components/nitrokeys/hsm/faq.rst | 51 +++++++++++------ source/components/nitrokeys/nitrokey3/faq.rst | 51 +++++++++++------ source/components/nitrokeys/passkey/faq.rst | 24 +++++--- source/components/nitrokeys/pro/faq.rst | 48 ++++++++++------ source/components/nitrokeys/start/faq.rst | 33 +++++++---- source/components/nitrokeys/storage/faq.rst | 57 ++++++++++++------- source/components/nitropad-nitropc/faq.rst | 12 ++-- source/components/nitrophone/faq.rst | 33 +++++++---- source/components/nitrowall/faq-opnsense.rst | 15 +++-- source/components/nitrowall/nw750/faq.rst | 3 +- 18 files changed, 335 insertions(+), 170 deletions(-) diff --git a/source/_ext/faq_item.py b/source/_ext/faq_item.py index a832b92762..d94e5fc5f9 100644 --- a/source/_ext/faq_item.py +++ b/source/_ext/faq_item.py @@ -15,9 +15,8 @@ class FAQItem(SphinxDirective): """ has_content = True - required_arguments = 1 - optional_arguments = 30 - final_argument_whitespace = True + required_arguments = 0 + optional_arguments = 0 option_spec = { "class": directives.class_option, } @@ -33,16 +32,19 @@ def _make_slug(self, s: str) -> str: def run(self) -> list[nodes.Node]: + # question is the first line of the body content + question = self.content[0] + # remaining content is the answer + answer_content = self.content[2:] + answer_offset = self.content_offset + 2 + # answer (block content) content = nodes.container() # ... parse - self.state.nested_parse(self.content, self.content_offset, content) + self.state.nested_parse(answer_content, answer_offset, content) answer = nodes.definition("", *content.children) # ... assemble a_item = nodes.definition_list_item("", answer) - - # question: - question = " ".join(self.arguments) # ... get slug slug = self._make_slug(question) # ... get formatted text diff --git a/source/components/nethsm/faq.rst b/source/components/nethsm/faq.rst index aaad24f110..d5b99107ab 100644 --- a/source/components/nethsm/faq.rst +++ b/source/components/nethsm/faq.rst @@ -1,15 +1,18 @@ Frequently Asked Questions (FAQ) ================================ -.. faq:: Is NetHSM FIPS or Common Criteria certified? +.. faq:: + Is NetHSM FIPS or Common Criteria certified? Not yet but we are aiming for certifications in the future. Please contact us if you are interested in supporting these efforts. -.. faq:: Which protections against physical tampering are in place? +.. faq:: + Which protections against physical tampering are in place? NetHSM is sealed which allows to detect physical tampering. It contains a TPM which is protected against physical tampering. The TPM is the root of trust and securely stores cryptographic keys which are used to encrypt and decrypt further data and keys in the NetHSM. This protects against booting malicious firmware and software and decrypting data and keys being stored. The current NetHSM doesn't contain additional sensors to detect tampering. -.. faq:: Where can I learn more about NetHMS's security architecture and implementation? +.. faq:: + Where can I learn more about NetHMS's security architecture and implementation? Start with the chapters Getting Started, Administration and Operations. Proceed with the following resources. @@ -18,7 +21,8 @@ Frequently Asked Questions (FAQ) * `Full source code `_ * Physical random number generator (TRNG) of quality PTG.3 according to AIS-20: `hardware `_, `firmware `_ -.. faq:: Roadmap: Which features are planned? +.. faq:: + Roadmap: Which features are planned? Work in progress: diff --git a/source/components/nextbox/faq/generic.rst b/source/components/nextbox/faq/generic.rst index 3f2a36354a..ca45afc041 100644 --- a/source/components/nextbox/faq/generic.rst +++ b/source/components/nextbox/faq/generic.rst @@ -1,7 +1,8 @@ Generic FAQ =========== -.. faq:: What to do if my NextBox doesn't start? +.. faq:: + What to do if my NextBox doesn't start? If your NextBox doesn't start correctly or you have some other problem using it, chances are a soft reset can fix it: @@ -15,28 +16,33 @@ Generic FAQ ability to help you might be limited if you changed your system configuration using for example ssh. -.. faq:: How can I factory-reset my NextBox? +.. faq:: + How can I factory-reset my NextBox? Press the hardware button for 5 seconds, see :doc:`../technical/factory-reset`. To press the button use a thin (~1mm) pin like a smartphone sim-card tray removal device. -.. faq:: What do the different LED colors mean? +.. faq:: + What do the different LED colors mean? The detailed document can be found here: :doc:`../technical/led-colors` -.. faq:: Can the inital setup be done using a monitor & keyboard? +.. faq:: + Can the inital setup be done using a monitor & keyboard? No, this is not possible as the regular login is disabled on delivery. Please connect the the NextBox to a network and access the NextBox using `nextbox.local`_ or the IP directly. -.. faq:: What is the typical power consumption? +.. faq:: + What is the typical power consumption? The minimum of 0,6A (3W) is rarely reached, in idle mostly around 1A (5W) and more than 2A (10W) under higher loads. -.. faq:: How secure is the NextBox? +.. faq:: + How secure is the NextBox? Debian with frequent `unattended-upgrades` based security updates, a minimal attack surface by ensuring that not a single unneccessary port is open @@ -45,39 +51,45 @@ Generic FAQ 2-Factor-Authentification supported login method with e.g., a Nitrokey FIDO2.** -.. faq:: What do all the ssh-related "warnings" mean? +.. faq:: + What do all the ssh-related "warnings" mean? Once you set up your ssh-access, you make yourself technically responsible for your NextBox. We do provide help as good as we can as goodwill, but under the line we cannot provide generic Linux-administration support outside of the intended NextBox use-cases. -.. faq:: Can I mirror my NextBox onto another NextBox? +.. faq:: + Can I mirror my NextBox onto another NextBox? This translates to a cluster setup, which is considered an (paid) enterprise solution by Nextcloud. The details, especially data consistency and collision handling, are far from trivial to realize. Nevertheless, we also see demand for more sophisticated backup solutions and will address this issue. -.. faq:: What to do to run/install/fix Nextcloud App "XYZ"? Why does Nextcloud feature XYZ not work? +.. faq:: + What to do to run/install/fix Nextcloud App "XYZ"? Why does Nextcloud feature XYZ not work? Generally we cannot help in detail for these topics. Nextcloud internals and apps are out-of-scope for the NextBox development as we use the stock Docker images provided by Nextcloud. Ultimately, if some NextBox/OS configuration is blocking an app to run properly we for sure will look into fixing it. -.. faq:: Can I connect/use the NextBox using WiFi? +.. faq:: + Can I connect/use the NextBox using WiFi? No, currently this is not (easily) possible, only wired ethernet using RJ-45 is available. -.. faq:: Is the WiFi on the Raspberry PI 4B physically available and working? +.. faq:: + Is the WiFi on the Raspberry PI 4B physically available and working? Yes, physically the WiFi is available and working, but not used/managed by the NextBox App. If you know what you are doing you can configure and use it, if works although being inside the NextBox casing. -.. faq:: How can I access my NextBox, if I get forwarded to the wrong URL? +.. faq:: + How can I access my NextBox, if I get forwarded to the wrong URL? You should open an incognito window and use: ``https://`` or ``http://`` keep in mind that using HTTPS once in this browser session will not allow you to use HTTP again in this session, diff --git a/source/components/nextbox/faq/hardware.rst b/source/components/nextbox/faq/hardware.rst index 0d1933fc95..1ff825dc9d 100644 --- a/source/components/nextbox/faq/hardware.rst +++ b/source/components/nextbox/faq/hardware.rst @@ -4,7 +4,8 @@ Hardware FAQ -.. faq:: Why must I not connect external hard-drives without an external power-supply to my NextBox? +.. faq:: + Why must I not connect external hard-drives without an external power-supply to my NextBox? The Raspberry Pi 4 Model B can only supply 1.2A of power through USB (see `RPi Power Supply `__). @@ -13,7 +14,8 @@ Hardware FAQ external power supply can lead to an unreliable power supply for the internal hard-drive, thus potential data loss. -.. faq:: Where can I find an external hard-drive with its own power supply? +.. faq:: + Where can I find an external hard-drive with its own power supply? The smaller form factors (2.5'' and smaller) for external hard-drives mostly come without an additional power supply. For these, *a USB Hub with an @@ -22,43 +24,50 @@ Hardware FAQ thus we recommend external 3.5'' hard-drives, which are nearly always externally powered. -.. faq:: Why does my USB device / hub not work, if connected to the NextBox? +.. faq:: + Why does my USB device / hub not work, if connected to the NextBox? There are some devices and especially USB3 hubs that are known to not work properly with the Raspberry PI 4B, please see this `USB Documentation`_ from Raspberry. On top of that also make sure the USB device is working in general by connecting it to another computer (best case: Linux) and verify that it works. -.. faq:: Why does my hard-drive not show up after plugging it in? +.. faq:: + Why does my hard-drive not show up after plugging it in? Please make sure that you are using one of the supported filesystems (e.g., ext, xfs) and you have mounted your hard-drive within *Storage Management*. -.. faq:: Can I generally extend the NextBox using a USB hard-drive? +.. faq:: + Can I generally extend the NextBox using a USB hard-drive? Yes, this is possible, please make sure you are using a hard-drive, which has an external power supply. Once connected you can mount the hard-drive using the NextBox *Storage Management* and include it into Nextcloud file-management using the `External storage support`_ app. -.. faq:: What functions does the additional "shield" provide? +.. faq:: + What functions does the additional "shield" provide? As of now the shield does provide a :doc:`status LED <../technical/led-colors>`, a hardware button to :doc:`factory reset <../technical/factory-reset>` and an additional USB Type-C connector on the same side as the Ethernet port for power supply exclusively. -.. faq:: Is the NextBox hardware extendable/replaceable? +.. faq:: + Is the NextBox hardware extendable/replaceable? Yes, all NextBox components can be easily replaced. None of the components are glued or somehow permanently assembled. Using a Phillips screwdriver you can disassemble and re-assemble the NextBox easily. Keep in mind that you are doing this at your own risk. -.. faq:: What are the two USB Type-C ports used for? +.. faq:: + What are the two USB Type-C ports used for? Both USB Type-C ports are exclusively for power supply and can not be used for data transfer. Do not connect two power supplies, please just use one of both to power your NextBox. -.. faq:: Which fan should I install? +.. faq:: + Which fan should I install? **There is absolutely no need for a fan, the NextBox is designed to work without an active cooling**. Although if the NextBox is used for additional tasks (it's still a Linux), we have @@ -67,7 +76,8 @@ Hardware FAQ the outputs are not controlled yet by the NextBox daemon, so this is also something you would have to do by yourself. -.. faq:: Can I upgrade the NextBox' RAM size? +.. faq:: + Can I upgrade the NextBox' RAM size? No, the Raspberry PI 4B has the RAM component soldered onto the mainboard, thus it cannot be replaced/extended. diff --git a/source/components/nextbox/faq/nextcloud.rst b/source/components/nextbox/faq/nextcloud.rst index 97e27cdd99..f4a476bc8a 100644 --- a/source/components/nextbox/faq/nextcloud.rst +++ b/source/components/nextbox/faq/nextcloud.rst @@ -1,52 +1,61 @@ Nextcloud FAQ ============= -.. faq:: What to do to run/install/fix Nextcloud App "XYZ"? Why does Nextcloud feature XYZ not work? +.. faq:: + What to do to run/install/fix Nextcloud App "XYZ"? Why does Nextcloud feature XYZ not work? Generally we cannot help in detail for these topics. Nextcloud internals and apps are out-of-scope for the NextBox development as we use the stock Docker images provided by Nextcloud. Ultimately, if some NextBox/OS configuration is blocking an app to run properly we for sure will look into fixing it. -.. faq:: Why does Nitrokey currently not recommend to use OnlyOffice or Collabora Office on the NextBox? +.. faq:: + Why does Nitrokey currently not recommend to use OnlyOffice or Collabora Office on the NextBox? The state of these Nextcloud apps is not yet mature (for ARM platforms). Although it is (partly) possible to install them we do not recommend doing so currently. -.. faq:: Why does updating Nextcloud from inside Nextcloud not work? +.. faq:: + Why does updating Nextcloud from inside Nextcloud not work? The Nextcloud version is rolled out by us. Thus the option to update from inside Nextcloud is not working. -.. faq:: Can I add apps to the Nextcloud instance? +.. faq:: + Can I add apps to the Nextcloud instance? Yes, the Nextcloud app store is available and any app available there can be installed through the Nextcloud web frontend. -.. faq:: My Nextcloud instance is stuck in "Maintenance Mode", how can I switch it off? +.. faq:: + My Nextcloud instance is stuck in "Maintenance Mode", how can I switch it off? To *force exit* the Nextcloud "Maintenance Mode", you can push the hardware button **shortly, once**. The NextBox will then switch-off the maintenance mode. Please avoid this, if possible. -.. faq:: Why am I getting a permission warning for ``/var/www/html/custom_apps/nextbox`` inside the Nextcloud settings overview? +.. faq:: + Why am I getting a permission warning for ``/var/www/html/custom_apps/nextbox`` inside the Nextcloud settings overview? This is a "feature". The NextBox Nextcloud App is installed on the system with the Debian nextbox package. To avoid an accidental deletion of the NextBox Nextcloud App from within the Nextcloud app management, the stated directory can not be written by Nextcloud, this is what Nextcloud is complaining about here. -.. faq:: How can I run Nextcloud's `occ`? +.. faq:: + How can I run Nextcloud's `occ`? As Nextcloud is running inside a Docker container, you need to be root and execute the following: ``docker exec -it -u www-data nextbox-compose_app_1 /var/www/html/occ`` -.. faq:: What to do about missing php-modules like `imagemagick`? +.. faq:: + What to do about missing php-modules like `imagemagick`? Similar to Apache, PHP is also provided by the Nextcloud container, therefore as we are using the stock Nextcloud container this will also only be resolved once this is resolved by the Nextcloud Team. -.. faq:: Why is my Nextcloud not loading properly, instead I get a white page and a `.htaccess` error? +.. faq:: + Why is my Nextcloud not loading properly, instead I get a white page and a `.htaccess` error? This usually is an indication that the OS has unmounted/detached the internal hard-drive due to an low-power-incident. Please make sure you read and diff --git a/source/components/nextbox/faq/remote-access.rst b/source/components/nextbox/faq/remote-access.rst index 57d6b3388f..32425da048 100644 --- a/source/components/nextbox/faq/remote-access.rst +++ b/source/components/nextbox/faq/remote-access.rst @@ -1,7 +1,8 @@ Remote Access FAQ ================= -.. faq:: What is the correct WebDAV URL? +.. faq:: + What is the correct WebDAV URL? The full URL to use for WebDAV is: ``https://my.domain.tld/remote.php/webdav/``, there have been reports that @@ -9,7 +10,8 @@ Remote Access FAQ ``https://my.domain.tld/remote.php/dav/files/USERNAME`` with *USERNAME* being the username you would like to use. -.. faq:: Can I access my Nextcloud instance using WebDAV? +.. faq:: + Can I access my Nextcloud instance using WebDAV? Yes, please see `Nextcloud WebDAV documentation`_ for a complete overview. A simple mount for unix-like systems might look like this: ``mount -t davfs @@ -17,13 +19,15 @@ Remote Access FAQ that the ``davfs2`` package is installed. For Windows please additionally read these :doc:`docs <../clients/windows>`. -.. faq:: Why does my Android smartphone's browser not open: ``http://nextbox.local`` +.. faq:: + Why does my Android smartphone's browser not open: ``http://nextbox.local`` As of today the technology needed to use ``.local`` URLs is not supported by various (stock) Android browser(s). The mechanism is based on ``mDNS``. One possible workaround is to use a 3rd party app like BonjourBrowser to discover all mDNS services in your network. -.. faq:: Why does accessing my NextBox using: ``http://nextbox.local`` not work? +.. faq:: + Why does accessing my NextBox using: ``http://nextbox.local`` not work? There are several other reasons why the access using ``http://nextbox.local`` may not work, further known scenarios are: @@ -31,7 +35,8 @@ Remote Access FAQ * Using a Fritz!Box with the NextBox being connected via a LAN port and the client/browser is connected to the network via WiFI (WLAN), the Fritz!Box will block mDNS. -.. faq:: I followed all guides and still cannot acquire the TLS certificate, what can I do? +.. faq:: + I followed all guides and still cannot acquire the TLS certificate, what can I do? The reason a TLS certificate cannot be acquired is nearly always the fact that your NextBox is not reachable from the internet. Make sure you have followed @@ -42,7 +47,8 @@ Remote Access FAQ your router and thus blocking the traffic on port(s) 80 and/or 443. Switch them off and retry acquiring your TLS certificate. -.. faq:: Why is my reachability with IPv4 not working? +.. faq:: + Why is my reachability with IPv4 not working? If you have properly set up :doc:`port forwarding <../remote/port-forwarding>` and IPv4 connections (reachability test) are still not working there are good @@ -56,7 +62,8 @@ Remote Access FAQ connections**, which should enable full bi-directional traffic for IPv4 and IPv6. -.. faq:: Why do some devices fail to connect for my IPv6 configured NextBox? +.. faq:: + Why do some devices fail to connect for my IPv6 configured NextBox? Sadly, still not all ISPs and mobile-network providers (smartphones) do have full IPv6 support activated. This means, if your NextBox is configured for IPv6 diff --git a/source/components/nextbox/faq/software.rst b/source/components/nextbox/faq/software.rst index a9070482de..cdb3c55300 100644 --- a/source/components/nextbox/faq/software.rst +++ b/source/components/nextbox/faq/software.rst @@ -1,34 +1,40 @@ Software FAQ ============ -.. faq:: What kind of public key is expected for SSH access? +.. faq:: + What kind of public key is expected for SSH access? An openssh style (public) key is expected. Depending on your operating system there are different ways to determine your public key. One might be ``ssh-add -L``, another might be ``cat ~/.ssh/id_rsa.pub``. If you are using Putty, please see the `Putty documentation`_. -.. faq:: Can the operating system be extended or configured manually? +.. faq:: + Can the operating system be extended or configured manually? Yes, you can set up ssh access through the NextBox Nextcloud app. Afterwards you can access your NextBox using ssh and you can do with the system whatever you want. Obviously we will only provide support for the NextBox stock configuration. -.. faq:: Where can I see a changelog for the NextBox versions? +.. faq:: + Where can I see a changelog for the NextBox versions? Currently only here: `Launchpad NextBox`_ -.. faq:: How can I update the Operating System? +.. faq:: + How can I update the Operating System? There is no need to update the NextBox OS by hand. This is done using ``unattended-upgrades`` and on top the *nextbox-daemon* will check for upgrades manually (as a redundant fallback solution) on every start. You are free to update your OS by hand using ``apt``, if you know what you are doing. -.. faq:: Is the NextBox running a 32bit or 64bit operating system? +.. faq:: + Is the NextBox running a 32bit or 64bit operating system? The used OS is a 64bit system. The ``arch`` output: `aarch64`. -.. faq:: Which users and default passwords are created by default on the NextBox's operating system? +.. faq:: + Which users and default passwords are created by default on the NextBox's operating system? There is not one single default password set on any (system) user. The only non-system user created is named ``nextuser``, without a default password. The only way to access the NextBox is using ``ssh`` diff --git a/source/components/nitrokeys/fido2/faq.rst b/source/components/nitrokeys/fido2/faq.rst index 45b80b3a8e..c60b890b13 100644 --- a/source/components/nitrokeys/fido2/faq.rst +++ b/source/components/nitrokeys/fido2/faq.rst @@ -1,15 +1,18 @@ Nitrokey FIDO2 FAQ ================== -.. faq:: Which Operating Systems are supported? +.. faq:: + Which Operating Systems are supported? Windows, Linux, and Mac OS X. Also some support (FIDO2) for Android. -.. faq:: What can I use the Nitrokey for? +.. faq:: + What can I use the Nitrokey for? See the `overview `__ of supported use cases. -.. faq:: What happens if I lose my FIDO device? +.. faq:: + What happens if I lose my FIDO device? When securing accounts using FIDO (two-factor authentication and passwordless login), you should configure another factor in your account as @@ -18,15 +21,18 @@ Nitrokey FIDO2 FAQ can still log in with the second Nitrokey FIDO2 (or with another second factor). -.. faq:: How large is the storage capacity? +.. faq:: + How large is the storage capacity? The Nitrokey FIDO2 doesn't contain storage capability for ordinary data (it can only store cryptographic keys). -.. faq:: How many keys can my Nitrokey FIDO2 store? +.. faq:: + How many keys can my Nitrokey FIDO2 store? It can store up to 50 passkeys also known as discoverable credentials and an unlimited number of non-discoverable credentials. -.. faq:: How to use Nitrokey FIDO2 with Azure Entra ID (Active Directory)? +.. faq:: + How to use Nitrokey FIDO2 with Azure Entra ID (Active Directory)? After `disabling Enforce Attestation `__ Nitrokey is supported by Azure Entra ID out of the box. diff --git a/source/components/nitrokeys/hsm/faq.rst b/source/components/nitrokeys/hsm/faq.rst index ab3512000c..de10f2a4c1 100644 --- a/source/components/nitrokeys/hsm/faq.rst +++ b/source/components/nitrokeys/hsm/faq.rst @@ -1,15 +1,18 @@ Nitrokey HSM FAQ ================ -.. faq:: Which Operating Systems are supported? +.. faq:: + Which Operating Systems are supported? Windows, Linux and macOS. -.. faq:: What can I use the Nitrokey for? +.. faq:: + What can I use the Nitrokey for? See the `overview `__ of supported use cases. -.. faq:: What is the maximum length of the PIN? +.. faq:: + What is the maximum length of the PIN? Nitrokey uses PINs instead of passwords. The main difference is that the hardware limits the amount of tries to three while a limit doesn't exist for @@ -21,7 +24,8 @@ Nitrokey HSM FAQ OpenSC, 32 character long PINs can be used but aren't supported by Nitrokey App. -.. faq:: What is the User PIN for? +.. faq:: + What is the User PIN for? The PIN is at least 6-digits long and is used to get access to the content of the Nitrokey. This is the PIN you will use a lot in @@ -32,7 +36,8 @@ Nitrokey HSM FAQ PIN attempts were done, it is sufficiently secure to only have a 6 digits PIN. -.. faq:: What is the SO PIN for? +.. faq:: + What is the SO PIN for? The SO PIN is used in the Nitrokey HSM only and is something like a "master" PIN with special properties. Please read `these instructions `__ carefully @@ -40,7 +45,8 @@ Nitrokey HSM FAQ The SO PIN has to be exactly 16 digits long. -.. faq:: How many data objects (DF, EF) can be stored? +.. faq:: + How many data objects (DF, EF) can be stored? 76 KB EEPROM total, that can be used for @@ -49,11 +55,13 @@ Nitrokey HSM FAQ * max. 19 x RSA-4096 keys or * max. 38 x RSA-2048 keys -.. faq:: How many keys can I store? +.. faq:: + How many keys can I store? Nitrokey HSM can store 20 RSA-2048 and 31 ECC-256 key pairs. -.. faq:: How fast is encryption and signing? +.. faq:: + How fast is encryption and signing? * Key generation on-card: RSA 2048: 2 per minute * Key generation on-card: ECC 256: 10 per minute. @@ -62,12 +70,14 @@ Nitrokey HSM FAQ * Signature creation with on-card SHA-256 and 1 kb data: RSA 2048; 68 per minute * Signature creation with on-card SHA-256 and 1 kb data: ECDSA 256: 125 per minute -.. faq:: How can I distinguish a Nitrokey HSM 1 from an Nitrokey HSM 2? +.. faq:: + How can I distinguish a Nitrokey HSM 1 from an Nitrokey HSM 2? Use ``opensc-tool --list-algorithms`` and compare with the table below. Please also see `this thread`_ for the factsheets and more details. -.. faq:: Which algorithms and maximum key length are supported? +.. faq:: + Which algorithms and maximum key length are supported? See the following table: @@ -103,18 +113,21 @@ Nitrokey HSM FAQ | secp521k1 | | ✓ | +-------------------+-----+-------+ -.. faq:: How can I use the True Random Number Generator (TRNG) of the Nitrokey HSM for my applications? +.. faq:: + How can I use the True Random Number Generator (TRNG) of the Nitrokey HSM for my applications? Nitrokey HSM can be used with `Botan`_ and `TokenTools`_ by using OpenSC as a PKCS#11 driver. OpenSSL can't use Nitrokey HSM's RNG directly because engine-pkcs11 doesn't contain a mapping for OpenSSL to C_GenerateRandom. -.. faq:: How good is the Random Number Generator? +.. faq:: + How good is the Random Number Generator? Nitrokey HSM uses the True Random Number Generator of JCOP 2.4.1r3 which has a quality of DRNG.2 (according to `AIS 31`_ of the German Federal Office for Information Security, BSI). -.. faq:: Which API can I use? +.. faq:: + Which API can I use? OpenSC: Comprehensive instructions exist for OpenSC framework. There is nitrotool as a more comfortable frontend to OpenSC. @@ -131,7 +144,8 @@ Nitrokey HSM FAQ NitroKeyWrapper. -.. faq:: Is the Nitrokey HSM 2 Common Criteria or FIPS certified? +.. faq:: + Is the Nitrokey HSM 2 Common Criteria or FIPS certified? The security controller (NXP JCOP 3 P60) is Common Criteria EAL 5+ certified up to the OS level. @@ -140,17 +154,20 @@ Nitrokey HSM FAQ * `Security Target `__ * `Java Card System Protection Profile Open Configuration, Version 3.0 `__) -.. faq:: How to import an existing key into the Nitrokey HSM? +.. faq:: + How to import an existing key into the Nitrokey HSM? First, `set up`_ your Nitrokey HSM to use key backup and restore. Then use Smart Card Shell for importing. If your key is stored in a Java key store you can use `NitroKeyWrapper`_ instead. -.. faq:: How do I secure my Cloud Infrastructure/Kubernetes with Nitrokey HSM? +.. faq:: + How do I secure my Cloud Infrastructure/Kubernetes with Nitrokey HSM? An approach to secure keys for Hashicorp Vault/Bank-Vault on a Nitrokey HSM can be found at `banzaicloud.com`_. -.. faq:: Can I use Nitrokey HSM with cryptocurrencies? +.. faq:: + Can I use Nitrokey HSM with cryptocurrencies? J.v.d.Bosch wrote a simple, free python `program`_ to secure the private key of a Bitcoin wallet in a HSM. `Tezos`_ has been `reported`_ to work with Nitrokey HSM. diff --git a/source/components/nitrokeys/nitrokey3/faq.rst b/source/components/nitrokeys/nitrokey3/faq.rst index 0845f751a7..2d89984851 100644 --- a/source/components/nitrokeys/nitrokey3/faq.rst +++ b/source/components/nitrokeys/nitrokey3/faq.rst @@ -1,29 +1,34 @@ Nitrokey 3 FAQ ============== -.. faq:: Which Operating Systems are supported? +.. faq:: + Which Operating Systems are supported? Windows, Linux and macOS. Also some support for Android and iOS. -.. faq:: What can I use the Nitrokey for? +.. faq:: + What can I use the Nitrokey for? See the `overview `_ of supported use cases. -.. faq:: How can I check if my Nitrokey 3 is working? +.. faq:: + How can I check if my Nitrokey 3 is working? On `WebAuthn.io `__ you can check various high-level functionalities, while `webautn.bin.coffee `__ provides good developer level details (technical) details. You can also `test <../../software/nitropy/all-platforms/test.html>`__ your Nitrokey. -.. faq:: Where is the right spot for NFC on my smartphone? +.. faq:: + Where is the right spot for NFC on my smartphone? This is different for every smartphone model, you should find your brand's respective hardware description to find this out. For the NitroPhones you can find the information `here `_. -.. faq:: What happens if I lose my device? +.. faq:: + What happens if I lose my device? When securing accounts using FIDO (two-factor authentication and passwordless login), you should configure another factor in your account as @@ -32,7 +37,8 @@ Nitrokey 3 FAQ can still log in with the second Nitrokey (or with another second factor). -.. faq:: What makes Nitrokey better than other security keys? +.. faq:: + What makes Nitrokey better than other security keys? - Nitrokeys are fully open source and open hardware, reducing vendor lock-in, enabling customizations, and 3rd party security audits for higher security. @@ -45,36 +51,43 @@ Nitrokey 3 FAQ - We offer attractive volume discounts. - We offer customizations and fulfillment services for small quantities. -.. faq:: How large is the storage capacity? +.. faq:: + How large is the storage capacity? The Nitrokey 3 doesn't contain storage capability for ordinary data (it can only store cryptographic keys and certificates). -.. faq:: How many keys can my Nitrokey 3 store? +.. faq:: + How many keys can my Nitrokey 3 store? With the OpenPGP Card feature you can store three key pairs. All keys use the same identity but are used for different purposes: authentication, encryption and signing. For FIDO2 depending on the other features usage, it can store up to 100 passkeys for the Nitrokey 3A Mini and up to 35 passkeys for the Nitrokey 3 NFC, also known as discoverable credentials and an unlimited number of non-discoverable credentials. The PIV feature can store up to 24 key pairs. -.. faq:: How many password can my Nitrokey 3 store? +.. faq:: + How many password can my Nitrokey 3 store? You can store up to 50 entries, one entry can contain login, password, comment and OTP. -.. faq:: Why does the Nitrokey 3 not show up in GnuPG? +.. faq:: + Why does the Nitrokey 3 not show up in GnuPG? Make sure to install a firmware more recent than version 1.4.0. For more information, see the firmware-update page for your operating system. -.. faq:: Which version of OpenPGP smart card application do the Nitrokey 3 support? +.. faq:: + Which version of OpenPGP smart card application do the Nitrokey 3 support? The Nitrokey 3 is compliant with the `OpenPGP smart card application `__ version 3.4.1. -.. faq:: Why does the Nitrokey 3 not show up in Nitrokey App? +.. faq:: + Why does the Nitrokey 3 not show up in Nitrokey App? Nitrokey 3 does only show up and can be managed in "nitropy" and "Nitrokey App 2, not in Nitrokey App 1". -.. faq:: Which algorithms and maximum key length are supported? +.. faq:: + Which algorithms and maximum key length are supported? See the following table: @@ -105,12 +118,14 @@ Nitrokey 3 FAQ Since firmware release v1.7.0, OpenPGP uses a secure element (SE) by default. If the secure element is disabled, some key types can only be imported but not generated on the device. -.. faq:: How can I set the PIN for my Nitrokey 3? +.. faq:: + How can I set the PIN for my Nitrokey 3? The Nitrokey 3 has distinct PINs for each feature. Please refer to the chapter `Set Pins `__. -.. faq:: Is the Nitrokey 3 Common Criteria or FIPS certified? +.. faq:: + Is the Nitrokey 3 Common Criteria or FIPS certified? The secure element (SE050M) is Common Criteria EAL 6+ security certified up to the OS level. @@ -120,11 +135,13 @@ Nitrokey 3 FAQ * `Security Target `__ * `Java Card Protection Profile - Open Configuration `__ -.. faq:: How to use Nitrokey 3 with Azure Entra ID (Active Directory)? +.. faq:: + How to use Nitrokey 3 with Azure Entra ID (Active Directory)? After `disabling Enforce Attestation `__ Nitrokey 3 is supported by Azure Entra ID out of the box. -.. faq:: How can I use the SE050 Secure Element? +.. faq:: + How can I use the SE050 Secure Element? Starting with version 1.7.0 the Secure Element should be automatically activated, if the OpenPGP Card was not used before. To check its activation state you can use: ``nitropy nk3 get-config opcard.use_se050_backend``. diff --git a/source/components/nitrokeys/passkey/faq.rst b/source/components/nitrokeys/passkey/faq.rst index e8bb2ea582..fb79b3549d 100644 --- a/source/components/nitrokeys/passkey/faq.rst +++ b/source/components/nitrokeys/passkey/faq.rst @@ -1,23 +1,27 @@ Nitrokey Passkey FAQ ==================== -.. faq:: Which Operating Systems are supported? +.. faq:: + Which Operating Systems are supported? Windows, Linux, macOS and BSD. Also FIDO2 is supported on Android and iOS. -.. faq:: What can I use the Nitrokey Passkey for? +.. faq:: + What can I use the Nitrokey Passkey for? Second or first factor authentication for services which support Webauthn/Passkey/FIDO2/FIDO U2F. See the `overview `_ of supported use cases. -.. faq:: How can I check if my Nitrokey Passkey is working? +.. faq:: + How can I check if my Nitrokey Passkey is working? On `WebAuthn.io `_ you can check various high-level functionalities, while `webautn.bin.coffee `_ provides good developer level details (technical) details. You can also test your Nitrokey with `nitropy <../../software/nitropy/index.html>`_. -.. faq:: What happens if I lose my Nitrokey Passkey device? +.. faq:: + What happens if I lose my Nitrokey Passkey device? When securing accounts using FIDO2 (two-factor authentication and passwordless login), you should configure another factor in your account as @@ -26,20 +30,24 @@ Nitrokey Passkey FAQ can still log in with the second Nitrokey Passkey (or with another second factor). -.. faq:: How large is the storage capacity? +.. faq:: + How large is the storage capacity? The Nitrokey Passkey doesn't contain storage capability for ordinary data (it can only store cryptographic keys). It can hold over 100 passkeys resp. FIDO2 keys. -.. faq:: How to use Nitrokey Passkey with Azure Entra ID (Active Directory)? +.. faq:: + How to use Nitrokey Passkey with Azure Entra ID (Active Directory)? After `disabling Enforce Attestation `_ Nitrokey Passkey is supported by Azure Entra ID out of the box. -.. faq:: Why does the Nitrokey Passkey not show up in GnuPG? +.. faq:: + Why does the Nitrokey Passkey not show up in GnuPG? The Nitrokey Passkey has no support for OpenPGP. -.. faq:: Why does the Nitrokey Passkey not show up in Nitrokey App? +.. faq:: + Why does the Nitrokey Passkey not show up in Nitrokey App? The Nitrokey Passkey is not supported by the Nitrokey App 1 and 2. diff --git a/source/components/nitrokeys/pro/faq.rst b/source/components/nitrokeys/pro/faq.rst index 4a2857f1ed..2836555254 100644 --- a/source/components/nitrokeys/pro/faq.rst +++ b/source/components/nitrokeys/pro/faq.rst @@ -1,15 +1,18 @@ Nitrokey Pro 2 FAQ ================== -.. faq:: Which Operating Systems are supported? +.. faq:: + Which Operating Systems are supported? Windows, Linux and macOS. -.. faq:: What can I use the Nitrokey for? +.. faq:: + What can I use the Nitrokey for? See the `overview `__ of supported use cases. -.. faq:: What are the default PINs? +.. faq:: + What are the default PINs? * User PIN: ``123456`` * Administrator PIN: ``12345678`` @@ -17,7 +20,8 @@ Nitrokey Pro 2 FAQ We strongly recommend to change these PINs/password to user-chosen values before using the Nitrokey. -.. faq:: What is the maximum length of the PIN? +.. faq:: + What is the maximum length of the PIN? Nitrokey uses PINs instead of passwords. The main difference is that the hardware limits the amount of tries to three while a limit doesn't exist for @@ -29,7 +33,8 @@ Nitrokey Pro 2 FAQ OpenSC, 32 character long PINs can be used but aren't supported by Nitrokey App. -.. faq:: What is the User PIN for? +.. faq:: + What is the User PIN for? The user PIN is at least 6-digits long and is used to get access to the contect of the Nitrokey. This is the PIN you will use a lot in @@ -41,7 +46,8 @@ Nitrokey Pro 2 FAQ PIN attempts were done, it is sufficiently secure to only have a 6 digits PIN. The default PIN is ``123456``. -.. faq:: What is the Admin PIN for? +.. faq:: + What is the Admin PIN for? The admin PIN is at least 8-digits long and is used to change contents/settings of the Nitrokey. That is to say after initializing the @@ -54,12 +60,14 @@ Nitrokey Pro 2 FAQ PIN attempts were done, it is sufficiently secure to only have 8 digits PIN. The default PIN is ``12345678``. -.. faq:: Why does my Nitrokey Pro hang when switching between nitrokey-app and GnuPG? +.. faq:: + Why does my Nitrokey Pro hang when switching between nitrokey-app and GnuPG? GnuPG and nitrokey-app sometimes tend to hand each other. This is a known problem and it can be fixed by re-inserting the Nitrokey into the USB slot. -.. faq:: Which drivers/tools can be used? +.. faq:: + Which drivers/tools can be used? GnuPG is required for many use cases. It is a command line tool but usually you don't need to invoke it directly but use another application with user @@ -74,7 +82,8 @@ Nitrokey Pro 2 FAQ instructions work Nitrokey as well. In general the official documentation is recommended. -.. faq:: How fast is encryption and signing? +.. faq:: + How fast is encryption and signing? Encryption of 50kiB of data: @@ -83,7 +92,8 @@ Nitrokey Pro 2 FAQ * 256 bit AES, 240 bytes per command -> 910 bytes per second * 128 bit AES, 240 bytes per command -> 930 bytes per second -.. faq:: Which algorithms and maximum key length are supported? +.. faq:: + Which algorithms and maximum key length are supported? See the following table: @@ -120,11 +130,13 @@ Nitrokey Pro 2 FAQ +-------------------+-----+-------+ -.. faq:: Does the Nitrokey Pro contain a secure chip or just a normal microcontroller? +.. faq:: + Does the Nitrokey Pro contain a secure chip or just a normal microcontroller? Nitrokey Pro contains a tamper resistant smart card. -.. faq:: Is the Nitrokey Pro Common Criteria or FIPS certified? +.. faq:: + Is the Nitrokey Pro Common Criteria or FIPS certified? The security controller (NXP Smart Card Controller P5CD081V1A and its major configurations P5CC081V1A, P5CN081V1A, P5CD041V1A, P5CD021V1A and P5CD016V1A @@ -135,12 +147,14 @@ Nitrokey Pro 2 FAQ * `Maintenance Report `__ * `Maintenance ST `__ -.. faq:: How can I use the True Random Number Generator (TRNG) of the Nitrokey Pro for my applications? +.. faq:: + How can I use the True Random Number Generator (TRNG) of the Nitrokey Pro for my applications? Both devices are compatible to the OpenPGP Card, so that `scdrand`_ should work. `This script`_ may be useful. The user comio `created a systemd file`_ to use scdrand and thus the TRNG more generally. He created an `ebuild for Gentoo`_, too. -.. faq:: How good is the Random Number Generator? +.. faq:: + How good is the Random Number Generator? Nitrokey Pro and Nitrokey Storage use a True Random Number Generator (TRNG) for generating keys on the device. The entropy generated by the TRNG is used @@ -148,12 +162,14 @@ Nitrokey Pro 2 FAQ The TRNG provides about 40 kbit/s. -.. faq:: How large is the storage capacity? +.. faq:: + How large is the storage capacity? The Nitrokey Pro doesn't contain storage capability for ordinary data (it can only store cryptographic keys and certificates). -.. faq:: How many keys can I store? +.. faq:: + How many keys can I store? The Nitrokey Pro can store three RSA key pairs. All keys use the same identity but are used for different purposes: authentication, encryption and diff --git a/source/components/nitrokeys/start/faq.rst b/source/components/nitrokeys/start/faq.rst index ef274d3915..75f60dc684 100644 --- a/source/components/nitrokeys/start/faq.rst +++ b/source/components/nitrokeys/start/faq.rst @@ -1,15 +1,18 @@ Nitrokey Start FAQ ================== -.. faq:: Which Operating Systems are supported? +.. faq:: + Which Operating Systems are supported? Windows, Linux and macOS. -.. faq:: What can I use the Nitrokey for? +.. faq:: + What can I use the Nitrokey for? See the `overview `__ of supported use cases. -.. faq:: What are the default PINs? +.. faq:: + What are the default PINs? * User PIN: ``123456`` * Administrator PIN: ``12345678`` @@ -17,7 +20,8 @@ Nitrokey Start FAQ We strongly recommend to change these PINs/password to user-chosen values before using the Nitrokey. -.. faq:: What is the maximum length of the PIN? +.. faq:: + What is the maximum length of the PIN? Nitrokey uses PINs instead of passwords. The main difference is that the hardware limits the amount of tries to three while a limit doesn't exist for @@ -29,7 +33,8 @@ Nitrokey Start FAQ OpenSC, 32 character long PINs can be used but aren't supported by Nitrokey App. -.. faq:: What is the User PIN for? +.. faq:: + What is the User PIN for? The user PIN is at least 6-digits long and is used to get access to the contect of the Nitrokey. This is the PIN you will use a lot in @@ -41,7 +46,8 @@ Nitrokey Start FAQ PIN attempts were done, it is sufficiently secure to only have a 6 digits PIN. The default PIN is ``123456``. -.. faq:: What is the Admin PIN for? +.. faq:: + What is the Admin PIN for? The admin PIN is at least 8-digits long and is used to change contents/settings of the Nitrokey. That is to say after initializing the @@ -54,7 +60,8 @@ Nitrokey Start FAQ PIN attempts were done, it is sufficiently secure to only have 8 digits PIN. The default PIN is ``12345678``. -.. faq:: Which drivers/tools can be used? +.. faq:: + Which drivers/tools can be used? GnuPG is required for many use cases. It is a command line tool but usually you don't need to invoke it directly but use another application with user @@ -69,7 +76,8 @@ Nitrokey Start FAQ instructions work Nitrokey as well. In general the official documentation is recommended. -.. faq:: Which algorithms and maximum key length are supported? +.. faq:: + Which algorithms and maximum key length are supported? See the following table: @@ -105,16 +113,19 @@ Nitrokey Start FAQ | secp521k1 | | +-------------------+-------+ -.. faq:: Does the Nitrokey Start contain a secure chip or just a normal microcontroller? +.. faq:: + Does the Nitrokey Start contain a secure chip or just a normal microcontroller? Nitrokey Start is implemented in the microprocessor. -.. faq:: How large is the storage capacity? +.. faq:: + How large is the storage capacity? The Nitrokey Start doesn't contain storage capability for ordinary data (it can only store cryptographic keys and certificates). -.. faq:: How many keys can I store? +.. faq:: + How many keys can I store? The Nitrokey Start can store nine RSA key pairs for three identities. For one identity you need three key pairs for authentication, encryption and signing. diff --git a/source/components/nitrokeys/storage/faq.rst b/source/components/nitrokeys/storage/faq.rst index 6fdc5e8ee4..a2c53d62d2 100644 --- a/source/components/nitrokeys/storage/faq.rst +++ b/source/components/nitrokeys/storage/faq.rst @@ -4,15 +4,18 @@ Nitrokey Storage FAQ As the Nitrokey Storage 2 is essentially a Nitrokey Pro 2 including a non-volatile (encrypted) storage, the :doc:`Nitrokey Pro 2 FAQ <../pro/faq>` also partly applies. -.. faq:: Which Operating Systems are supported? +.. faq:: + Which Operating Systems are supported? Windows, Linux and macOS. -.. faq:: What can I use the Nitrokey for? +.. faq:: + What can I use the Nitrokey for? See the `overview `__ of supported use cases. -.. faq:: What are the default PINs? +.. faq:: + What are the default PINs? * **User PIN:** "123456" * **Administrator PIN:** "12345678" @@ -21,17 +24,20 @@ non-volatile (encrypted) storage, the :doc:`Nitrokey Pro 2 FAQ <../pro/faq>` als We strongly recommend to change these PINs/password to user-chosen values before using the Nitrokey. -.. faq:: How large is the storage capacity? +.. faq:: + How large is the storage capacity? Nitrokey Storage can store and encrypt 8, 32, or 64 GB of data (depending on particular model). -.. faq:: Why can't I access the encrypted storage on a new Nitrokey Storage? +.. faq:: + Why can't I access the encrypted storage on a new Nitrokey Storage? On a new Nitrokey Storage device, before you can access the encrypted volume make sure you first "Destroy encrypted data" inside the Nitrokey App. -.. faq:: What is the maximum length of the PIN? +.. faq:: + What is the maximum length of the PIN? Nitrokey uses PINs instead of passwords. The main difference is that the hardware limits the amount of tries to three while a limit doesn't exist for @@ -43,7 +49,8 @@ non-volatile (encrypted) storage, the :doc:`Nitrokey Pro 2 FAQ <../pro/faq>` als OpenSC, 32 character long PINs can be used but aren't supported by Nitrokey App. -.. faq:: What is the User PIN for? +.. faq:: + What is the User PIN for? The user PIN is at least 6-digits long and is used to get access to the contect of the Nitrokey. This is the PIN you will use a lot in @@ -55,7 +62,8 @@ non-volatile (encrypted) storage, the :doc:`Nitrokey Pro 2 FAQ <../pro/faq>` als PIN attempts were done, it is sufficiently secure to only have a 6 digits PIN. The default PIN is ``123456``. -.. faq:: What is the Admin PIN for? +.. faq:: + What is the Admin PIN for? The admin PIN is at least 8-digits long and is used to change contents/settings of the Nitrokey. That is to say after initializing the @@ -68,12 +76,14 @@ non-volatile (encrypted) storage, the :doc:`Nitrokey Pro 2 FAQ <../pro/faq>` als PIN attempts were done, it is sufficiently secure to only have 8 digits PIN. The default PIN is ``12345678``. -.. faq:: Why does my Nitrokey Storage hang when switching between nitrokey-app and GnuPG? +.. faq:: + Why does my Nitrokey Storage hang when switching between nitrokey-app and GnuPG? GnuPG and nitrokey-app sometimes tend to hand each other. This is a known problem and it can be fixed by re-inserting the Nitrokey into the USB slot. -.. faq:: What is the firmware PIN for? +.. faq:: + What is the firmware PIN for? The firmware password should meet general password recommandations (e.g. use alphabetic characters, digits and special @@ -85,13 +95,15 @@ non-volatile (encrypted) storage, the :doc:`Nitrokey Pro 2 FAQ <../pro/faq>` als password and would have unlimited attempts. Therefore you must choose a strong password. The default password is 12345678. -.. faq:: How many keys can I store? +.. faq:: + How many keys can I store? The Nitrokey Storage can store three RSA key pairs. All keys use the same identity but are used for different purposes: authentication, encryption and signing. -.. faq:: How fast is encryption and signing? +.. faq:: + How fast is encryption and signing? Encryption of 50kiB of data: @@ -100,7 +112,8 @@ non-volatile (encrypted) storage, the :doc:`Nitrokey Pro 2 FAQ <../pro/faq>` als * 256 bit AES, 240 bytes per command -> 910 bytes per second * 128 bit AES, 240 bytes per command -> 930 bytes per second -.. faq:: Which algorithms and maximum key length are supported? +.. faq:: + Which algorithms and maximum key length are supported? See the following table: @@ -136,11 +149,13 @@ non-volatile (encrypted) storage, the :doc:`Nitrokey Pro 2 FAQ <../pro/faq>` als | secp521k1 | | | +-------------------+---------+-----------+ -.. faq:: Does the Nitrokey Storage contain a secure chip or just a normal microcontroller? +.. faq:: + Does the Nitrokey Storage contain a secure chip or just a normal microcontroller? Nitrokey Storage contains a tamper resistant smart card. -.. faq:: Is the Nitrokey Storage Common Criteria or FIPS certified? +.. faq:: + Is the Nitrokey Storage Common Criteria or FIPS certified? The security controller (NXP Smart Card Controller P5CD081V1A and its major configurations P5CC081V1A, P5CN081V1A, P5CD041V1A, P5CD021V1A and P5CD016V1A @@ -154,12 +169,14 @@ non-volatile (encrypted) storage, the :doc:`Nitrokey Pro 2 FAQ <../pro/faq>` als Additionally `Cure53 `__ has performed an `independent security audit `__ of the hardware, firmware, and Nitrokey App. -.. faq:: How can I use the True Random Number Generator (TRNG) of the Nitrokey Storage for my applications? +.. faq:: + How can I use the True Random Number Generator (TRNG) of the Nitrokey Storage for my applications? Both devices are compatible to the OpenPGP Card, so that `scdrand`_ should work. `This script`_ may be useful. The user comio `created a systemd file`_ to use scdrand and thus the TRNG more generally. He created an `ebuild for Gentoo`_, too. -.. faq:: How good is the Random Number Generator? +.. faq:: + How good is the Random Number Generator? Nitrokey Pro and Nitrokey Storage use a True Random Number Generator (TRNG) for generating keys on the device. The entropy generated by the TRNG is used @@ -167,7 +184,8 @@ non-volatile (encrypted) storage, the :doc:`Nitrokey Pro 2 FAQ <../pro/faq>` als The TRNG provides about 40 kbit/s. -.. faq:: How can I use the encrypted mobile Storage? +.. faq:: + How can I use the encrypted mobile Storage? Prior of using the encrypted mobile storage you need to install and initialize the Nitrokey Storage and download the latest Nitrokey App. @@ -181,7 +199,8 @@ non-volatile (encrypted) storage, the :doc:`Nitrokey Pro 2 FAQ <../pro/faq>` als The Nitrokey Storage is able to create hidden volumes as well. Please have a look at the corresponding instructions for hidden volumes. -.. faq:: How can I use the hidden volume? +.. faq:: + How can I use the hidden volume? Hidden volumes allow to hide data in the encrypted volume. The data is protected with an additional password. Without the password the data existence's can't be diff --git a/source/components/nitropad-nitropc/faq.rst b/source/components/nitropad-nitropc/faq.rst index a3cf9ec2ef..659fdf9b30 100644 --- a/source/components/nitropad-nitropc/faq.rst +++ b/source/components/nitropad-nitropc/faq.rst @@ -1,17 +1,20 @@ NitroPad, NitroPC FAQ ===================== -.. faq:: What is the default hard-disk encryption password? +.. faq:: + What is the default hard-disk encryption password? The default Nitropad disk encryption password: "12345678". This was change on the 15.01.2024 so if "12345678" is not working try the old default: "PleaseChangeMe" -.. faq:: How to change the hard-disk encryption password from within HEADS? +.. faq:: + How to change the hard-disk encryption password from within HEADS? This is the prefered way to change the hard-disk encryption password. Inside HEADS choose ``Options -> Change LUKS Disk Recovery Key passphrase`` and follow the instructions. -.. faq:: How to change the hard-disk encryption password from within the OS? +.. faq:: + How to change the hard-disk encryption password from within the OS? Using default ``cryptsetup`` tools it is important to note that the right key slot is used: ``sudo cryptsetup luksChangeKey --key-slot=0 /dev/nvme0n1p3`` or @@ -20,7 +23,8 @@ NitroPad, NitroPC FAQ .. figure:: /images/qubes/ChangeDiskPasswordQubes.png :alt: Change Password Qubes Image -.. faq:: What is re-ownership / re-encryption and why is it important? +.. faq:: + What is re-ownership / re-encryption and why is it important? Changing your hard-disk encryption password does not change the encryption itself, just the access to the encryption key. This means that in a situation diff --git a/source/components/nitrophone/faq.rst b/source/components/nitrophone/faq.rst index 0410a131c0..a7323c1527 100644 --- a/source/components/nitrophone/faq.rst +++ b/source/components/nitrophone/faq.rst @@ -1,21 +1,24 @@ NitroPhone FAQ =============== -.. faq:: Does the Nitrophone work with my carrier network? +.. faq:: + Does the Nitrophone work with my carrier network? Google claims `all major carriers`_ should work with the Pixel phones. Nevertheless there might be exceptions, obviously we cannot check `all` carriers around the world. Best practice, is to check if you find some tests/experience stories about the Pixel 4a together with your planned carrier network. -.. faq:: What is and how to activate *PIN Layout Scrambling*? +.. faq:: + What is and how to activate *PIN Layout Scrambling*? To make it difficult for strangers to read the PIN when typing it in, you can display the PIN layout in a random order. Additionally, we recommend a `privacy screen `__. To enable, select: *Settings -> Security -> PIN scrambling -> Scramble PIN* -.. faq:: What is a *Kill Switch* and how to activate it? +.. faq:: + What is a *Kill Switch* and how to activate it? Kill Switches, which erase all the phone's data when triggered, are very risky in practice as they could be triggered unintentionally. Therefore, the NitroPhone instead @@ -24,7 +27,8 @@ NitroPhone FAQ phone can only be unlocked with the legitimate PIN or password. To enable, select: *Settings -> Security -> Auto reboot -> select the idle time duration after which the phone should reboot* -.. faq:: Why do I get "Warning: Your device is loading a different operating system"? +.. faq:: + Why do I get "Warning: Your device is loading a different operating system"? .. image:: ./images/boot-screen.jpg :alt: Boot screen @@ -33,31 +37,38 @@ NitroPhone FAQ Shortly after the phone is turned on, the warning "Your device is loading a different operating system" is displayed. This warning indicates that no ordinary Google Android is running and can be ignored. -.. faq:: How can I check, if my NitroPhone has been hacked/compromised? +.. faq:: + How can I check, if my NitroPhone has been hacked/compromised? If you want to check the integrity of the operating system, you can use `remote verification `_. -.. faq:: Where can I get further information about GrapheneOS? +.. faq:: + Where can I get further information about GrapheneOS? `Here `__ you can find further information on GrapheneOS. -.. faq:: Why is OEM unlocking enabled by default? +.. faq:: + Why is OEM unlocking enabled by default? The only real purpose of the OEM Unlocking setting is `anti-theft protection `__ which is not implemented by GrapheneOS. OEM unlocking controls whether the device can be unlocked via boot loader. In the later case all user data is wiped. If OEM Unlocking is disabled, someone can still boot up in recovery mode, enter the menu, wipe data, then boot the OS and enable OEM unlocking. Therefore it doesn't really increase the security but `disabling it `_ reduces the potential physical attack surface. -.. faq:: Why do we offer to remove the microphones? +.. faq:: + Why do we offer to remove the microphones? GrapheneOS informs about active access to the sensors and offers a transparent way to monitor the device. However, physical removal is the only way to completely exclude possible misuse. Especially in the case of a microphone, which allows continuous eavesdropping. -.. faq:: Why do we also offer to remove the gyroscope? +.. faq:: + Why do we also offer to remove the gyroscope? A gyroscope is a sensor that detects the orientation of a smartphone. It not only stabilises the camera, but also tells the smartphone whether it is held in portrait or landscape mode. Additionally the gyroscope can also pick up mechanical vibrations, so it has the functionality of a microphone. -.. faq:: Why don't we offer to remove the speakers? +.. faq:: + Why don't we offer to remove the speakers? Microphones are usually used to convert mechanical vibrations into electrical signals. The mechanical construction of loudspeakers is essentially the same as that of microphones, so that loudspeakers can also be used as microphones. In loudspeakers, electrical signals cause the diaphragm to vibrate, thus generating sound. Conversely, this process can be used to transmit the electrical signal from the diaphragm to the device, as with a microphone. However, this method is not possible if an amplifier is installed, as this does not allow the signal to be transmitted from the loudspeaker to the device. All Nitrophones only have speakers with built-in amplifiers and are therefore harmless. -.. faq:: How to use FIDO2 with Android / NitroPhone? +.. faq:: + How to use FIDO2 with Android / NitroPhone? Please refer to our guide :doc:`../nitrokeys/features/fido2/nitrophone`. diff --git a/source/components/nitrowall/faq-opnsense.rst b/source/components/nitrowall/faq-opnsense.rst index 4acc280ce7..023df19292 100644 --- a/source/components/nitrowall/faq-opnsense.rst +++ b/source/components/nitrowall/faq-opnsense.rst @@ -1,11 +1,13 @@ FAQ OPNSense ============ -.. faq:: How to set up a LAN bridge?: +.. faq:: + How to set up a LAN bridge?: Details on how to set up a LAN bridge you can find `here `__. -.. faq:: How to set up IDS/IPS with Suricata: +.. faq:: + How to set up IDS/IPS with Suricata: OPNSense uses Suricata to provide an IPS/IDS Service. Suricata is already installed and running after initial configuration. @@ -14,17 +16,20 @@ FAQ OPNSense More information on how to configure IDS/IPS are available `here `__. -.. faq:: How to use NitroWall as combined DHCP-Client/DHCP-Server: +.. faq:: + How to use NitroWall as combined DHCP-Client/DHCP-Server: .. warning:: Note the correct mapping of interfaces to physical ports: Interfaces → Assignments 1. In "System → Wizard → Configure WAN Interface" set the value for IPv4 Configuration Type to DHCP 2. Follow `this guide `_ to configure the LAN interface for DHCP -.. faq:: How to create a backup: +.. faq:: + How to create a backup: Information on how to create backups can be found `here `__. -.. faq:: Why is my system time wrong? +.. faq:: + Why is my system time wrong? If your system time is wrong try to follow `this documentation `__. diff --git a/source/components/nitrowall/nw750/faq.rst b/source/components/nitrowall/nw750/faq.rst index 20acefa15f..fdd8c808e7 100644 --- a/source/components/nitrowall/nw750/faq.rst +++ b/source/components/nitrowall/nw750/faq.rst @@ -1,7 +1,8 @@ NitroWall NW750 FAQ =================== -.. faq:: Does the NitroWall NW750 support eSIM? +.. faq:: + Does the NitroWall NW750 support eSIM? Yes, but when using an eSIM it's not possible to use blue-merle to change the eUICCID. Thus for privacy reasons we don't recommend using an eSIM.