diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index ae44238cf2..fcb94832ff 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -11,7 +11,7 @@ jobs:
runs-on: ubuntu-latest
container:
- image: sphinxdoc/sphinx
+ image: python:3.11
#options: --user 1001 (only if we don't need apt-get)
env:
@@ -19,11 +19,6 @@ jobs:
OTHER_LANGS: de es fr ru nl it ja el bg da et fi lv lt pl pt ro sv sk sl cs hu zh_CN
steps:
- - name: Install git
- run: |
- apt-get -y update
- apt-get -y install git ssh curl
-
- name: Checkout
uses: actions/checkout@v4
@@ -32,10 +27,7 @@ jobs:
- name: Quick build docs
run: |
- mkdir -p dist/en
- mkdir -p build/en/doctrees
- venv/bin/sphinx-build -j auto -b html -D language=en -d build/en/doctrees source dist/en
- rm -rf dist/en/_sources
+ make
cp -r redirects/.htaccess dist
- name: Upload quick build artifact
@@ -44,6 +36,7 @@ jobs:
with:
name: generated documentation (en)
path: dist
+ include-hidden-files: true
- name: Trigger docs server to download artifact
uses: appleboy/ssh-action@v1.2.0
@@ -52,7 +45,7 @@ jobs:
username: docs
port: ${{ secrets.DOCS_PORT }}
key: ${{ secrets.DEPLOY_AUTH_KEY }}
- script: /var/www/docs/deploy/github-trigger.sh en ${{ steps.upload-quick.outputs.artifact-id }} ${{ secrets.DOWNLOAD_TOKEN }}
+ script: /var/www/docs/deploy/gh-trigger.sh en ${{ steps.upload-quick.outputs.artifact-id }} ${{ secrets.DOWNLOAD_TOKEN }}
- name: Checkout data repository
uses: actions/checkout@v4
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 966522f0ba..78aec2bc1a 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -14,20 +14,45 @@ jobs:
- name: Create virtual environment
run: make venv
- name: Syntax check
- run: |
- . venv/bin/activate
- rstcheck --recursive --ignore-directives "tabs" source/
+ run: make check
- build-error-check:
- name: Check build error
+ build-check-and-preview-upload:
+ name: Check Build and Upload to Preview
runs-on: ubuntu-latest
container: python:3.11
steps:
- name: Checkout repository
uses: actions/checkout@v3
+
- name: Create virtual environment
run: make venv
+
- name: Build documentation
run: |
- . venv/bin/activate
- sphinx-build -W -j 1 -a -D language='en' -b html source dist/en
+ make
+ cp -r redirects/.htaccess dist
+
+ - name: Upload quick build artifact
+ id: upload-quick
+ uses: actions/upload-artifact@v4
+ with:
+ name: generated documentation (en)
+ path: dist
+ include-hidden-files: true
+
+ - name: Trigger docs server to download artifact
+ uses: appleboy/ssh-action@v1.2.0
+ with:
+ host: ${{ secrets.DOCS_HOST }}
+ username: docs
+ port: ${{ secrets.DOCS_PORT }}
+ key: ${{ secrets.DEPLOY_AUTH_KEY }}
+ script: /var/www/docs/deploy/gh-trigger.sh preview+${{ github.event.number }} ${{ steps.upload-quick.outputs.artifact-id }} ${{ secrets.DOWNLOAD_TOKEN }}
+
+ - name: Confirm Deployment with PR Comment
+ uses: thollander/actions-comment-pull-request@v3
+ with:
+ message: |
+ The successful documentation build was deployed for preview:
+ * https://docspreview.nitrokey.com/PR-${{ github.event.number }}
+
diff --git a/Makefile b/Makefile
index 2d144c4e82..e46b7eee9b 100644
--- a/Makefile
+++ b/Makefile
@@ -1,12 +1,31 @@
-
-all: venv
+.PHONY: docs
+docs: venv
venv/bin/sphinx-build -j auto -b html -D language=en -d build/en/doctrees source dist/en
venv:
python -m venv venv
venv/bin/pip3 install -r requirements.txt
-clean:
- rm -rf dist build venv
+.PHONY: check
+check: venv
+ # ignore-messages is needed due to links being used in directives, which
+ # are not visible by rstcheck as these directives are ignored (mostly faq)
+ venv/bin/rstcheck --recursive --ignore-directives tabs,faq,product-table \
+ --ignore-messages "faq(.*)Hyperlink target(.*)is not referenced" \
+ source
+
+pkg: venv docs
+ mv dist/en/_images dist/_images
+ rm -rf dist/*/_sources dist/*/_images
+ cp redirects/.htaccess dist
+
+
+clean:
+ rm -rf dist build
+
+cleaner: clean
+ rm -rf venv
+
+.PHONY: docs check pkg
diff --git a/README.md b/README.md
index 842a00527f..f1f6f5b357 100644
--- a/README.md
+++ b/README.md
@@ -13,6 +13,14 @@ The (english) result is to be found in `dist/en`, to show run:
firefox dist/en/index.html
```
+### More Makefile Targets
+
+* `clean` will clean up generated files
+* `cleaner` includes `venv/`
+* `check` runs `rstcheck` for the sources
+* `venv` creates a virtualenv with all deps
+* `docs` first target, default, will quick-build the english docs
+* `pkg` assembles a package for deployment in `dist` (unused)
### Localization
diff --git a/requirements.txt b/requirements.txt
index 549aab57e0..083f886922 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -29,3 +29,4 @@ sphinxcontrib-serializinghtml==2.0.0
sphinxprettysearchresults==0.3.5
urllib3==2.2.3
setuptools==75.6.0
+docutils==0.21.2
diff --git a/source/_ext/faq_item.py b/source/_ext/faq_item.py
new file mode 100644
index 0000000000..a832b92762
--- /dev/null
+++ b/source/_ext/faq_item.py
@@ -0,0 +1,71 @@
+import urllib.parse
+import re
+
+from docutils import nodes
+
+from docutils.parsers.rst import directives
+from sphinx.util.docutils import SphinxDirective
+from sphinx.util.typing import ExtensionMetadata
+from sphinx.application import Sphinx
+
+
+class FAQItem(SphinxDirective):
+ """
+ Directive for a FAQ item
+ """
+
+ has_content = True
+ required_arguments = 1
+ optional_arguments = 30
+ final_argument_whitespace = True
+ option_spec = {
+ "class": directives.class_option,
+ }
+
+ def _make_slug(self, s: str) -> str:
+ """Sluggify some string for inclusion into URL"""
+
+ s = s.lower().strip()
+ s = re.sub(r"[^\w\s-]", "", s)
+ s = re.sub(r"[\s_-]+", "-", s)
+ s = re.sub(r"^-+|-+$", "", s)
+ return urllib.parse.quote_plus(s)
+
+ def run(self) -> list[nodes.Node]:
+
+ # answer (block content)
+ content = nodes.container()
+ # ... parse
+ self.state.nested_parse(self.content, self.content_offset, content)
+ answer = nodes.definition("", *content.children)
+ # ... assemble
+ a_item = nodes.definition_list_item("", answer)
+
+ # question:
+ question = " ".join(self.arguments)
+ # ... get slug
+ slug = self._make_slug(question)
+ # ... get formatted text
+ prefix = nodes.strong(text="Q: ")
+ q_node = nodes.Text(question)
+ # ... link with anchor name (slug)
+ attrs = {"refuri": f"#{slug}", "ids": [slug]}
+ anchor_link = nodes.reference("", "", prefix, q_node, **attrs)
+ # ... assemble `term`
+ term = nodes.term("", "", anchor_link)
+ q_item = nodes.definition_list_item("", term)
+
+ # add both to output (def-list)
+ li = nodes.definition_list("", q_item, a_item)
+
+ return [li]
+
+
+def setup(app: Sphinx) -> ExtensionMetadata:
+ app.add_directive("faq", FAQItem)
+
+ return {
+ "version": "0.1",
+ "parallel_read_safe": True,
+ "parallel_write_safe": True,
+ }
diff --git a/source/_ext/nk_product_table.py b/source/_ext/nk_product_table.py
new file mode 100644
index 0000000000..faabe291a2
--- /dev/null
+++ b/source/_ext/nk_product_table.py
@@ -0,0 +1,142 @@
+from collections import OrderedDict
+
+from docutils import nodes
+from docutils.parsers.rst import directives
+
+from sphinx.util.docutils import SphinxDirective
+from sphinx.util.typing import ExtensionMetadata
+from sphinx.application import Sphinx
+
+
+class NitrokeyProductTable(SphinxDirective):
+ """
+ Directive for the Nitrokey Variants Header Table
+ """
+
+ KEYS = OrderedDict(
+ **{
+ "nitrokey3": "3A/C/Mini",
+ "passkey": "Passkey",
+ "hsm": "HSM 2",
+ "pro": "Pro 2",
+ "fido2": "FIDO2",
+ "storage": "Storage 2",
+ "start": "Start",
+ "u2f": "U2F",
+ }
+ )
+
+ ALIASES = {"nk3": "nitrokey3", "nkpk": "passkey", "pk": "passkey"}
+
+ has_content = False
+ required_arguments = 1
+ optional_arguments = len(KEYS) - 1
+ final_argument_whitespace = True
+ option_spec = {
+ "class": directives.class_option,
+ }
+
+ def run(self) -> list[nodes.Node]:
+ table = nodes.table()
+
+ # set table class
+ if "class" in self.options:
+ table["classes"] += self.options["class"]
+ table["classes"] += ["products-table"]
+
+ tgroup = nodes.tgroup(cols=len(self.KEYS))
+ table += tgroup
+
+ # col specs
+ for _ in enumerate(self.KEYS):
+ colspec = nodes.colspec(colwidth=100)
+ tgroup += colspec
+
+ thead = nodes.thead()
+ row0 = nodes.row()
+ # title header
+ entry = nodes.entry(morecols=len(self.KEYS) - 1)
+ entry += nodes.paragraph(text="Compatible Nitrokeys")
+ entry["classes"] += ["products-table-head"]
+
+ row0 += entry
+ thead += row0
+
+ row1 = nodes.row()
+
+ # headers (product names / links)
+ for key, name in self.KEYS.items():
+ entry = nodes.entry()
+
+ # TODO: use relative !!
+ url = f"https://docs.nitrokey.com/nitrokeys/{key}"
+ # url = f"/nitrokeys/{key}"
+ entry += nodes.paragraph(
+ "",
+ "",
+ nodes.reference("", name, refuri=url),
+ )
+
+ row1 += entry
+
+ thead += row1
+ tgroup += thead
+
+ # get used_products from arguments
+ used_products = list(self.arguments)
+ # apply aliases
+ used_products = [self.ALIASES.get(x, x) for x in used_products]
+ # accepted keys (include "all")
+ ok_keys = list(self.KEYS.keys()) + ["all"]
+ # check if all keys exist
+ check = all(x in ok_keys for x in used_products)
+ if not check:
+ print()
+ print("ERROR in product-table (_ext/nk_product_table.py)")
+ print("ERROR found invalid product-table arguments")
+ print()
+ assert check
+
+ # checkmark row creation
+ row2 = nodes.row()
+ yes = "✓"
+ no = "⨯"
+ for key, name in self.KEYS.items():
+ if "all" in used_products:
+ val = yes
+ else:
+ val = yes if key in used_products else no
+ entry = nodes.entry()
+ icon = nodes.paragraph(text=val)
+ entry += icon
+ entry["classes"] += ["tooltip"]
+
+ if val == yes:
+ entry["classes"] += ["active"]
+ tooltip = nodes.paragraph(text="active")
+ tooltip["classes"] += ["tooltiptext"]
+ else:
+ entry["classes"] += ["inactive"]
+ tooltip = nodes.paragraph(text="inactive")
+ tooltip["classes"] += ["tooltiptext"]
+
+ # entry += tooltip
+ icon += tooltip
+
+ row2 += entry
+
+ tbody = nodes.tbody()
+ tbody += row2
+ tgroup += tbody
+
+ return [table]
+
+
+def setup(app: Sphinx) -> ExtensionMetadata:
+ app.add_directive("product-table", NitrokeyProductTable)
+
+ return {
+ "version": "0.1",
+ "parallel_read_safe": True,
+ "parallel_write_safe": True,
+ }
diff --git a/source/_static/css/custom.css b/source/_static/css/custom.css
index 767623efe5..d1cc26d0bd 100644
--- a/source/_static/css/custom.css
+++ b/source/_static/css/custom.css
@@ -719,6 +719,27 @@ article ul li {
display: none;
}
+.products-table table {
+ width: 90%;
+ horizontal-alignment: center;
+}
+
+.products-table .products-table-head p {
+ font-size: 1.2em !important;
+ font-family: Teko, Helvetica, Arial, sans-serif;
+ font-weight: 500;
+ line-height: 1.1em;
+ font-variant: all-small-caps;
+ color: var(--color-brand-content);
+}
+
+.products-table th {
+ /*font-weight: 700;
+ line-height: 1.1em;
+ font-variant: all-small-caps;
+ font-family: Teko, Helvetica, Arial, sans-serif;*/
+}
+
.products-table td p {
text-align: center;
font-size: 1.25em !important;
@@ -726,6 +747,47 @@ article ul li {
}
.products-table td {
padding: 0 !important;
+ cursor: default;
}
+.products-table .inactive {
+ opacity: 0.33;
+}
+.products-table .active {
+ color: var(--color-logo-text);
+ font-weight: bold;
+}
+
+/* tooltips */
+
+/* use class to show tooltip for element */
+.tooltip {
+ /*position: relative;
+ display: inline-block;
+ border-bottom: 0px dotted black; */
+
+}
+
+/* use this class to denote tooltip text */
+.tooltip .tooltiptext {
+ visibility: hidden;
+ width: 120px;
+ /*background-color: var(--color-background-primary);*/
+ /*background-color: #18191d;*/
+ background-color: #999999;
+ color: var(--color-content-foreground);
+ text-align: center;
+ padding: 0;
+ margin: 0;
+ border-radius: 4px;
+ border-width: 0px;
+ position: absolute;
+ z-index: 100;
+
+}
+
+/* trigger visibility on hover */
+.tooltip:hover .tooltiptext {
+ /*visibility: visible;*/
+}
diff --git a/source/_static/js/quick-links.js b/source/_static/js/quick-links.js
deleted file mode 100644
index d251dea860..0000000000
--- a/source/_static/js/quick-links.js
+++ /dev/null
@@ -1,11 +0,0 @@
-document.addEventListener('DOMContentLoaded', function () {
- // wrap definition list elements in quick-link hash href
- document.querySelectorAll('dl.simple dt').forEach(function(elem, i) {
- const slug = elem.textContent
- .replace('Q: ', '')
- .toLowerCase().replace(/ /g, '-')
- .replace(/[^\w-]+/g, '');
-
- elem.innerHTML = '' + elem.innerHTML + '';
- });
-}, false);
diff --git a/source/_static/js/toc-fixer.js b/source/_static/js/toc-fixer.js
index 83472d199d..1514b4006f 100644
--- a/source/_static/js/toc-fixer.js
+++ b/source/_static/js/toc-fixer.js
@@ -1,10 +1,12 @@
document.addEventListener('DOMContentLoaded', function () {
- // fix incorrect links in toc and language banners
- document.querySelectorAll('a.internal, .related-pages a, #language-banner a').forEach(function(elem) {
- elem.setAttribute('href', elem.href.replace('index.html', ''));
- elem.setAttribute('href', elem.href.replace('.html', ''));
- });
-
+ // fix incorrect links in toc and language banners
+ // (only works online with apach2 rewrite rules)
+ if (window.location.protocol != "file:") {
+ document.querySelectorAll('a.internal, .related-pages a, #language-banner a').forEach(function(elem) {
+ elem.setAttribute('href', elem.href.replace('index.html', ''));
+ elem.setAttribute('href', elem.href.replace('.html', ''));
+ });
+ }
// fix incorrect headline anchor links
document.querySelectorAll('a.toc-backref').forEach(function(elem) {
for (let sibling of elem.parentNode.children) {
@@ -20,5 +22,8 @@ document.addEventListener('DOMContentLoaded', function () {
}
});
- document.querySelector('#breadcrumbs a.current').remove();
+ elem = document.querySelector('#breadcrumbs a.current');
+ if (elem)
+ elem.remove();
+
}, false);
diff --git a/source/_templates/page.html b/source/_templates/page.html
index cb7086a9a0..fa927099c9 100644
--- a/source/_templates/page.html
+++ b/source/_templates/page.html
@@ -243,7 +243,8 @@
-
-
-
+{% set base_path = "/".join(pathto('index').split("/")[:-1]) %}
+{% set path_prefix = base_path + "/" if base_path else "" %}
+
+
{%- endblock %}
diff --git a/source/components/nethsm/faq.rst b/source/components/nethsm/faq.rst
index c17e87668e..0900e0d481 100644
--- a/source/components/nethsm/faq.rst
+++ b/source/components/nethsm/faq.rst
@@ -1,13 +1,16 @@
Frequently Asked Questions (FAQ)
================================
-**Q:** Is NetHSM FIPS or Common Criteria certified?
+.. faq:: Is NetHSM FIPS or Common Criteria certified?
+
Not yet but we are aiming for certifications in the future. Please contact us if you are interested in supporting these efforts.
-**Q:** Which protections against physical tampering are in place?
+.. faq:: Which protections against physical tampering are in place?
+
NetHSM is sealed which allows to detect physical tampering. It contains a TPM which is protected against physical tampering. The TPM is the root of trust and securely stores cryptographic keys which are used to encrypt and decrypt further data and keys in the NetHSM. This protects against booting malicious firmware and software and decrypting data and keys being stored. The current NetHSM doesn't contain additional sensors to detect tampering.
-**Q:** Where can I learn more about NetHMS's security architecture and implementation?
+.. faq:: Where can I learn more about NetHMS's security architecture and implementation?
+
Start with the chapters Getting Started, Administration and Operations. Proceed with the following resources.
* `Overall system design `_
@@ -15,7 +18,8 @@ Frequently Asked Questions (FAQ)
* `Full source code `_
* Physical random number generator (TRNG) of quality PTG.3 according to AIS-20: `hardware `_, `firmware `_
-**Q:** Roadmap: Which features are planned?
+.. faq:: Roadmap: Which features are planned?
+
We plan the following developments in the loose order. Changes to this prioritization based on customer requests are possible.
* Productive usable software container
diff --git a/source/components/nextbox/faq/generic.rst b/source/components/nextbox/faq/generic.rst
index c56ee5b4c9..50160a9045 100644
--- a/source/components/nextbox/faq/generic.rst
+++ b/source/components/nextbox/faq/generic.rst
@@ -1,7 +1,8 @@
Generic FAQ
===========
-**Q:** What to do if my NextBox doesn't start?
+.. faq:: What to do if my NextBox doesn't start?
+
If your NextBox doesn't start correctly or you have some other problem using
it, chances are a soft reset can fix it:
:doc:`../technical/soft-reset`. To press the button use a thin (~1mm) pin
@@ -14,24 +15,29 @@ Generic FAQ
ability to help you might be limited if you changed your system configuration
using for example ssh.
-**Q:** How can I factory-reset my NextBox?
+.. faq:: How can I factory-reset my NextBox?
+
Press the hardware button for 5 seconds, see
:doc:`../technical/factory-reset`. To press the button use a thin (~1mm) pin
like a smartphone sim-card tray removal device.
-**Q:** What do the different LED colors mean?
+.. faq:: What do the different LED colors mean?
+
The detailed document can be found here: :doc:`../technical/led-colors`
-**Q:** Can the inital setup be done using a monitor & keyboard?
+.. faq:: Can the inital setup be done using a monitor & keyboard?
+
No, this is not possible as the regular login is disabled on delivery. Please
connect the the NextBox to a network and access the NextBox using
`nextbox.local`_ or the IP directly.
-**Q:** What is the typical power consumption?
+.. faq:: What is the typical power consumption?
+
The minimum of 0,6A (3W) is rarely reached, in idle mostly around 1A (5W) and
more than 2A (10W) under higher loads.
-**Q:** How secure is the NextBox?
+.. faq:: How secure is the NextBox?
+
Debian with frequent `unattended-upgrades` based security updates, a minimal
attack surface by ensuring that not a single unneccessary port is open
are the main contributors to system security. **Make sure your Nextcloud users
@@ -39,29 +45,34 @@ Generic FAQ
2-Factor-Authentification supported login method with e.g., a Nitrokey FIDO2.**
-**Q:** What do all the ssh-related "warnings" mean?
+.. faq:: What do all the ssh-related "warnings" mean?
+
Once you set up your ssh-access, you make yourself technically responsible for
your NextBox. We do provide help as good as we can as goodwill, but under the
line we cannot provide generic Linux-administration support outside of the
intended NextBox use-cases.
-**Q:** Can I mirror my NextBox onto another NextBox?
+.. faq:: Can I mirror my NextBox onto another NextBox?
+
This translates to a cluster setup, which is considered an (paid) enterprise
solution by Nextcloud. The details, especially data consistency and collision
handling, are far from trivial to realize. Nevertheless, we also see demand
for more sophisticated backup solutions and will address this issue.
-**Q:** What to do to run/install/fix Nextcloud App "XYZ"? Why does Nextcloud feature XYZ not work?
+.. faq:: What to do to run/install/fix Nextcloud App "XYZ"? Why does Nextcloud feature XYZ not work?
+
Generally we cannot help in detail for these topics. Nextcloud internals and
apps are out-of-scope for the NextBox development as we use the stock Docker
images provided by Nextcloud. Ultimately, if some NextBox/OS configuration is
blocking an app to run properly we for sure will look into fixing it.
-**Q:** Can I connect/use the NextBox using WiFi?
+.. faq:: Can I connect/use the NextBox using WiFi?
+
No, currently this is not (easily) possible, only wired ethernet using RJ-45
is available.
-**Q:** Is the WiFi on the Raspberry PI 4B physically available and working?
+.. faq:: Is the WiFi on the Raspberry PI 4B physically available and working?
+
Yes, physically the WiFi is available and working, but not used/managed by the
NextBox App. If you know what you are doing you can configure and use it, if
works although being inside the NextBox casing.
diff --git a/source/components/nextbox/faq/hardware.rst b/source/components/nextbox/faq/hardware.rst
index dd2988ce91..0155fbc5c1 100644
--- a/source/components/nextbox/faq/hardware.rst
+++ b/source/components/nextbox/faq/hardware.rst
@@ -4,14 +4,16 @@ Hardware FAQ
-**Q:** Why must I not connect external hard-drives without an external power-supply to my NextBox?
+.. faq:: Why must I not connect external hard-drives without an external power-supply to my NextBox?
+
The Raspberry Pi 4 Model B can only supply 1.2A of power through USB (see
`RPi Power Supply`_). The internal hard-drive is already connected and powered
via USB and pulls ~1.0A. Thus connecting another hard-drive without an
external power supply can lead to an unreliable power supply for the internal
hard-drive, thus potential data loss.
-**Q:** Where can I find an external hard-drive with its own power supply?
+.. faq:: Where can I find an external hard-drive with its own power supply?
+
The smaller form factors (2.5'' and smaller) for external hard-drives mostly
come without an additional power supply. For these, *a USB Hub with an
additional power supply can be considered the "external power-supply"* for the
@@ -19,37 +21,44 @@ Hardware FAQ
thus we recommend external 3.5'' hard-drives, which are nearly always
externally powered.
-**Q:** Why does my USB device / hub not work, if connected to the NextBox?
+.. faq:: Why does my USB device / hub not work, if connected to the NextBox?
+
There are some devices and especially USB3 hubs that are known to not work properly
with the Raspberry PI 4B, please see this `USB Documentation`_ from Raspberry.
On top of that also make sure the USB device is working in general by connecting it
to another computer (best case: Linux) and verify that it works.
-**Q:** Why does my hard-drive not show up after plugging it in?
+.. faq:: Why does my hard-drive not show up after plugging it in?
+
Please make sure that you are using one of the supported filesystems (e.g., ext, xfs) and you
have mounted your hard-drive within *Storage Management*.
-**Q:** Can I generally extend the NextBox using a USB hard-drive?
+.. faq:: Can I generally extend the NextBox using a USB hard-drive?
+
Yes, this is possible, please make sure you are using a hard-drive, which has an external
power supply. Once connected you can mount the hard-drive using the NextBox *Storage Management*
and include it into Nextcloud file-management using the `External storage support`_ app.
-**Q:** What functions does the additional "shield" provide?
+.. faq:: What functions does the additional "shield" provide?
+
As of now the shield does provide a :doc:`status LED <../technical/led-colors>`, a hardware button
to :doc:`factory reset <../technical/factory-reset>` and an additional USB Type-C connector on the
same side as the Ethernet port for power supply exclusively.
-**Q:** Is the NextBox hardware extendable/replaceable?
+.. faq:: Is the NextBox hardware extendable/replaceable?
+
Yes, all NextBox components can be easily replaced. None of the components are glued or somehow
permanently assembled. Using a Phillips screwdriver you can disassemble and re-assemble
the NextBox easily. Keep in mind that you are doing this at your own risk.
-**Q:** What are the two USB Type-C ports used for?
+.. faq:: What are the two USB Type-C ports used for?
+
Both USB Type-C ports are exclusively for power supply and can not be used for data transfer.
Do not connect two power supplies, please just use one of both to power your NextBox.
-**Q:** Which fan should I install?
+.. faq:: Which fan should I install?
+
**There is absolutely no need for a fan, the NextBox is designed to work without an active
cooling**. Although if the NextBox is used for additional tasks (it's still a Linux), we have
prepared a fan mount for a 30mm x 12mm fan at 5V connected to the shield. More details (connector,
@@ -57,7 +66,8 @@ Hardware FAQ
the outputs are not controlled yet by the NextBox daemon, so this is also something you would have
to do by yourself.
-**Q:**: Can I upgrade the NextBox' RAM size?
+.. faq:: Can I upgrade the NextBox' RAM size?
+
No, the Raspberry PI 4B has the RAM component soldered onto the mainboard, thus it cannot be replaced/extended.
diff --git a/source/components/nextbox/faq/nextcloud.rst b/source/components/nextbox/faq/nextcloud.rst
index 552837eb45..4a64802c6c 100644
--- a/source/components/nextbox/faq/nextcloud.rst
+++ b/source/components/nextbox/faq/nextcloud.rst
@@ -1,44 +1,53 @@
Nextcloud FAQ
=============
-**Q:** What to do to run/install/fix Nextcloud App "XYZ"? Why does Nextcloud feature XYZ not work?
+.. faq:: What to do to run/install/fix Nextcloud App "XYZ"? Why does Nextcloud feature XYZ not work?
+
Generally we cannot help in detail for these topics. Nextcloud internals and apps are
out-of-scope for the NextBox development as we use the stock Docker images provided by Nextcloud.
Ultimately, if some NextBox/OS configuration is blocking an app to run properly we for sure will
look into fixing it.
-**Q:** Why does Nitrokey currently not recommend to use OnlyOffice or Collabora Office on the NextBox?
+.. faq:: Why does Nitrokey currently not recommend to use OnlyOffice or Collabora Office on the NextBox?
+
The state of these Nextcloud apps is not yet mature (for ARM platforms). Although it is (partly)
possible to install them we do not recommend doing so currently.
-**Q:** Why does updating Nextcloud from inside Nextcloud not work?
+.. faq:: Why does updating Nextcloud from inside Nextcloud not work?
+
The Nextcloud version is rolled out by us. Thus the option to update from inside Nextcloud
is not working.
-**Q:** Can I add apps to the Nextcloud instance?
+.. faq:: Can I add apps to the Nextcloud instance?
+
Yes, the Nextcloud app store is available and any app available there can be installed through
the Nextcloud web frontend.
-**Q:** My Nextcloud instance is stuck in "Maintenance Mode", how can I switch it off?
+.. faq:: My Nextcloud instance is stuck in "Maintenance Mode", how can I switch it off?
+
To *force exit* the Nextcloud "Maintenance Mode", you can push the hardware button **shortly, once**. The
NextBox will then switch-off the maintenance mode. Please avoid this, if possible.
-**Q:** Why am I getting a permission warning for ``/var/www/html/custom_apps/nextbox`` inside the Nextcloud settings overview?
+.. faq:: Why am I getting a permission warning for ``/var/www/html/custom_apps/nextbox`` inside the Nextcloud settings overview?
+
This is a "feature". The NextBox Nextcloud App is installed on the system
with the Debian nextbox package. To avoid an accidental deletion of the NextBox
Nextcloud App from within the Nextcloud app management, the stated directory
can not be written by Nextcloud, this is what Nextcloud is complaining about here.
-**Q:** How can I run Nextcloud's `occ`?
+.. faq:: How can I run Nextcloud's `occ`?
+
As Nextcloud is running inside a Docker container, you need to be root and execute the following:
``docker exec -it -u www-data nextbox-compose_app_1 /var/www/html/occ``
-**Q:** What to do about missing php-modules like `imagemagick`?
+.. faq:: What to do about missing php-modules like `imagemagick`?
+
Similar to Apache, PHP is also provided by the Nextcloud container, therefore as we are using
the stock Nextcloud container this will also only be resolved once this is resolved by
the Nextcloud Team.
-**Q:** Why is my Nextcloud not loading properly, instead I get a white page and a `.htaccess` error?
+.. faq:: Why is my Nextcloud not loading properly, instead I get a white page and a `.htaccess` error?
+
This usually is an indication that the OS has unmounted/detached the internal
hard-drive due to an low-power-incident. Please make sure you read and
understood `USB power `_. In most
diff --git a/source/components/nextbox/faq/remote-access.rst b/source/components/nextbox/faq/remote-access.rst
index cbc0c11d4b..57d6b3388f 100644
--- a/source/components/nextbox/faq/remote-access.rst
+++ b/source/components/nextbox/faq/remote-access.rst
@@ -1,33 +1,38 @@
Remote Access FAQ
=================
-**Q:** What is the correct WebDAV URL?
+.. faq:: What is the correct WebDAV URL?
+
The full URL to use for WebDAV is:
``https://my.domain.tld/remote.php/webdav/``, there have been reports that
for native Windows WebDAV you might need:
``https://my.domain.tld/remote.php/dav/files/USERNAME`` with *USERNAME* being
the username you would like to use.
-**Q:** Can I access my Nextcloud instance using WebDAV?
+.. faq:: Can I access my Nextcloud instance using WebDAV?
+
Yes, please see `Nextcloud WebDAV documentation`_ for a complete overview. A
simple mount for unix-like systems might look like this: ``mount -t davfs
https://my.domain.tld/remote.php/webdav/ /mnt/target/path`` while making sure
that the ``davfs2`` package is installed. For Windows please additionally
read these :doc:`docs <../clients/windows>`.
-**Q:**: Why does my Android smartphone's browser not open: ``http://nextbox.local``
+.. faq:: Why does my Android smartphone's browser not open: ``http://nextbox.local``
+
As of today the technology needed to use ``.local`` URLs is not supported by various (stock)
Android browser(s). The mechanism is based on ``mDNS``. One possible workaround is to use a
3rd party app like BonjourBrowser to discover all mDNS services in your network.
-**Q:**: Why does accessing my NextBox using: ``http://nextbox.local`` not work?
+.. faq:: Why does accessing my NextBox using: ``http://nextbox.local`` not work?
+
There are several other reasons why the access using ``http://nextbox.local`` may not work,
further known scenarios are:
* Using a Fritz!Box with the NextBox being connected via a LAN port and the client/browser is
connected to the network via WiFI (WLAN), the Fritz!Box will block mDNS.
-**Q:**: I followed all guides and still cannot acquire the TLS certificate, what can I do?
+.. faq:: I followed all guides and still cannot acquire the TLS certificate, what can I do?
+
The reason a TLS certificate cannot be acquired is nearly always the fact that
your NextBox is not reachable from the internet. Make sure you have followed
the :doc:`../remote/walkthrough`. If you followed the step-by-step
@@ -37,7 +42,8 @@ Remote Access FAQ
your router and thus blocking the traffic on port(s) 80 and/or 443. Switch
them off and retry acquiring your TLS certificate.
-**Q:** Why is my reachability with IPv4 not working?
+.. faq:: Why is my reachability with IPv4 not working?
+
If you have properly set up :doc:`port forwarding <../remote/port-forwarding>`
and IPv4 connections (reachability test) are still not working there are good
chances that your Internet-Service-Provider (ISP) does not provide a proper
@@ -50,7 +56,8 @@ Remote Access FAQ
connections**, which should enable full bi-directional traffic for IPv4 and
IPv6.
-**Q:** Why do some devices fail to connect for my IPv6 configured NextBox?
+.. faq:: Why do some devices fail to connect for my IPv6 configured NextBox?
+
Sadly, still not all ISPs and mobile-network providers (smartphones) do have
full IPv6 support activated. This means, if your NextBox is configured for IPv6
only access, devices inside these networks will not be able to connect. The
diff --git a/source/components/nextbox/faq/software.rst b/source/components/nextbox/faq/software.rst
index 7019cb4b36..a9070482de 100644
--- a/source/components/nextbox/faq/software.rst
+++ b/source/components/nextbox/faq/software.rst
@@ -1,29 +1,35 @@
Software FAQ
============
-**Q:** What kind of public key is expected for SSH access?
+.. faq:: What kind of public key is expected for SSH access?
+
An openssh style (public) key is expected. Depending on your operating system there are different
ways to determine your public key. One might be ``ssh-add -L``, another might be
``cat ~/.ssh/id_rsa.pub``. If you are using Putty, please see the `Putty documentation`_.
-**Q:** Can the operating system be extended or configured manually?
+.. faq:: Can the operating system be extended or configured manually?
+
Yes, you can set up ssh access through the NextBox Nextcloud app. Afterwards you can access your
NextBox using ssh and you can do with the system whatever you want. Obviously we will only provide
support for the NextBox stock configuration.
-**Q:** Where can I see a changelog for the NextBox versions?
+.. faq:: Where can I see a changelog for the NextBox versions?
+
Currently only here: `Launchpad NextBox`_
-**Q:** How can I update the Operating System?
+.. faq:: How can I update the Operating System?
+
There is no need to update the NextBox OS by hand. This is done using ``unattended-upgrades`` and
on top the *nextbox-daemon* will check for upgrades manually (as a redundant fallback solution)
on every start. You are free to update your OS by hand using ``apt``, if you know what you are
doing.
-**Q:** Is the NextBox running a 32bit or 64bit operating system?
+.. faq:: Is the NextBox running a 32bit or 64bit operating system?
+
The used OS is a 64bit system. The ``arch`` output: `aarch64`.
-**Q:** Which users and default passwords are created by default on the NextBox's operating system?
+.. faq:: Which users and default passwords are created by default on the NextBox's operating system?
+
There is not one single default password set on any (system) user. The only non-system user created
is named ``nextuser``, without a default password. The only way to access the NextBox is using ``ssh``
with a public key, which can be set via the NextBox App.
diff --git a/source/components/nitrokeys/features/encrypted-storage/index.rst b/source/components/nitrokeys/features/encrypted-storage/index.rst
index 469934c1d0..d63dcd9498 100644
--- a/source/components/nitrokeys/features/encrypted-storage/index.rst
+++ b/source/components/nitrokeys/features/encrypted-storage/index.rst
@@ -1,28 +1,7 @@
Encrypted Mobile Storage
========================
-.. list-table::
- :width: 100%
- :header-rows: 1
- :class: products-table
-
- * - `Nitrokey 3 `_
- - `Nitrokey Passkey `_
- - `Nitrokey FIDO2 `_
- - `Nitrokey U2F `_
- - `Nitrokey HSM 2 `_
- - `Nitrokey Pro 2 `_
- - `Nitrokey Start `_
- - `Nitrokey Storage 2 `_
-
- * - ⨯
- - ⨯
- - ⨯
- - ⨯
- - ⨯
- - ⨯
- - ⨯
- - ✓
+.. product-table:: storage
Prior of using the encrypted mobile storage you need to install and initialize the Nitrokey Storage and download the latest `Nitrokey App `__.
diff --git a/source/components/nitrokeys/features/fido2/index.rst b/source/components/nitrokeys/features/fido2/index.rst
index e97bb27a1c..996118a0b4 100644
--- a/source/components/nitrokeys/features/fido2/index.rst
+++ b/source/components/nitrokeys/features/fido2/index.rst
@@ -1,30 +1,7 @@
FIDO2
=====
-.. section products-begin
-.. list-table::
- :width: 100%
- :header-rows: 1
- :class: products-table
-
- * - `Nitrokey 3 `_
- - `Nitrokey Passkey `_
- - `Nitrokey FIDO2 `_
- - `Nitrokey U2F `_
- - `Nitrokey HSM 2 `_
- - `Nitrokey Pro 2 `_
- - `Nitrokey Start `_
- - `Nitrokey Storage 2 `_
-
- * - ✓
- - ✓
- - ✓
- - ⨯
- - ⨯
- - ⨯
- - ⨯
- - ⨯
-.. section products-end
+.. product-table:: nk3 passkey fido2
.. toctree::
:maxdepth: 1
@@ -32,4 +9,4 @@ FIDO2
Website Login
Nextcloud Login
- Passwordless Microsoft Login (Windows only)
\ No newline at end of file
+ Passwordless Microsoft Login (Windows only)
diff --git a/source/components/nitrokeys/features/fido2/nextcloud.rst b/source/components/nitrokeys/features/fido2/nextcloud.rst
index 0d3eda183d..a37f15b81f 100644
--- a/source/components/nitrokeys/features/fido2/nextcloud.rst
+++ b/source/components/nitrokeys/features/fido2/nextcloud.rst
@@ -1,9 +1,7 @@
Two-Factor Authentication And Passwordless Login For Nextcloud Accounts
=======================================================================
-.. include:: index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: fido2 nk3 passkey
These are the basic steps for registering the Nitrokey as a second factor or setting up passwordless login of a Nextcloud account.
diff --git a/source/components/nitrokeys/features/fido2/passwordless-microsoft.rst b/source/components/nitrokeys/features/fido2/passwordless-microsoft.rst
index 982945373a..3d83059b95 100644
--- a/source/components/nitrokeys/features/fido2/passwordless-microsoft.rst
+++ b/source/components/nitrokeys/features/fido2/passwordless-microsoft.rst
@@ -1,9 +1,7 @@
Passwordless Authentication With Microsoft
==========================================
-.. include:: index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: nk3 passkey fido2
.. contents:: :local:
diff --git a/source/components/nitrokeys/features/fido2/website.rst b/source/components/nitrokeys/features/fido2/website.rst
index 0e4deda8fa..d11ecc28f3 100644
--- a/source/components/nitrokeys/features/fido2/website.rst
+++ b/source/components/nitrokeys/features/fido2/website.rst
@@ -1,9 +1,7 @@
2FA Website Login
=================
-.. include:: index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: nk3 fido2 passkey u2f
.. contents:: :local:
diff --git a/source/components/nitrokeys/features/hidden-storage/index.rst b/source/components/nitrokeys/features/hidden-storage/index.rst
index 19c557a539..5e814126e8 100644
--- a/source/components/nitrokeys/features/hidden-storage/index.rst
+++ b/source/components/nitrokeys/features/hidden-storage/index.rst
@@ -1,28 +1,7 @@
Hidden Volumes
==============
-.. list-table::
- :width: 100%
- :header-rows: 1
- :class: products-table
-
- * - `Nitrokey 3 `_
- - `Nitrokey Passkey `_
- - `Nitrokey FIDO2 `_
- - `Nitrokey U2F `_
- - `Nitrokey HSM 2 `_
- - `Nitrokey Pro 2 `_
- - `Nitrokey Start `_
- - `Nitrokey Storage 2 `_
-
- * - ⨯
- - ⨯
- - ⨯
- - ⨯
- - ⨯
- - ⨯
- - ⨯
- - ✓
+.. product-table:: storage
Hidden volumes allow hiding data inside of the encrypted volume. This data is protected by an additional passphrase. Without the passphrase, it is impossible to know whether hidden volumes are present.
They are not configured with a default password so that their existence can be `denied plausibly `__.
@@ -96,4 +75,4 @@ Using hidden volumes
.. figure:: images/hidden/format-tool.png
:alt: Windows formating tool
-4. Make sure to unmount/eject all partitions on the hidden volumes before locking or disconnecting the Nitrokey.
\ No newline at end of file
+4. Make sure to unmount/eject all partitions on the hidden volumes before locking or disconnecting the Nitrokey.
diff --git a/source/components/nitrokeys/features/hsm/apache2-tls.rst b/source/components/nitrokeys/features/hsm/apache2-tls.rst
index eb7269a511..f3c99dc3fe 100644
--- a/source/components/nitrokeys/features/hsm/apache2-tls.rst
+++ b/source/components/nitrokeys/features/hsm/apache2-tls.rst
@@ -1,9 +1,7 @@
TLS Setup With Apache2
======================
-.. include:: index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: hsm
.. contents:: :local:
diff --git a/source/components/nitrokeys/features/hsm/dnssec.rst b/source/components/nitrokeys/features/hsm/dnssec.rst
index dcb64e2ad3..15dd50e33b 100644
--- a/source/components/nitrokeys/features/hsm/dnssec.rst
+++ b/source/components/nitrokeys/features/hsm/dnssec.rst
@@ -1,9 +1,8 @@
DNSSEC
======================
-.. include:: index.rst
- :start-after: products-begin
- :end-before: products-end
+
+.. product-table:: hsm
.. contents:: :local:
diff --git a/source/components/nitrokeys/features/hsm/import-keys-certs.rst b/source/components/nitrokeys/features/hsm/import-keys-certs.rst
index 758d5d0161..36c4eb8187 100644
--- a/source/components/nitrokeys/features/hsm/import-keys-certs.rst
+++ b/source/components/nitrokeys/features/hsm/import-keys-certs.rst
@@ -1,9 +1,7 @@
Importing Keys And Certificates
===============================
-.. include:: index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: hsm
.. contents:: :local:
diff --git a/source/components/nitrokeys/features/hsm/index.rst b/source/components/nitrokeys/features/hsm/index.rst
index 42c7c7eee8..238796b252 100644
--- a/source/components/nitrokeys/features/hsm/index.rst
+++ b/source/components/nitrokeys/features/hsm/index.rst
@@ -1,30 +1,7 @@
HSM Features
============
-.. section products-begin
-.. list-table::
- :width: 100%
- :header-rows: 1
- :class: products-table
-
- * - `Nitrokey 3 `_
- - `Nitrokey Passkey `_
- - `Nitrokey FIDO2 `_
- - `Nitrokey U2F `_
- - `Nitrokey HSM 2 `_
- - `Nitrokey Pro 2 `_
- - `Nitrokey Start `_
- - `Nitrokey Storage 2 `_
-
- * - ⨯
- - ⨯
- - ⨯
- - ⨯
- - ✓
- - ⨯
- - ⨯
- - ⨯
-.. section products-end
+.. product-table:: hsm
.. toctree::
:maxdepth: 1
@@ -41,4 +18,4 @@ HSM Features
Ipsec (Linux only) <../openpgp-card/ipsec>
N-of-m Schemes
Pkcs11-URL
- Apache 2 TLS
\ No newline at end of file
+ Apache 2 TLS
diff --git a/source/components/nitrokeys/features/hsm/n-of-m-schemes.rst b/source/components/nitrokeys/features/hsm/n-of-m-schemes.rst
index f309c6ef01..4d3a885864 100644
--- a/source/components/nitrokeys/features/hsm/n-of-m-schemes.rst
+++ b/source/components/nitrokeys/features/hsm/n-of-m-schemes.rst
@@ -1,9 +1,8 @@
N-of-m Schemes
==============
-.. include:: index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: hsm
+
The Nitrokey HSM 2 supports two different n-of-m schemes - one for secure sharing of key material/passwords and one for public key authentication to control the access to the device. Please see `this blog post `__ for more detailed information.
diff --git a/source/components/nitrokeys/features/hsm/pkcs11-url.rst b/source/components/nitrokeys/features/hsm/pkcs11-url.rst
index 348a3d94bb..6412ccf12a 100644
--- a/source/components/nitrokeys/features/hsm/pkcs11-url.rst
+++ b/source/components/nitrokeys/features/hsm/pkcs11-url.rst
@@ -1,9 +1,7 @@
PKCS#11 URL Generation
======================
-.. include:: index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: hsm
.. contents:: :local:
diff --git a/source/components/nitrokeys/features/misc/automatic-screen-lock.rst b/source/components/nitrokeys/features/misc/automatic-screen-lock.rst
index 720a371e87..7515d127a6 100644
--- a/source/components/nitrokeys/features/misc/automatic-screen-lock.rst
+++ b/source/components/nitrokeys/features/misc/automatic-screen-lock.rst
@@ -1,30 +1,7 @@
Automatic Screen Lock at Removal
================================
-.. section products-begin
-.. list-table::
- :width: 100%
- :header-rows: 1
- :class: products-table
-
- * - `Nitrokey 3 `_
- - `Nitrokey Passkey `_
- - `Nitrokey FIDO2 `_
- - `Nitrokey U2F `_
- - `Nitrokey HSM 2 `_
- - `Nitrokey Pro 2 `_
- - `Nitrokey Start `_
- - `Nitrokey Storage 2 `_
-
- * - ⨯
- - ⨯
- - ⨯
- - ⨯
- - ✓
- - ✓
- - ⨯
- - ✓
-.. section products-end
+.. product-table:: all
.. contents:: :local:
diff --git a/source/components/nitrokeys/features/misc/ecc.rst b/source/components/nitrokeys/features/misc/ecc.rst
index c6563c4d6b..659e81d5cd 100644
--- a/source/components/nitrokeys/features/misc/ecc.rst
+++ b/source/components/nitrokeys/features/misc/ecc.rst
@@ -1,30 +1,8 @@
Elliptic Curves (ECC) Support
=============================
-.. section products-begin
-.. list-table::
- :width: 100%
- :header-rows: 1
- :class: products-table
-
- * - `Nitrokey 3 `_
- - `Nitrokey Passkey `_
- - `Nitrokey FIDO2 `_
- - `Nitrokey U2F `_
- - `Nitrokey HSM 2 `_
- - `Nitrokey Pro 2 `_
- - `Nitrokey Start `_
- - `Nitrokey Storage 2 `_
-
- * - ⨯
- - ⨯
- - ⨯
- - ⨯
- - ⨯
- - ✓
- - ⨯
- - ✓
-.. section products-end
+.. product-table:: nk3 pro storage hsm
+
.. contents:: :local:
diff --git a/source/components/nitrokeys/features/misc/index.rst b/source/components/nitrokeys/features/misc/index.rst
index 245e11bfcd..5c9961fcd1 100644
--- a/source/components/nitrokeys/features/misc/index.rst
+++ b/source/components/nitrokeys/features/misc/index.rst
@@ -5,4 +5,4 @@ Miscellaneous
:maxdepth: 1
Automatic Screen Lock
- Elliptic Curves (ECC) Support
\ No newline at end of file
+ Elliptic Curves (ECC) Support
diff --git a/source/components/nitrokeys/features/openpgp-card/adsk.rst b/source/components/nitrokeys/features/openpgp-card/adsk.rst
index 700cfb80b5..1920f914be 100644
--- a/source/components/nitrokeys/features/openpgp-card/adsk.rst
+++ b/source/components/nitrokeys/features/openpgp-card/adsk.rst
@@ -1,10 +1,7 @@
Additional Decryption Subkeys (ADSK) with GnuPG
===============================================
-.. include:: index.rst
- :start-after: products-begin
- :end-before: products-end
-
+.. product-table:: nk3 pro storage start
.. contents:: :local:
diff --git a/source/components/nitrokeys/features/openpgp-card/certificate-authority.rst b/source/components/nitrokeys/features/openpgp-card/certificate-authority.rst
index b20fe58ee0..9fe1514338 100644
--- a/source/components/nitrokeys/features/openpgp-card/certificate-authority.rst
+++ b/source/components/nitrokeys/features/openpgp-card/certificate-authority.rst
@@ -1,30 +1,7 @@
Creating a Certificate Authority
================================
-.. section products-begin
-.. list-table::
- :width: 100%
- :header-rows: 1
- :class: products-table
-
- * - `Nitrokey 3 `_
- - `Nitrokey Passkey `_
- - `Nitrokey FIDO2 `_
- - `Nitrokey U2F `_
- - `Nitrokey HSM 2 `_
- - `Nitrokey Pro 2 `_
- - `Nitrokey Start `_
- - `Nitrokey Storage 2 `_
-
- * - ✓
- - ⨯
- - ⨯
- - ⨯
- - ✓
- - ✓
- - ✓
- - ✓
-.. section products-end
+.. product-table:: nk3 pro storage hsm
.. contents:: :local:
diff --git a/source/components/nitrokeys/features/openpgp-card/change-pins.rst b/source/components/nitrokeys/features/openpgp-card/change-pins.rst
index 5b949f65e3..1b9a745f6a 100644
--- a/source/components/nitrokeys/features/openpgp-card/change-pins.rst
+++ b/source/components/nitrokeys/features/openpgp-card/change-pins.rst
@@ -1,30 +1,7 @@
Change User and Admin PIN
=========================
-.. section products-begin
-.. list-table::
- :width: 100%
- :header-rows: 1
- :class: products-table
-
- * - `Nitrokey 3 `_
- - `Nitrokey Passkey `_
- - `Nitrokey FIDO2 `_
- - `Nitrokey U2F `_
- - `Nitrokey HSM 2 `_
- - `Nitrokey Pro 2 `_
- - `Nitrokey Start `_
- - `Nitrokey Storage 2 `_
-
- * - ⨯
- - ⨯
- - ⨯
- - ⨯
- - ⨯
- - ✓
- - ⨯
- - ✓
-.. section products-end
+.. product-table:: nk3 pro storage start
.. contents:: :local:
diff --git a/source/components/nitrokeys/features/openpgp-card/desktop-login/index.rst b/source/components/nitrokeys/features/openpgp-card/desktop-login/index.rst
index dce913093a..0ce05910d4 100644
--- a/source/components/nitrokeys/features/openpgp-card/desktop-login/index.rst
+++ b/source/components/nitrokeys/features/openpgp-card/desktop-login/index.rst
@@ -1,13 +1,11 @@
Desktop Login
=============
-.. include:: ../index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: nk3 pro start storage
.. toctree::
:maxdepth: 1
:glob:
Pam (Linux)
- Smart Policy (Windows)
\ No newline at end of file
+ Smart Policy (Windows)
diff --git a/source/components/nitrokeys/features/openpgp-card/desktop-login/pam.rst b/source/components/nitrokeys/features/openpgp-card/desktop-login/pam.rst
index 765b9444e6..ac46bbf714 100644
--- a/source/components/nitrokeys/features/openpgp-card/desktop-login/pam.rst
+++ b/source/components/nitrokeys/features/openpgp-card/desktop-login/pam.rst
@@ -1,9 +1,7 @@
PAM
===
-.. include:: ../index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: nk3 pro storage start
.. contents:: :local:
diff --git a/source/components/nitrokeys/features/openpgp-card/desktop-login/smart-policy.rst b/source/components/nitrokeys/features/openpgp-card/desktop-login/smart-policy.rst
index 4d2d489f97..ecbb862b50 100644
--- a/source/components/nitrokeys/features/openpgp-card/desktop-login/smart-policy.rst
+++ b/source/components/nitrokeys/features/openpgp-card/desktop-login/smart-policy.rst
@@ -1,30 +1,7 @@
Login to Windows Domain Computers With MS Active Directory
==========================================================
-.. section products-begin
-.. list-table::
- :width: 100%
- :header-rows: 1
- :class: products-table
-
- * - `Nitrokey 3 `_
- - `Nitrokey Passkey `_
- - `Nitrokey FIDO2 `_
- - `Nitrokey U2F `_
- - `Nitrokey HSM 2 `_
- - `Nitrokey Pro 2 `_
- - `Nitrokey Start `_
- - `Nitrokey Storage 2 `_
-
- * - ✓
- - ⨯
- - ⨯
- - ⨯
- - ✓
- - ✓
- - ✓
- - ✓
-.. section products-end
+.. product-table:: pro storage nk3
.. contents:: :local:
diff --git a/source/components/nitrokeys/features/openpgp-card/eid.rst b/source/components/nitrokeys/features/openpgp-card/eid.rst
index a735aaf824..98fc432b23 100644
--- a/source/components/nitrokeys/features/openpgp-card/eid.rst
+++ b/source/components/nitrokeys/features/openpgp-card/eid.rst
@@ -1,9 +1,7 @@
Login With EIDAuthenticate on Stand Alone Windows Computers
===========================================================
-.. include:: index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: nk3 storage pro
.. contents:: :local:
diff --git a/source/components/nitrokeys/features/openpgp-card/fedora-gnupg-configuration.rst b/source/components/nitrokeys/features/openpgp-card/fedora-gnupg-configuration.rst
index 82bc3c8ef4..a9eb38c748 100644
--- a/source/components/nitrokeys/features/openpgp-card/fedora-gnupg-configuration.rst
+++ b/source/components/nitrokeys/features/openpgp-card/fedora-gnupg-configuration.rst
@@ -1,9 +1,7 @@
OpenPGP smartcard with GnuPG on Fedora
======================================
-.. include:: index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: nk3 storage pro start
.. note::
The following instructions require the Nitrokey 3 to have at least firmware version ``1.4.0`` installed.
diff --git a/source/components/nitrokeys/features/openpgp-card/gpa.rst b/source/components/nitrokeys/features/openpgp-card/gpa.rst
index 867ee0ac31..c9c5bf26f2 100644
--- a/source/components/nitrokeys/features/openpgp-card/gpa.rst
+++ b/source/components/nitrokeys/features/openpgp-card/gpa.rst
@@ -1,30 +1,7 @@
Setup With Gnu Privacy Assistant (GPA)
=======================================================
-.. section products-begin
-.. list-table::
- :width: 100%
- :header-rows: 1
- :class: products-table
-
- * - `Nitrokey 3 `_
- - `Nitrokey Passkey `_
- - `Nitrokey FIDO2 `_
- - `Nitrokey U2F `_
- - `Nitrokey HSM 2 `_
- - `Nitrokey Pro 2 `_
- - `Nitrokey Start `_
- - `Nitrokey Storage 2 `_
-
- * - ✓
- - ⨯
- - ⨯
- - ⨯
- - ✓
- - ✓
- - ✓
- - ✓
-.. section products-end
+.. product-table:: nk3 pro start storage
This document describes how to use Gnu Privacy Assistant (GPA) to set up the Nitrokey for its first usage.
diff --git a/source/components/nitrokeys/features/openpgp-card/hard-disk-encryption/index.rst b/source/components/nitrokeys/features/openpgp-card/hard-disk-encryption/index.rst
index 75a37952ae..f7e2f9e976 100644
--- a/source/components/nitrokeys/features/openpgp-card/hard-disk-encryption/index.rst
+++ b/source/components/nitrokeys/features/openpgp-card/hard-disk-encryption/index.rst
@@ -1,30 +1,7 @@
Hard Disk Encryption
====================
-.. section products-begin
-.. list-table::
- :width: 100%
- :header-rows: 1
- :class: products-table
-
- * - `Nitrokey 3 `_
- - `Nitrokey Passkey `_
- - `Nitrokey FIDO2 `_
- - `Nitrokey U2F `_
- - `Nitrokey HSM 2 `_
- - `Nitrokey Pro 2 `_
- - `Nitrokey Start `_
- - `Nitrokey Storage 2 `_
-
- * - ✓
- - ⨯
- - ⨯
- - ⨯
- - ✓
- - ✓
- - ✓
- - ✓
-.. section products-end
+.. product-table:: nk3 hsm pro start storage
.. contents:: :local:
diff --git a/source/components/nitrokeys/features/openpgp-card/hard-disk-encryption/luks.rst b/source/components/nitrokeys/features/openpgp-card/hard-disk-encryption/luks.rst
index 83ee3e4c57..c9ecaf7e85 100644
--- a/source/components/nitrokeys/features/openpgp-card/hard-disk-encryption/luks.rst
+++ b/source/components/nitrokeys/features/openpgp-card/hard-disk-encryption/luks.rst
@@ -1,9 +1,7 @@
Full-Disk Encryption With cryptsetup/LUKS
=========================================
-.. include:: index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: nk3 pro storage start
.. contents:: :local:
diff --git a/source/components/nitrokeys/features/openpgp-card/index.rst b/source/components/nitrokeys/features/openpgp-card/index.rst
index 49379782db..d5e256f7fb 100644
--- a/source/components/nitrokeys/features/openpgp-card/index.rst
+++ b/source/components/nitrokeys/features/openpgp-card/index.rst
@@ -1,30 +1,7 @@
OpenPGP Card
============
-.. section products-begin
-.. list-table::
- :width: 100%
- :header-rows: 1
- :class: products-table
-
- * - `Nitrokey 3 `_
- - `Nitrokey Passkey `_
- - `Nitrokey FIDO2 `_
- - `Nitrokey U2F `_
- - `Nitrokey HSM 2 `_
- - `Nitrokey Pro 2 `_
- - `Nitrokey Start `_
- - `Nitrokey Storage 2 `_
-
- * - ✓
- - ⨯
- - ⨯
- - ⨯
- - ⨯
- - ✓
- - ✓
- - ✓
-.. section products-end
+.. product-table:: nk3 pro start storage
.. toctree::
:maxdepth: 1
diff --git a/source/components/nitrokeys/features/openpgp-card/ipsec.rst b/source/components/nitrokeys/features/openpgp-card/ipsec.rst
index add74577d7..03d9dc135a 100644
--- a/source/components/nitrokeys/features/openpgp-card/ipsec.rst
+++ b/source/components/nitrokeys/features/openpgp-card/ipsec.rst
@@ -1,30 +1,7 @@
IPSec
=====
-.. section products-begin
-.. list-table::
- :width: 100%
- :header-rows: 1
- :class: products-table
-
- * - `Nitrokey 3 `_
- - `Nitrokey Passkey `_
- - `Nitrokey FIDO2 `_
- - `Nitrokey U2F `_
- - `Nitrokey HSM 2 `_
- - `Nitrokey Pro 2 `_
- - `Nitrokey Start `_
- - `Nitrokey Storage 2 `_
-
- * - ✓
- - ⨯
- - ⨯
- - ⨯
- - ✓
- - ✓
- - ✓
- - ✓
-.. section products-end
+.. product-table:: nk3 storage start pro
.. contents:: :local:
diff --git a/source/components/nitrokeys/features/openpgp-card/openpgp-csp.rst b/source/components/nitrokeys/features/openpgp-card/openpgp-csp.rst
index c1c8272e31..120145ea05 100644
--- a/source/components/nitrokeys/features/openpgp-card/openpgp-csp.rst
+++ b/source/components/nitrokeys/features/openpgp-card/openpgp-csp.rst
@@ -1,9 +1,7 @@
Windows Login and S/MIME Email Encryption with Active Directory
===============================================================
-.. include:: index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: nk3 pro storage start
.. contents:: :local:
diff --git a/source/components/nitrokeys/features/openpgp-card/openpgp-keygen-backup.rst b/source/components/nitrokeys/features/openpgp-card/openpgp-keygen-backup.rst
index 5573924656..3889de33f9 100644
--- a/source/components/nitrokeys/features/openpgp-card/openpgp-keygen-backup.rst
+++ b/source/components/nitrokeys/features/openpgp-card/openpgp-keygen-backup.rst
@@ -1,9 +1,7 @@
OpenPGP Key Generation With Backup
==================================
-.. include:: index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: nk3 pro storage start
.. contents:: :local:
diff --git a/source/components/nitrokeys/features/openpgp-card/openpgp-keygen-gpa.rst b/source/components/nitrokeys/features/openpgp-card/openpgp-keygen-gpa.rst
index 4c7a3b382a..eb9e580cbb 100644
--- a/source/components/nitrokeys/features/openpgp-card/openpgp-keygen-gpa.rst
+++ b/source/components/nitrokeys/features/openpgp-card/openpgp-keygen-gpa.rst
@@ -1,9 +1,7 @@
OpenPGP Key Generation Using GPA
================================
-.. include:: index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: nk3 storage start pro
.. contents:: :local:
diff --git a/source/components/nitrokeys/features/openpgp-card/openpgp-keygen-on-device.rst b/source/components/nitrokeys/features/openpgp-card/openpgp-keygen-on-device.rst
index b44bf2940c..78e64ddb2e 100644
--- a/source/components/nitrokeys/features/openpgp-card/openpgp-keygen-on-device.rst
+++ b/source/components/nitrokeys/features/openpgp-card/openpgp-keygen-on-device.rst
@@ -1,9 +1,7 @@
OpenPGP Key Generation On-Device
================================
-.. include:: index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: pro nk3 start storage
.. contents:: :local:
diff --git a/source/components/nitrokeys/features/openpgp-card/openpgp-outlook.rst b/source/components/nitrokeys/features/openpgp-card/openpgp-outlook.rst
index 9fb5e72b20..4d3f710ab2 100644
--- a/source/components/nitrokeys/features/openpgp-card/openpgp-outlook.rst
+++ b/source/components/nitrokeys/features/openpgp-card/openpgp-outlook.rst
@@ -1,9 +1,7 @@
OpenPGP Email Encryption with Outlook
=====================================
-.. include:: index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: nk3 pro storage start
.. contents:: :local:
diff --git a/source/components/nitrokeys/features/openpgp-card/openpgp-thunderbird.rst b/source/components/nitrokeys/features/openpgp-card/openpgp-thunderbird.rst
index 40adce8072..43c15ab3a4 100644
--- a/source/components/nitrokeys/features/openpgp-card/openpgp-thunderbird.rst
+++ b/source/components/nitrokeys/features/openpgp-card/openpgp-thunderbird.rst
@@ -1,9 +1,7 @@
OpenPGP Email Encryption With Thunderbird
=========================================
-.. include:: index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: nk3 pro storage start
.. contents:: :local:
diff --git a/source/components/nitrokeys/features/openpgp-card/openvpn/easyrsa.rst b/source/components/nitrokeys/features/openpgp-card/openvpn/easyrsa.rst
index 3c174e1b5c..12db0223b3 100644
--- a/source/components/nitrokeys/features/openpgp-card/openvpn/easyrsa.rst
+++ b/source/components/nitrokeys/features/openpgp-card/openvpn/easyrsa.rst
@@ -1,9 +1,7 @@
OpenVPN Configuration with Easy-RSA
===================================
-.. include:: ../index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: nk3 pro hsm storage start
.. contents:: :local:
:depth: 2
diff --git a/source/components/nitrokeys/features/openpgp-card/openvpn/index.rst b/source/components/nitrokeys/features/openpgp-card/openvpn/index.rst
index 2ebab4e8ee..6c924789ce 100644
--- a/source/components/nitrokeys/features/openpgp-card/openvpn/index.rst
+++ b/source/components/nitrokeys/features/openpgp-card/openvpn/index.rst
@@ -1,12 +1,10 @@
OpenVPN
=======
-.. include:: ../index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: nk3 storage pro start
.. toctree::
:maxdepth: 1
EasyRSA
- Viscosity
\ No newline at end of file
+ Viscosity
diff --git a/source/components/nitrokeys/features/openpgp-card/openvpn/viscosity.rst b/source/components/nitrokeys/features/openpgp-card/openvpn/viscosity.rst
index e7e92bee65..84c4feecef 100644
--- a/source/components/nitrokeys/features/openpgp-card/openvpn/viscosity.rst
+++ b/source/components/nitrokeys/features/openpgp-card/openvpn/viscosity.rst
@@ -1,13 +1,7 @@
-
-
-
-
Viscosity Client Configuration with OpenVPN
===========================================
-.. include:: ../index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: nk3 start pro storage
.. contents:: :local:
diff --git a/source/components/nitrokeys/features/openpgp-card/overview.rst b/source/components/nitrokeys/features/openpgp-card/overview.rst
index e962caf9a3..4942e7255a 100644
--- a/source/components/nitrokeys/features/openpgp-card/overview.rst
+++ b/source/components/nitrokeys/features/openpgp-card/overview.rst
@@ -1,9 +1,7 @@
OpenPGP Email Encryption
========================
-.. include:: index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: nk3 start pro storage
There are two widely used standards for email encryption.
@@ -84,4 +82,4 @@ You can find further information about the usage on these pages:
Certificate-authority
- GnuPG with Fedora
\ No newline at end of file
+ GnuPG with Fedora
diff --git a/source/components/nitrokeys/features/openpgp-card/smime/index.rst b/source/components/nitrokeys/features/openpgp-card/smime/index.rst
index 122582d251..0eda58c4c4 100644
--- a/source/components/nitrokeys/features/openpgp-card/smime/index.rst
+++ b/source/components/nitrokeys/features/openpgp-card/smime/index.rst
@@ -1,30 +1,7 @@
S/MIME Email Encryption
=======================
-.. section products-begin
-.. list-table::
- :width: 100%
- :header-rows: 1
- :class: products-table
-
- * - `Nitrokey 3 `_
- - `Nitrokey Passkey `_
- - `Nitrokey FIDO2 `_
- - `Nitrokey U2F `_
- - `Nitrokey HSM 2 `_
- - `Nitrokey Pro 2 `_
- - `Nitrokey Start `_
- - `Nitrokey Storage 2 `_
-
- * - ✓
- - ⨯
- - ⨯
- - ⨯
- - ✓
- - ✓
- - ✓
- - ✓
-.. section products-end
+.. product-table:: nk3 pro storage start
.. contents:: :local:
diff --git a/source/components/nitrokeys/features/openpgp-card/smime/smime-outlook.rst b/source/components/nitrokeys/features/openpgp-card/smime/smime-outlook.rst
index 417b8291d9..dde5f569c4 100644
--- a/source/components/nitrokeys/features/openpgp-card/smime/smime-outlook.rst
+++ b/source/components/nitrokeys/features/openpgp-card/smime/smime-outlook.rst
@@ -1,9 +1,7 @@
S/MIME Email Encryption with Outlook
====================================
-.. include:: index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: nk3 pro start storage
.. contents:: :local:
diff --git a/source/components/nitrokeys/features/openpgp-card/smime/smime-thunderbird.rst b/source/components/nitrokeys/features/openpgp-card/smime/smime-thunderbird.rst
index e70c3eaa38..95bae5b413 100644
--- a/source/components/nitrokeys/features/openpgp-card/smime/smime-thunderbird.rst
+++ b/source/components/nitrokeys/features/openpgp-card/smime/smime-thunderbird.rst
@@ -1,9 +1,7 @@
S/MIME Email Encryption with Thunderbird
========================================
-.. include:: index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: nk3 pro start storage
.. contents:: :local:
diff --git a/source/components/nitrokeys/features/openpgp-card/ssh/index.rst b/source/components/nitrokeys/features/openpgp-card/ssh/index.rst
index 327e42e966..9cb047c392 100644
--- a/source/components/nitrokeys/features/openpgp-card/ssh/index.rst
+++ b/source/components/nitrokeys/features/openpgp-card/ssh/index.rst
@@ -1,9 +1,7 @@
SSH
===
-.. include:: ../index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: nk3 pro start storage
This guide explains how to prepare your SSH server and client for use with the Nitrokey.
For configuring PuTTY, see this guide:
diff --git a/source/components/nitrokeys/features/openpgp-card/ssh/putty.rst b/source/components/nitrokeys/features/openpgp-card/ssh/putty.rst
index 7c89381fde..74df260ddf 100644
--- a/source/components/nitrokeys/features/openpgp-card/ssh/putty.rst
+++ b/source/components/nitrokeys/features/openpgp-card/ssh/putty.rst
@@ -1,9 +1,7 @@
PuTTY
=====
-.. include:: ../index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: nk3 start storage pro hsm
.. contents:: :local:
diff --git a/source/components/nitrokeys/features/openpgp-card/stunnel.rst b/source/components/nitrokeys/features/openpgp-card/stunnel.rst
index 60cc589bc4..ddd032f037 100644
--- a/source/components/nitrokeys/features/openpgp-card/stunnel.rst
+++ b/source/components/nitrokeys/features/openpgp-card/stunnel.rst
@@ -1,30 +1,7 @@
Stunnel
=======
-.. section products-begin
-.. list-table::
- :width: 100%
- :header-rows: 1
- :class: products-table
-
- * - `Nitrokey 3 `_
- - `Nitrokey Passkey `_
- - `Nitrokey FIDO2 `_
- - `Nitrokey U2F `_
- - `Nitrokey HSM 2 `_
- - `Nitrokey Pro 2 `_
- - `Nitrokey Start `_
- - `Nitrokey Storage 2 `_
-
- * - ✓
- - ⨯
- - ⨯
- - ⨯
- - ✓
- - ✓
- - ✓
- - ✓
-.. section products-end
+.. product-table:: hsm pro storage start nk3
.. contents:: :local:
diff --git a/source/components/nitrokeys/features/openpgp-card/uif.rst b/source/components/nitrokeys/features/openpgp-card/uif.rst
index 568043fabf..1662ff02e9 100644
--- a/source/components/nitrokeys/features/openpgp-card/uif.rst
+++ b/source/components/nitrokeys/features/openpgp-card/uif.rst
@@ -1,30 +1,7 @@
OpenPGP Touch Confirmation (UIF)
================================
-.. section products-begin
-.. list-table::
- :width: 100%
- :header-rows: 1
- :class: products-table
-
- * - `Nitrokey 3 `_
- - `Nitrokey Passkey `_
- - `Nitrokey FIDO2 `_
- - `Nitrokey U2F `_
- - `Nitrokey HSM 2 `_
- - `Nitrokey Pro 2 `_
- - `Nitrokey Start `_
- - `Nitrokey Storage 2 `_
-
- * - ✓
- - ⨯
- - ⨯
- - ⨯
- - ⨯
- - ⨯
- - ⨯
- - ⨯
-.. section products-end
+.. product-table:: nk3
.. contents:: :local:
diff --git a/source/components/nitrokeys/features/password-safe/index.rst b/source/components/nitrokeys/features/password-safe/index.rst
index 31eb0e69a9..0adfe1d23e 100644
--- a/source/components/nitrokeys/features/password-safe/index.rst
+++ b/source/components/nitrokeys/features/password-safe/index.rst
@@ -1,32 +1,10 @@
Password Safe
=============
-
-.. list-table::
- :width: 100%
- :header-rows: 1
- :class: products-table
-
- * - `Nitrokey 3 `_
- - `Nitrokey Passkey `_
- - `Nitrokey FIDO2 `_
- - `Nitrokey U2F `_
- - `Nitrokey HSM 2 `_
- - `Nitrokey Pro 2 `_
- - `Nitrokey Start `_
- - `Nitrokey Storage 2 `_
-
- * - ✓
- - ⨯
- - ⨯
- - ⨯
- - ⨯
- - ⨯
- - ⨯
- - ⨯
+.. product-table:: nk3
.. toctree::
:maxdepth: 1
:glob:
- KeepassXC <../../../software/nk-app2/keepassxc>
\ No newline at end of file
+ KeepassXC <../../../software/nk-app2/keepassxc>
diff --git a/source/components/nitrokeys/features/piv/access_control.rst b/source/components/nitrokeys/features/piv/access_control.rst
index fec07de9f8..cf2474adc5 100644
--- a/source/components/nitrokeys/features/piv/access_control.rst
+++ b/source/components/nitrokeys/features/piv/access_control.rst
@@ -1,9 +1,7 @@
Access Control
==============
-.. include:: index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: nk3
The following access matrix shows what authentication a certain operation requires.
diff --git a/source/components/nitrokeys/features/piv/certificate_management.rst b/source/components/nitrokeys/features/piv/certificate_management.rst
index d8ecb46144..0ca40422cc 100644
--- a/source/components/nitrokeys/features/piv/certificate_management.rst
+++ b/source/components/nitrokeys/features/piv/certificate_management.rst
@@ -1,9 +1,7 @@
Certificate Management
======================
-.. include:: index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: nk3
Every private key has a certificate associated. The certificates can be read and written.
The size of a certificate is limited by the transport layer and about 6kB.
diff --git a/source/components/nitrokeys/features/piv/factory_reset.rst b/source/components/nitrokeys/features/piv/factory_reset.rst
index 587c33596b..92790d776c 100644
--- a/source/components/nitrokeys/features/piv/factory_reset.rst
+++ b/source/components/nitrokeys/features/piv/factory_reset.rst
@@ -1,9 +1,7 @@
Factory Reset
=============
-.. include:: index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: nk3
The PIV application can be reset to factory defaults.
It can only be reset if the PIN and PUK are blocked.
diff --git a/source/components/nitrokeys/features/piv/guides/client_logon_with_active_directory.rst b/source/components/nitrokeys/features/piv/guides/client_logon_with_active_directory.rst
index b1caaf0108..2317314070 100644
--- a/source/components/nitrokeys/features/piv/guides/client_logon_with_active_directory.rst
+++ b/source/components/nitrokeys/features/piv/guides/client_logon_with_active_directory.rst
@@ -1,9 +1,7 @@
Client Logon with Active Directory
==================================
-.. include:: ../index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: nk3
This document explains how to use the PIV application of a Nitrokey 3 for smartcard logon with Active Directory.
diff --git a/source/components/nitrokeys/features/piv/guides/index.rst b/source/components/nitrokeys/features/piv/guides/index.rst
index 7118942771..85cb42f061 100644
--- a/source/components/nitrokeys/features/piv/guides/index.rst
+++ b/source/components/nitrokeys/features/piv/guides/index.rst
@@ -1,12 +1,10 @@
Guides
======
-.. include:: ../index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: nk3
.. toctree::
:maxdepth: 1
:glob:
- client_logon_with_active_directory.rst
\ No newline at end of file
+ client_logon_with_active_directory.rst
diff --git a/source/components/nitrokeys/features/piv/index.rst b/source/components/nitrokeys/features/piv/index.rst
index 28bad4cf71..0781b727c5 100644
--- a/source/components/nitrokeys/features/piv/index.rst
+++ b/source/components/nitrokeys/features/piv/index.rst
@@ -1,30 +1,7 @@
PIV (Personal Identity Verification)
====================================
-.. section products-begin
-.. list-table::
- :width: 100%
- :header-rows: 1
- :class: products-table
-
- * - `Nitrokey 3 `_
- - `Nitrokey Passkey `_
- - `Nitrokey FIDO2 `_
- - `Nitrokey U2F `_
- - `Nitrokey HSM 2 `_
- - `Nitrokey Pro 2 `_
- - `Nitrokey Start `_
- - `Nitrokey Storage 2 `_
-
- * - ✓
- - ⨯
- - ⨯
- - ⨯
- - ⨯
- - ⨯
- - ⨯
- - ⨯
-.. section products-end
+.. product-table:: nk3
.. warning::
The PIV application of the Nitrokey 3 is currently considered unstable and is not available on the stable firmware releases.
diff --git a/source/components/nitrokeys/features/piv/key_management.rst b/source/components/nitrokeys/features/piv/key_management.rst
index 3cd237c493..1cc4dbf6c3 100644
--- a/source/components/nitrokeys/features/piv/key_management.rst
+++ b/source/components/nitrokeys/features/piv/key_management.rst
@@ -1,9 +1,8 @@
Key Management
==============
-.. include:: index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: nk3
+
Key Slots
---------
diff --git a/source/components/nitrokeys/features/totp/general.rst b/source/components/nitrokeys/features/totp/general.rst
index 20b5941557..17a1fc24fe 100644
--- a/source/components/nitrokeys/features/totp/general.rst
+++ b/source/components/nitrokeys/features/totp/general.rst
@@ -1,9 +1,7 @@
Two-factor Authentication with One-Time Passwords (OTP)
=======================================================
-.. include:: index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: nk3 pro storage
.. contents:: :local:
diff --git a/source/components/nitrokeys/features/totp/google.rst b/source/components/nitrokeys/features/totp/google.rst
index 41bef000c3..05ad61e15d 100644
--- a/source/components/nitrokeys/features/totp/google.rst
+++ b/source/components/nitrokeys/features/totp/google.rst
@@ -1,9 +1,7 @@
Two-factor Authentication for Google
====================================
-.. include:: index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: nk3 pro storage
.. contents:: :local:
diff --git a/source/components/nitrokeys/features/totp/index.rst b/source/components/nitrokeys/features/totp/index.rst
index c70a65aec6..a430ec8963 100644
--- a/source/components/nitrokeys/features/totp/index.rst
+++ b/source/components/nitrokeys/features/totp/index.rst
@@ -1,30 +1,7 @@
Two-factor Authentication with One-Time Passwords (OTP)
=======================================================
-.. section products-begin
-.. list-table::
- :width: 100%
- :header-rows: 1
- :class: products-table
-
- * - `Nitrokey 3 `_
- - `Nitrokey Passkey `_
- - `Nitrokey FIDO2 `_
- - `Nitrokey U2F `_
- - `Nitrokey HSM 2 `_
- - `Nitrokey Pro 2 `_
- - `Nitrokey Start `_
- - `Nitrokey Storage 2 `_
-
- * - ✓
- - ⨯
- - ⨯
- - ⨯
- - ⨯
- - ✓
- - ⨯
- - ✓
-.. section products-end
+.. product-table:: nk3 pro storage
.. toctree::
:maxdepth: 1
diff --git a/source/components/nitrokeys/features/totp/microsoft.rst b/source/components/nitrokeys/features/totp/microsoft.rst
index a12f8d5dcb..7a7f7fa819 100644
--- a/source/components/nitrokeys/features/totp/microsoft.rst
+++ b/source/components/nitrokeys/features/totp/microsoft.rst
@@ -1,9 +1,7 @@
Two-factor Authentication for Microsoft Account
===============================================
-.. include:: index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: nk3 pro storage
.. contents:: :local:
diff --git a/source/components/nitrokeys/features/totp/nextcloud.rst b/source/components/nitrokeys/features/totp/nextcloud.rst
index 43a23c32a7..ae9d126836 100644
--- a/source/components/nitrokeys/features/totp/nextcloud.rst
+++ b/source/components/nitrokeys/features/totp/nextcloud.rst
@@ -1,9 +1,7 @@
Two-factor Authentication for Nextcloud accounts
================================================
-.. include:: index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: nk3 pro storage
.. contents:: :local:
diff --git a/source/components/nitrokeys/features/u2f/2fa.rst b/source/components/nitrokeys/features/u2f/2fa.rst
index 538bd25367..06804b705e 100644
--- a/source/components/nitrokeys/features/u2f/2fa.rst
+++ b/source/components/nitrokeys/features/u2f/2fa.rst
@@ -1,9 +1,7 @@
Two-Factor Authentication (2FA)
===============================
-.. include:: index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: fido2 u2f nk3 passkey
1. Open one of the `websites that support FIDO
U2F `__.
diff --git a/source/components/nitrokeys/features/u2f/desktop-login.rst b/source/components/nitrokeys/features/u2f/desktop-login.rst
index 20b634a06d..11a073e50b 100644
--- a/source/components/nitrokeys/features/u2f/desktop-login.rst
+++ b/source/components/nitrokeys/features/u2f/desktop-login.rst
@@ -1,9 +1,7 @@
Desktop Login And Linux User Authentication
===========================================
-.. include:: index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: nk3 u2f fido2 passkey
.. contents:: :local:
diff --git a/source/components/nitrokeys/features/u2f/index.rst b/source/components/nitrokeys/features/u2f/index.rst
index b225612369..0a2843ea0f 100644
--- a/source/components/nitrokeys/features/u2f/index.rst
+++ b/source/components/nitrokeys/features/u2f/index.rst
@@ -1,30 +1,7 @@
U2F
===
-.. section products-begin
-.. list-table::
- :width: 100%
- :header-rows: 1
- :class: products-table
-
- * - `Nitrokey 3 `_
- - `Nitrokey Passkey `_
- - `Nitrokey FIDO2 `_
- - `Nitrokey U2F `_
- - `Nitrokey HSM 2 `_
- - `Nitrokey Pro 2 `_
- - `Nitrokey Start `_
- - `Nitrokey Storage 2 `_
-
- * - ✓
- - ✓
- - ✓
- - ✓
- - ⨯
- - ⨯
- - ⨯
- - ✓
-.. section products-end
+.. product-table:: u2f fido2 nk3 passkey
.. toctree::
:maxdepth: 1
diff --git a/source/components/nitrokeys/features/u2f/odoo.rst b/source/components/nitrokeys/features/u2f/odoo.rst
index aa7c189a83..05749a902f 100644
--- a/source/components/nitrokeys/features/u2f/odoo.rst
+++ b/source/components/nitrokeys/features/u2f/odoo.rst
@@ -1,9 +1,7 @@
Two-Factor Authentication For ERP Software Odoo
===============================================
-.. include:: index.rst
- :start-after: products-begin
- :end-before: products-end
+.. product-table:: u2f fido2 nk3 passkey
.. only:: comment
diff --git a/source/components/nitrokeys/fido2/faq.rst b/source/components/nitrokeys/fido2/faq.rst
index 8021edfbc8..dbaba0f8fa 100644
--- a/source/components/nitrokeys/fido2/faq.rst
+++ b/source/components/nitrokeys/fido2/faq.rst
@@ -1,14 +1,16 @@
Nitrokey FIDO2 FAQ
==================
-**Q:** Which Operating Systems are supported?
+.. faq:: Which Operating Systems are supported?
+
Windows, Linux, and Mac OS X. Also some support (FIDO2) for Android.
+.. faq:: What can I use the Nitrokey for?
-**Q:** What can I use the Nitrokey for?
See the `overview `_ of supported use cases.
-**Q:** What happens if I lose my FIDO device?
+.. faq:: What happens if I lose my FIDO device?
+
When securing accounts using FIDO (two-factor authentication and
passwordless login), you should configure another factor in your account as
a backup. Depending on the service this backup factor can be a phone number,
@@ -16,12 +18,14 @@ Nitrokey FIDO2 FAQ
can still log in with the second Nitrokey FIDO2 (or with another second
factor).
-**Q:** How large is the storage capacity?
+.. faq:: How large is the storage capacity?
+
The Nitrokey FIDO2 doesn't contain storage capability for ordinary data (it can
only store cryptographic keys and certificates).
-**Q:** How to use Nitrokey FIDO2 with Azure Entra ID (Active Directory)?
+.. faq:: How to use Nitrokey FIDO2 with Azure Entra ID (Active Directory)?
+
After `disabling Enforce Attestation`_ Nitrokey FIDO2 is supported by Azure Entra ID out of the box.
-.. include:: ../../shared-faqs/hyperlinks.rst.inc
\ No newline at end of file
+.. include:: ../../shared-faqs/hyperlinks.rst.inc
diff --git a/source/components/nitrokeys/hsm/faq.rst b/source/components/nitrokeys/hsm/faq.rst
index dbc17c02f5..b748b3ac75 100644
--- a/source/components/nitrokeys/hsm/faq.rst
+++ b/source/components/nitrokeys/hsm/faq.rst
@@ -5,7 +5,8 @@ Nitrokey HSM FAQ
.. include:: ../../shared-faqs/nitrokeys.rst.inc
-**Q:** What is the maximum length of the PIN?
+.. faq:: What is the maximum length of the PIN?
+
Nitrokey uses PINs instead of passwords. The main difference is that the
hardware limits the amount of tries to three while a limit doesn't exist for
passwords. Because of this, a short PIN is still secure and there is not need
@@ -16,7 +17,8 @@ Nitrokey HSM FAQ
OpenSC, 32 character long PINs can be used but aren't supported by Nitrokey
App.
-**Q:** What is the User PIN for?
+.. faq:: What is the User PIN for?
+
The PIN is at least 6-digits long and is used to get
access to the content of the Nitrokey. This is the PIN you will use a lot in
every day use.
@@ -26,14 +28,16 @@ Nitrokey HSM FAQ
PIN attempts were done, it is sufficiently secure to only have a 6 digits
PIN.
-**Q:** What is the SO PIN for?
+.. faq:: What is the SO PIN for?
+
The SO PIN is used in the Nitrokey HSM only and is something like a
"master" PIN with special properties. Please read this instructions carefully
to understand the SO PIN of the Nitrokey HSM.
The SO PIN has to be exactly 16 digits long.
-**Q:** How many data objects (DF, EF) can be stored?
+.. faq:: How many data objects (DF, EF) can be stored?
+
76 KB EEPROM total, that can be used for
* max. 150 x ECC-521 keys or
@@ -41,10 +45,12 @@ Nitrokey HSM FAQ
* max. 19 x RSA-4096 keys or
* max. 38 x RSA-2048 keys
-**Q:** How many keys can I store?
+.. faq:: How many keys can I store?
+
Nitrokey HSM can store 20 RSA-2048 and 31 ECC-256 key pairs.
-**Q:** How fast is encryption and signing?
+.. faq:: How fast is encryption and signing?
+
* Key generation on-card: RSA 2048: 2 per minute
* Key generation on-card: ECC 256: 10 per minute.
* Signature creation with off-card hash: RSA 2048; 100 per minute
@@ -52,22 +58,26 @@ Nitrokey HSM FAQ
* Signature creation with on-card SHA-256 and 1 kb data: RSA 2048; 68 per minute
* Signature creation with on-card SHA-256 and 1 kb data: ECDSA 256: 125 per minute
-**Q:** How can I distinguish a Nitrokey HSM 1 from an Nitrokey HSM 2?
+.. faq:: How can I distinguish a Nitrokey HSM 1 from an Nitrokey HSM 2?
+
Use ``opensc-tool --list-algorithms`` and compare with the table below. Please
also see `this thread`_ for the factsheets and more details.
.. include:: ../../shared-faqs/algos.rst.inc
-**Q:** How can I use the True Random Number Generator (TRNG) of the Nitrokey HSM for my applications?
+.. faq:: How can I use the True Random Number Generator (TRNG) of the Nitrokey HSM for my applications?
+
Nitrokey HSM can be used with `Botan`_ and `TokenTools`_ by using OpenSC as a PKCS#11 driver.
OpenSSL can't use Nitrokey HSM's RNG directly because engine-pkcs11 doesn't contain a mapping for OpenSSL to C_GenerateRandom.
-**Q:** How good is the Random Number Generator?
+.. faq:: How good is the Random Number Generator?
+
Nitrokey HSM uses the True Random Number Generator of JCOP 2.4.1r3 which has a quality of DRNG.2
(according to `AIS 31`_ of the German Federal Office for Information Security, BSI).
-**Q:** Which API can I use?
+.. faq:: Which API can I use?
+
OpenSC: Comprehensive instructions exist for OpenSC framework. There is
nitrotool as a more comfortable frontend to OpenSC.
@@ -83,17 +93,21 @@ Nitrokey HSM FAQ
NitroKeyWrapper.
-**Q:** Is the Nitrokey HSM 2 Common Criteria or FIPS certified?
+.. faq:: Is the Nitrokey HSM 2 Common Criteria or FIPS certified?
+
The security controller (NXP JCOP 3 P60) is Common Criteria EAL 5+ certified up to the OS
level (`Certificate `__, `Certification Report `__, `Security Target `__, `Java Card System Protection Profile Open Configuration, Version 3.0 `__).
-**Q:** How to import an existing key into the Nitrokey HSM?
+.. faq:: How to import an existing key into the Nitrokey HSM?
+
First, `set up`_ your Nitrokey HSM to use key backup and restore. Then use Smart Card Shell for importing. If your key is stored in a Java key store you can use `NitroKeyWrapper`_ instead.
-**Q:** How do I secure my Cloud Infrastructure/Kubernetes with Nitrokey HSM?
+.. faq:: How do I secure my Cloud Infrastructure/Kubernetes with Nitrokey HSM?
+
An approach to secure keys for Hashicorp Vault/Bank-Vault on a Nitrokey HSM can be found at `banzaicloud.com`_.
-**Q:** Can I use Nitrokey HSM with cryptocurrencies?
+.. faq:: Can I use Nitrokey HSM with cryptocurrencies?
+
J.v.d.Bosch wrote a simple, free python `program`_ to secure the private key of a Bitcoin wallet in a HSM.
`Tezos`_ has been `reported`_ to work with Nitrokey HSM.
diff --git a/source/components/nitrokeys/nitrokey3/faq.rst b/source/components/nitrokeys/nitrokey3/faq.rst
index e978cf9e0a..32c96baba4 100644
--- a/source/components/nitrokeys/nitrokey3/faq.rst
+++ b/source/components/nitrokeys/nitrokey3/faq.rst
@@ -1,24 +1,29 @@
Nitrokey 3 FAQ
==================
-**Q:** Which Operating Systems are supported?
+.. faq:: Which Operating Systems are supported?
+
Windows, Linux and macOS. Also some support for Android and iOS.
-**Q:** What can I use the Nitrokey for?
+.. faq:: What can I use the Nitrokey for?
+
See the `overview `_ of supported use cases.
-**Q:** How can I check if my Nitrokey 3 is working?
+.. faq:: How can I check if my Nitrokey 3 is working?
+
On `WebAuthn.io`_ you can check various high-level functionalities, while
`webautn.bin.coffee`_ provides good developer level details (technical)
details.
You can also `test`_ your Nitrokey.
-**Q:** Where is the right spot for NFC on my smartphone?
+.. faq:: Where is the right spot for NFC on my smartphone?
+
This is different for every smartphone model, you should find your
brand's respective hardware description to find this out. A quite
extensive list can be found `here `_.
-**Q:** What happens if I lose my device?
+.. faq:: What happens if I lose my device?
+
When securing accounts using FIDO (two-factor authentication and
passwordless login), you should configure another factor in your account as
a backup. Depending on the service this backup factor can be a phone number,
@@ -26,31 +31,38 @@ Nitrokey 3 FAQ
can still log in with the second Nitrokey (or with another second
factor).
-**Q:** How large is the storage capacity?
+.. faq:: How large is the storage capacity?
+
The Nitrokey 3 doesn't contain storage capability for ordinary data (it can
only store cryptographic keys and certificates).
-**Q:** Why does the Nitrokey 3 not show up in GnuPG?
+.. faq:: Why does the Nitrokey 3 not show up in GnuPG?
+
Make sure to install a firmware more recent than version 1.4.0.
For more information, see the firmware-update page for your operating system.
-**Q:** Why does the Nitrokey 3 not show up in Nitrokey App?
+.. faq:: Why does the Nitrokey 3 not show up in Nitrokey App?
+
Nitrokey 3 does only show up and can be managed in "nitropy" and "Nitrokey App 2, not in Nitrokey App 1".
.. include:: ../../shared-faqs/algos.rst.inc
-**Q:** How can I set the PIN for my Nitrokey 3?
+.. faq:: How can I set the PIN for my Nitrokey 3?
+
The Nitrokey 3 has distinct PINs for each feature.
Please refer to the chapter of your respective operating system (`Linux `__, `macOS `__, `Windows `__).
-**Q:** Is the Nitrokey 3 Common Criteria or FIPS certified?
+.. faq:: Is the Nitrokey 3 Common Criteria or FIPS certified?
+
The secure element (SE050M) is Common Criteria EAL 6+ security certified up to the OS
level (`Certificate `__, `Certification Report `__, `Security Target `__, `Java Card Protection Profile - Open Configuration `__).
-**Q:** How to use Nitrokey 3 with Azure Entra ID (Active Directory)?
+.. faq:: How to use Nitrokey 3 with Azure Entra ID (Active Directory)?
+
After `disabling Enforce Attestation`_ Nitrokey 3 is supported by Azure Entra ID out of the box.
-**Q:** How can I use the SE050 Secure Element?
+.. faq:: How can I use the SE050 Secure Element?
+
Starting with version 1.7.0 the Secure Element should be automatically activated, if the OpenPGP Card
was not used before. To check its activation state you can use: ``nitropy nk3 get-config opcard.use_se050_backend``.
To activate it, if it isn't activated use: ``nitropy nk3 set-config opcard.use_se050_backend true`` or disable
diff --git a/source/components/nitrokeys/pro/faq.rst b/source/components/nitrokeys/pro/faq.rst
index 5c348c4443..edfd5c2224 100644
--- a/source/components/nitrokeys/pro/faq.rst
+++ b/source/components/nitrokeys/pro/faq.rst
@@ -4,7 +4,8 @@ Nitrokey Pro 2 FAQ
.. include:: ../../shared-faqs/nitrokeys.rst.inc
-**Q:** What are the default PINs?
+.. faq:: What are the default PINs?
+
* **User PIN:** "123456"
* **Administrator PIN:** "12345678"
@@ -13,12 +14,14 @@ Nitrokey Pro 2 FAQ
.. include:: ../../shared-faqs/pins.rst.inc
-**Q:** Why does my Nitrokey Pro hang when switching between nitrokey-app and GnuPG?
+.. faq:: Why does my Nitrokey Pro hang when switching between nitrokey-app and GnuPG?
+
GnuPG and nitrokey-app sometimes tend to hand each other. This is a known problem
and it can be fixed by re-inserting the Nitrokey into the USB slot.
-**Q:** Which drivers/tools can be used?
+.. faq:: Which drivers/tools can be used?
+
GnuPG is required for many use cases. It is a command line tool but usually
you don't need to invoke it directly but use another application with user
interface.
@@ -32,7 +35,8 @@ Nitrokey Pro 2 FAQ
instructions work Nitrokey as well. In general the official documentation
is recommended.
-**Q:** How fast is encryption and signing?
+.. faq:: How fast is encryption and signing?
+
Encryption of 50kiB of data:
* 256 bit AES, 2048 bytes per command -> 880 bytes per second
@@ -44,27 +48,32 @@ Nitrokey Pro 2 FAQ
.. include:: ../../shared-faqs/algos.rst.inc
-**Q:** Does the Nitrokey Pro contain a secure chip or just a normal microcontroller?
+.. faq:: Does the Nitrokey Pro contain a secure chip or just a normal microcontroller?
+
Nitrokey Pro contains a tamper resistant smart card.
-**Q:** Is the Nitrokey Pro Common Criteria or FIPS certified?
+.. faq:: Is the Nitrokey Pro Common Criteria or FIPS certified?
+
The security controller (NXP Smart Card Controller P5CD081V1A and its major
configurations P5CC081V1A, P5CN081V1A, P5CD041V1A, P5CD021V1A and P5CD016V1A
each with IC dedicated Software) is Common Criteria EAL 5+ certified up to the OS
level (`Certification Report `__, `Security Target `__, `Maintenance Report `__, `Maintenance ST `__).
-**Q:** How can I use the True Random Number Generator (TRNG) of the Nitrokey Pro for my applications?
+.. faq:: How can I use the True Random Number Generator (TRNG) of the Nitrokey Pro for my applications?
+
Both devices are compatible to the OpenPGP Card, so that `scdrand`_ should work. `This script`_ may be useful.
The user comio `created a systemd file`_ to use scdrand and thus the TRNG more generally. He created an `ebuild for Gentoo`_, too.
-**Q:** How good is the Random Number Generator?
+.. faq:: How good is the Random Number Generator?
+
Nitrokey Pro and Nitrokey Storage use a True Random Number Generator (TRNG)
for generating keys on the device. The entropy generated by the TRNG is used
for the entire key length. Therefore the TRNG is compliant to `BSI TR-03116`_.
The TRNG provides about 40 kbit/s.
-**Q:** How large is the storage capacity?
+.. faq:: How large is the storage capacity?
+
The Nitrokey Pro doesn't contain storage capability for ordinary data (it can
only store cryptographic keys and certificates).
diff --git a/source/components/nitrokeys/start/faq.rst b/source/components/nitrokeys/start/faq.rst
index b701c170af..9c5f301e4b 100644
--- a/source/components/nitrokeys/start/faq.rst
+++ b/source/components/nitrokeys/start/faq.rst
@@ -3,7 +3,8 @@ Nitrokey Start FAQ
.. include:: ../../shared-faqs/nitrokeys.rst.inc
-**Q:** What are the default PINs?
+.. faq:: What are the default PINs?
+
* **User PIN:** "123456"
* **Administrator PIN:** "12345678"
@@ -12,7 +13,8 @@ Nitrokey Start FAQ
.. include:: ../../shared-faqs/pins.rst.inc
-**Q:** Which drivers/tools can be used?
+.. faq:: Which drivers/tools can be used?
+
GnuPG is required for many use cases. It is a command line tool but usually
you don't need to invoke it directly but use another application with user
interface.
@@ -29,10 +31,12 @@ Nitrokey Start FAQ
.. include:: ../../shared-faqs/algos.rst.inc
-**Q:** Does the Nitrokey Start contain a secure chip or just a normal microcontroller?
+.. faq:: Does the Nitrokey Start contain a secure chip or just a normal microcontroller?
+
Nitrokey Start is implemented in the microprocessor.
-**Q:** How large is the storage capacity?
+.. faq:: How large is the storage capacity?
+
The Nitrokey Start doesn't contain storage capability for ordinary data (it can
only store cryptographic keys and certificates).
diff --git a/source/components/nitrokeys/storage/faq.rst b/source/components/nitrokeys/storage/faq.rst
index 6b1811ae3c..5613da077f 100644
--- a/source/components/nitrokeys/storage/faq.rst
+++ b/source/components/nitrokeys/storage/faq.rst
@@ -6,7 +6,8 @@ non-volatile (encrypted) storage, the :doc:`Nitrokey Pro 2 FAQ <../pro/faq>` als
.. include:: ../../shared-faqs/nitrokeys.rst.inc
-**Q:** What are the default PINs?
+.. faq:: What are the default PINs?
+
* **User PIN:** "123456"
* **Administrator PIN:** "12345678"
* **Firmware Password**: "12345678"
@@ -15,12 +16,14 @@ non-volatile (encrypted) storage, the :doc:`Nitrokey Pro 2 FAQ <../pro/faq>` als
before using the Nitrokey.
-**Q:** How large is the storage capacity?
+.. faq:: How large is the storage capacity?
+
Nitrokey Storage can store and encrypt 8, 32, or 64 GB of data (depending on
particular model).
-**Q:** Why can't I access the encrypted storage on a new Nitrokey Storage?
+.. faq:: Why can't I access the encrypted storage on a new Nitrokey Storage?
+
On a new Nitrokey Storage device, before you can access the encrypted volume
make sure you first "Destroy encrypted data" inside the Nitrokey App.
@@ -28,12 +31,14 @@ non-volatile (encrypted) storage, the :doc:`Nitrokey Pro 2 FAQ <../pro/faq>` als
.. include:: ../../shared-faqs/pins.rst.inc
-**Q:** Why does my Nitrokey Storage hang when switching between nitrokey-app and GnuPG?
+.. faq:: Why does my Nitrokey Storage hang when switching between nitrokey-app and GnuPG?
+
GnuPG and nitrokey-app sometimes tend to hand each other. This is a known problem
and it can be fixed by re-inserting the Nitrokey into the USB slot.
-**Q:** What is the firmware PIN for?
+.. faq:: What is the firmware PIN for?
+
The firmware password should meet general password
recommandations (e.g. use alphabetic characters, digits and special
characters or use a usfficiently long password). The firmware password is
@@ -44,12 +49,14 @@ non-volatile (encrypted) storage, the :doc:`Nitrokey Pro 2 FAQ <../pro/faq>` als
password and would have unlimited attempts. Therefore you must choose a
strong password. The default password is 12345678.
-**Q:** How many keys can I store?
+.. faq:: How many keys can I store?
+
The Nitrokey Storage can store three RSA key pairs. All keys use the same
identity but are used for different purposes: authentication, encryption and
signing.
-**Q:** How fast is encryption and signing?
+.. faq:: How fast is encryption and signing?
+
Encryption of 50kiB of data:
* 256 bit AES, 2048 bytes per command -> 880 bytes per second
@@ -59,28 +66,33 @@ non-volatile (encrypted) storage, the :doc:`Nitrokey Pro 2 FAQ <../pro/faq>` als
.. include:: ../../shared-faqs/algos.rst.inc
-**Q:** Does the Nitrokey Storage contain a secure chip or just a normal microcontroller?
+.. faq:: Does the Nitrokey Storage contain a secure chip or just a normal microcontroller?
+
Nitrokey Storage contains a tamper resistant smart card.
-**Q:** Is the Nitrokey Storage Common Criteria or FIPS certified?
+.. faq:: Is the Nitrokey Storage Common Criteria or FIPS certified?
+
The security controller (NXP Smart Card Controller P5CD081V1A and its major
configurations P5CC081V1A, P5CN081V1A, P5CD041V1A, P5CD021V1A and P5CD016V1A
each with IC dedicated Software) is Common Criteria EAL 5+ certified up to the OS
level (`Certification Report `__, `Security Target `__, `Maintenance Report `__, `Maintenance ST `__`).
Additionally `Cure53 `__ has performed an `independent security audit `__ of the hardware, firmware, and Nitrokey App.
-**Q:** How can I use the True Random Number Generator (TRNG) of the Nitrokey Storage for my applications?
+.. faq:: How can I use the True Random Number Generator (TRNG) of the Nitrokey Storage for my applications?
+
Both devices are compatible to the OpenPGP Card, so that `scdrand`_ should work. `This script`_ may be useful.
The user comio `created a systemd file`_ to use scdrand and thus the TRNG more generally. He created an `ebuild for Gentoo`_, too.
-**Q:** How good is the Random Number Generator?
+.. faq:: How good is the Random Number Generator?
+
Nitrokey Pro and Nitrokey Storage use a True Random Number Generator (TRNG)
for generating keys on the device. The entropy generated by the TRNG is used
for the entire key length. Therefore the TRNG is compliant to `BSI TR-03116`_.
The TRNG provides about 40 kbit/s.
-**Q:** How can I use the encrypted mobile Storage?
+.. faq:: How can I use the encrypted mobile Storage?
+
Prior of using the encrypted mobile storage you need to install and initialize the Nitrokey Storage and download the latest Nitrokey App.
* Start the Nitrokey App.
@@ -93,7 +105,8 @@ non-volatile (encrypted) storage, the :doc:`Nitrokey Pro 2 FAQ <../pro/faq>` als
The Nitrokey Storage is able to create hidden volumes as well. Please have a look at the corresponding instructions for hidden volumes.
-**Q:** How can I use the hidden volume?
+.. faq:: How can I use the hidden volume?
+
Hidden volumes allow to hide data in the encrypted volume. The data is protected
with an additional password. Without the password the data existence's can't be
proven. Hidden volumes are not setup by default so that their existence can be
diff --git a/source/components/nitropad/faq.rst b/source/components/nitropad/faq.rst
index a9b11d647d..54dd657ab4 100644
--- a/source/components/nitropad/faq.rst
+++ b/source/components/nitropad/faq.rst
@@ -1,15 +1,18 @@
NitroPad FAQ
============
-**Q:** What is the default hard-disk encryption password?
+.. faq:: What is the default hard-disk encryption password?
+
The default Nitropad disk encryption password: "12345678". This was change on the 15.01.2024 so if "12345678" is not working try the old default: "PleaseChangeMe"
-**Q:** How to change the hard-disk encryption password from within HEADS?
+.. faq:: How to change the hard-disk encryption password from within HEADS?
+
This is the prefered way to change the hard-disk encryption password.
Inside HEADS choose ``Options -> Change LUKS Disk Recovery Key passphrase``
and follow the instructions.
-**Q:** How to change the hard-disk encryption password from within the OS?
+.. faq:: How to change the hard-disk encryption password from within the OS?
+
Using default ``cryptsetup`` tools it is important to note that the right
key slot is used: ``sudo cryptsetup luksChangeKey --key-slot=0 /dev/nvme0n1p3`` or
``sudo cryptsetup luksChangeKey --key-slot=0 /dev/sda3``. In Qubes 4.2 exist also now a GUI tool for that:
@@ -17,7 +20,8 @@ NitroPad FAQ
.. figure:: /images/qubes/ChangeDiskPasswordQubes.png
:alt: Change Password Qubes Image
-**Q:** What is re-ownership / re-encryption and why is it important?
+.. faq:: What is re-ownership / re-encryption and why is it important?
+
Changing your hard-disk encryption password does not change the encryption
itself, just the access to the encryption key. This means that in a situation
where somebody had phyisical access to the device (e.g., during shipment)
diff --git a/source/components/nitropc/faq.rst b/source/components/nitropc/faq.rst
index b2292792e4..3673f6393f 100644
--- a/source/components/nitropc/faq.rst
+++ b/source/components/nitropc/faq.rst
@@ -1,7 +1,8 @@
NitroPC FAQ
===========
-**Q:** What is the default hard-disk encryption password?
+.. faq:: What is the default hard-disk encryption password?
+
The default NitroPC disk encryption password: "12345678". This was change on the 15.01.2024 so if "12345678" is not working try the old default: "PleaseChangeMe"
diff --git a/source/components/nitrophone/faq.rst b/source/components/nitrophone/faq.rst
index ac13f748e0..898c18982a 100644
--- a/source/components/nitrophone/faq.rst
+++ b/source/components/nitrophone/faq.rst
@@ -1,19 +1,22 @@
NitroPhone FAQ
===============
-**Q:** Does the Nitrophone work with my carrier network?
+.. faq:: Does the Nitrophone work with my carrier network?
+
Google claims `all major carriers`_ should work with the Pixel phones. Nevertheless
there might be exceptions, obviously we cannot check `all` carriers around the world.
Best practice, is to check if you find some tests/experience stories about the Pixel 4a
together with your planned carrier network.
-**Q:** What is and how to activate *PIN Layout Scrambling*?
+.. faq:: What is and how to activate *PIN Layout Scrambling*?
+
To make it difficult for strangers to read the PIN when typing it in, you can
display the PIN layout in a random order. Additionally, we recommend a
`privacy screen `__.
To enable, select: *Settings -> Security -> PIN scrambling -> Scramble PIN*
-**Q:** What is a *Kill Switch* and how to activate it?
+.. faq:: What is a *Kill Switch* and how to activate it?
+
Kill Switches, which erase all the phone's data when triggered, are very risky in
practice as they could be triggered unintentionally. Therefore, the NitroPhone instead
has the feature to automatically shut down and restart when inactive for a set period of time.
@@ -21,7 +24,8 @@ NitroPhone FAQ
phone can only be unlocked with the legitimate PIN or password. To enable, select:
*Settings -> Security -> Auto reboot -> select the idle time duration after which the phone should reboot*
-**Q:** Why do I get "Warning: Your device is loading a different operating system"?
+.. faq:: Why do I get "Warning: Your device is loading a different operating system"?
+
.. image:: ./images/boot-screen.jpg
:alt: Boot screen
:align: center
@@ -29,22 +33,28 @@ NitroPhone FAQ
Shortly after the phone is turned on, the warning "Your device is loading a different operating system"
is displayed. This warning indicates that no ordinary Google Android is running and can be ignored.
-**Q:** How can I check, if my NitroPhone has been hacked/compromised?
+.. faq:: How can I check, if my NitroPhone has been hacked/compromised?
+
If you want to check the integrity of the operating system, you can use `remote verification `_.
-**Q:** Where can I get further information about GrapheneOS?
+.. faq:: Where can I get further information about GrapheneOS?
+
`Here `__ you can find further information on GrapheneOS.
-**Q:** Why is OEM unlocking enabled by default?
+.. faq:: Why is OEM unlocking enabled by default?
+
The only real purpose of the OEM Unlocking setting is `anti-theft protection `__ which is not implemented by GrapheneOS. OEM unlocking controls whether the device can be unlocked via boot loader. In the later case all user data is wiped. If OEM Unlocking is disabled, someone can still boot up in recovery mode, enter the menu, wipe data, then boot the OS and enable OEM unlocking. Therefore it doesn't really increase the security but `disabling it `_ reduces the potential physical attack surface.
-**Q:** Why do we offer to remove the microphones?
+.. faq:: Why do we offer to remove the microphones?
+
GrapheneOS informs about active access to the sensors and offers a transparent way to monitor the device. However, physical removal is the only way to completely exclude possible misuse. Especially in the case of a microphone, which allows continuous eavesdropping.
-**Q:** Why do we also offer to remove the gyroscope?
+.. faq:: Why do we also offer to remove the gyroscope?
+
A gyroscope is a sensor that detects the orientation of a smartphone. It not only stabilises the camera, but also tells the smartphone whether it is held in portrait or landscape mode. Additionally the gyroscope can also pick up mechanical vibrations, so it has the functionality of a microphone.
-**Q:** Why don't we offer to remove the speakers?
+.. faq:: Why don't we offer to remove the speakers?
+
Microphones are usually used to convert mechanical vibrations into electrical signals. The mechanical construction of loudspeakers is essentially the same as that of microphones, so that loudspeakers can also be used as microphones. In loudspeakers, electrical signals cause the diaphragm to vibrate, thus generating sound. Conversely, this process can be used to transmit the electrical signal from the diaphragm to the device, as with a microphone. However, this method is not possible if an amplifier is installed, as this does not allow the signal to be transmitted from the loudspeaker to the device. All Nitrophones only have speakers with built-in amplifiers and are therefore harmless.
.. _all major carriers: https://support.google.com/pixelphone/answer/7107188?hl=en
diff --git a/source/components/shared-faqs/algos.rst.inc b/source/components/shared-faqs/algos.rst.inc
index f9d13871e1..dba31b1ee3 100644
--- a/source/components/shared-faqs/algos.rst.inc
+++ b/source/components/shared-faqs/algos.rst.inc
@@ -1,6 +1,7 @@
-**Q:** Which algorithms and maximum key length are supported?
- See the following table:
+.. faq:: Which algorithms and maximum key length are supported?
+
+ See the following table:
+-------------------+-------+---------------+-------------------+-------------------+-----+-------+
| | Start | Pro + Storage | Pro 2 + Storage 2 | Nitrokey 3 | HSM | HSM 2 |
diff --git a/source/components/shared-faqs/nitrokeys.rst.inc b/source/components/shared-faqs/nitrokeys.rst.inc
index eb0491fb92..acbcf1b904 100644
--- a/source/components/shared-faqs/nitrokeys.rst.inc
+++ b/source/components/shared-faqs/nitrokeys.rst.inc
@@ -1,7 +1,9 @@
-**Q:** Which Operating Systems are supported?
+.. faq:: Which Operating Systems are supported?
+
Windows, Linux and macOS.
-**Q:** What can I use the Nitrokey for?
+.. faq:: What can I use the Nitrokey for?
+
See the `overview`_ of supported use cases.
.. _overview: https://www.nitrokey.com/products/nitrokeys
diff --git a/source/components/shared-faqs/pins.rst.inc b/source/components/shared-faqs/pins.rst.inc
index e99295f983..08e1bfff01 100644
--- a/source/components/shared-faqs/pins.rst.inc
+++ b/source/components/shared-faqs/pins.rst.inc
@@ -1,5 +1,6 @@
-**Q:** What is the maximum length of the PIN?
+.. faq:: What is the maximum length of the PIN?
+
Nitrokey uses PINs instead of passwords. The main difference is that the
hardware limits the amount of tries to three while a limit doesn't exist for
passwords. Because of this, a short PIN is still secure and there is not need
@@ -10,7 +11,8 @@
OpenSC, 32 character long PINs can be used but aren't supported by Nitrokey
App.
-**Q:** What is the User PIN for?
+.. faq:: What is the User PIN for?
+
The user PIN is at least 6-digits long and is used to get
access to the contect of the Nitrokey. This is the PIN you will use a lot in
every day use e.g. for decrypting messages, for unlocking your encrypted
@@ -21,7 +23,8 @@
PIN attempts were done, it is sufficiently secure to only have a 6 digits
PIN. The default PIN is 123456.
-**Q:** What is the Admin PIN for?
+.. faq:: What is the Admin PIN for?
+
The admin PIN is at least 8-digits long and is used to change
contents/settings of the Nitrokey. That is to say after initializing the
Nitrokey you probably won't need this PIN too often (e.g. if you want to add
diff --git a/source/conf.py b/source/conf.py
index fb3eb8c595..0b70485b8d 100644
--- a/source/conf.py
+++ b/source/conf.py
@@ -12,10 +12,11 @@
# add these directories to sys.path here. If the directory is relative to the
# documentation root, use os.path.abspath to make it absolute, like shown here.
#
-# import os
-# import sys
-# sys.path.insert(0, os.path.abspath('.'))
+import os
+import sys
+
+sys.path.insert(0, os.path.abspath(".") + "/_ext/")
# -- Project information -----------------------------------------------------
@@ -44,6 +45,8 @@
#'sphinx_copybutton',
#'sphinxprettysearchresults',
"sphinx_tabs.tabs",
+ "nk_product_table",
+ "faq_item",
]
# Add any paths that contain templates here, relative to this directory.