Nitrokey | Secure your digital life

Secure Login

Login to websites (e.g. Google, Facebook) using secure One Time Passwords (OTP), U2F or ordinary static passwords. Login to computers & network services (e.g. SSH) using certificates.

read more
The Password is Dead

Passwords are either difficult to remember or too short to protect important accounts securely. In particular, passwords haven't kept up with the increasing number of accounts needed for various websites. This is especially important because passwords should be unique and must never be used across different accounts. These factors render passwords insecure or impractical to use.

Nitrokey aims to replace passwords by supporting the following strong authentication methods:

One Time Passwords (OTP)

One Time Passwords (OTP) are similar to TANs and are used as a second factor in addition to ordinary passwords. OTPs protect against identity theft so that in case your password is compromised your account is still secured by the Nitrokey. Using a small tray icon application, your Nitrokey generates OTPs which are required for login to configured websites and applications. See the growing list of websites which you can use with Nitrokey's OTPs. The supported protocol are HMAC-based One-time Password Algorithm (HOTP, RFC 4226) and Time-based One-time Password Algorithm (TOTP, RFC 6238) which is compatible with Google Authenticator.

Universal 2nd Factor (U2F)

Universal 2nd Factor (U2F) is very secure, super easy to use, and may become the successor of OTPs. U2F uses challenges which are signed by the Nitrokey U2F device. Account-specific keys are used to prevent user tracking and to protect your privacy. U2F doesn't require any additional tray icon application because some web browsers support Nitrokey U2F already (Chrome Browser, Internet Explorer with plugin). U2F is a new standard and only supported by a few websites so far but its acceptance is increasing.

Client Certificate Authentication

You can use your Nitrokey to administrate your servers securely via SSH, to access your your Virtual Private Network via OpenVPN and to login to some websites via HTTPS.

Password Safe

For use cases where you have to use ordinary passwords, Nitrokey provides a password safe to store and use passwords securely. It allows you to have individual passwords for each account and stores them encrypted in the Nitrokey.
Email Encryption

Encrypt your emails with GnuPG, OpenPGP or S/MIME and your favorite email client. Keep your secret keys secure on your Nitrokey.

read more
Emails are readable like postcards

Without additional precautions, random system administrators could read your emails easily and its likely that your emails are stored by some intelligence services anyway. Cybercriminals are increasingly targeting email servers in order to launch phishing attacks on enterprises and individuals. Email encryption prevents unauthorized attackers from reading your private emails.

Nitrokey aims to make email encryption as easy as possible

Nitrokey stores your secret keys securely on the device and protects them from malware and physical attackers. Nitrokey can be used with various email encryption software easily with minimal modifications. Windows, MacOS and Linux are supported and device drivers are either pre-installed or installed automatically. GnuPG works with Nitrokey out of the box and supports OpenPGP and S/MIME formats. PKCS#11 drivers are provided for integrating with S/MIME supporting software. Among the supported applications are Mozilla Thunderbird, MS Outlook, and GnuPG.

Supported email encryption standards: OpenPGP and S/MIME

Two different formats exist for email encryption: OpenPGP and S/MIME. OpenPGP ist more popular among individuals while S/MIME is mostly used within the enterprise space. Other than most other USB dongles, Nitrokey supports both formats.
Encrypted Mobile Storage

Carry important data with you, always hardware encrypted on your Nitrokey Storage device (8-64 GB). Compatible with Windows, Linux and Mac OS.
read more
Data Loss by USB drives

To avoid compromise and in some cases even legal lawsuits, its necessary to encrypt all your sensitive data you are carrying with you. Don't find yourself in a row with such horrible cases of data loss ([1], [2], [3]).

Insecure proprietary USB vendors
- The NSA intercepts harddisks and other equipment sent from the vendor to clients and implants backdoors into it. With the Nitrokey you can export the installed firmware and verify its integrity (or flash your own firmware).
- In 2011 RSA Inc has been hacked and secret keys of all their securID token been stolen, which allows to crack the devices.
- FIPS 140-2 Level 2 certified USB storage devices from Kingston, SanDisk, Verbatim, MXI, and PICO could easily be accessed by using a default password (revealed in 2010).
Serious security flaws were also found in the following products:
- Xystec (2012)
- Corsair's Padlock (2010)
- Raidon‘s Staray-S-Serie (2009)
- All USB storage devices from 9Pay, A-Data and Transcend which use fingerprint readers based on the USBest UT176 and UT169 from Afa Technology (2008)
- Excelstor’s GStor Plus (2005)
- Lexar JumpDrive (2004)
Encrypted Storage

The Nitrokey Storage contains an encrypted mass storage of up to 64 GB capacity. To unlock the drive you enter your PIN and all the encryption and decryption is performed within the hardware device. This is theoretically more secure than a software solution and frees you from operating system dependency. The device can be used with Windows, Linux and Mac OS X.

Hidden Volumes

Nitrokey Storage contains a feature which allows to setup hidden volumes in addition to the primary encrypted storage. These hidden volumes are protected by an additional password and their existence could technically not be proven. This allows you to technically denial the existence of any additional encrypted data, e.g. during border controls.
Harddisk & File Encryption

Encrypt your hard disks and files using TrueCrypt, GnuPG tools and more. Keep your secret keys secure on your Nitrokey.

read more
If you have any private data stored on your computer or laptop, disk encryption is a must. You can use various disk encryption solutions with the Nitrokey. In this case your secret keys are stored securely on the Nitrokey device which you can use similar to a physical door key to unlock your computer. Among the supported solutions are TrueCrypt, Gnu Privacy Assistant and GnuPG. Microsoft Bitlocker and Linux disk encryption solutions should work as well but aren't tested yet.
Server Protection

Protect your server certificates by using up to 60 ECC and 48 RSA keys with the Nitrokey HSM. Ideal for security servers.

read more
Servers are exposed to a large range of attacks, are online 24h and sometimes are poorly maintained. Most servers will contain a remotely exploitable security flaw (e.g. OpenSSL's Heartbleed bug) sooner or later. Eventhough you may not be able to 100% secure your server, you can keep your private keys of reach of an attacker and store them on the Nitrokey.

Protect e-mails, files, harddrives, server certificates and online accounts using a physical USB key.

Nitrokey enables

Secure Login

The Password is Dead

One Time Passwords (OTP)

Universal 2nd Factor (U2F)

Client Certificate Authentication

Password Safe

Email Encryption

Emails are readable like postcards

Nitrokey aims to make email encryption as easy as possible

Supported email encryption standards: OpenPGP and S/MIME

Encrypted Mobile Storage

Data Loss by USB drives

Insecure proprietary USB vendors

Encrypted Storage

Hidden Volumes

Harddisk & File Encryption

Server Protection

How Nitrokey works

Get live updates

Be amongst the first to know when Nitrokey becomes available

Nitrokey ist besser

High Security

Open Source

No Backdoors - No NSA

Plausible Deniability

Easy Integration

Better Than Software

Get live updates

Be amongst the first to know when Nitrokey becomes available

Status

Nitrokey is part of

NitroNews from our blog

List of OTP- and U2F-supporting websites: dongleauth.info

Crypto Stick becomes Nitrokey

Meetup at 31C3 in Hamburg