Nitrokey | Secure your digital life

Secure Login

Login to websites (e.g. Google, Facebook) using secure One Time Passwords (OTP), U2F or ordinary static passwords. Login to computers and network services (e.g. SSH) using certificates.

read more
The Password is Dead

Passwords can be either difficult to remember or too short to securely protect important accounts. Traditional password systems have not been able to keep up with the increasing number of accounts needed for various websites nowadays. Passwords should be unique and the same one should never be used for multiple accounts. This renders passwords insecure and impractical to use.

Nitrokey aims to replace passwords by utilising the following strong authentication procedures:

One Time Passwords (OTP)

One Time Passwords (OTP) are similar to TANs and are used as a secondary security measure in addition to ordinary passwords. OTPs protect against identity theft, which means that if your password is compromised your account is still secured by the Nitrokey. Using a small tray icon application, your Nitrokey generates OTPs which are required in order to log in to configured websites and applications. There is a growing list of websites which can be used with Nitrokey's OTPs. The supported protocol are HMAC-based One-time Password Algorithm (HOTP, RFC 4226) and Time-based One-time Password Algorithm (TOTP, RFC 6238), which are compatible with Google Authenticator.

Universal 2nd Factor (U2F)

Universal 2nd Factor (U2F) is very secure, super easy to use, and may become the successor to OTPs. U2F uses cryptographic challenges which are signed by the Nitrokey U2F device. Account-specific keys are used to prevent user tracking and to protect your privacy. U2F doesn't require an additional tray application because some web browsers already support Nitrokey U2F (Firefox, Google Chrome, Internet Explorer with plugin). U2F is a new standard and is so far only supported by a few websites, but its acceptance is increasing.

Client Certificate Authentication

You can use your Nitrokey to administrate your servers securely via SSH, to access your Virtual Private Network via OpenVPN and to log in to some websites via HTTPS.

Password Safe

In cases where an ordinary password is required, Nitrokey provides a password safe to store passwords securely. It allows you to have individual passwords for each account and store them encrypted in the Nitrokey. Maximum 16 passwords.
Email Encryption

Encrypt your emails with GnuPG, OpenPGP, S/MIME or your favourite email client. Keep your secret keys secure on your Nitrokey.

read more
Emails are readable like postcards

If you do not take additional precautions, random system administrators can easily access your emails. It is also possible that your emails have already been accessed and stored by intelligence services. Cybercriminals are increasingly targeting email servers in order to launch phishing attacks on businesses and individuals. Email encryption prevents attackers or unauthorised users from reading your private emails.

Nitrokey aims to make email encryption as easy as possible

Nitrokey stores your secret keys securely on the device and protects them from malware and physical attackers. Nitrokey can be used with various types of email encryption software both easily and with minimal modifications. Windows, MacOS and Linux are supported, and device drivers are either preinstalled or installed automatically. GnuPG works out of the box in conjunction with Nitrokey and supports OpenPGP and S/MIME formats. PKCS#11 drivers are provided for integration with S/MIME-supporting software. Among the supported applications are Mozilla Thunderbird, MS Outlook and GnuPG.

Supported email encryption standards: OpenPGP and S/MIME

Two different formats exist for email encryption: OpenPGP and S/MIME. OpenPGP is more popular for individual use, while S/MIME is predominantly used by businesses. Unlike most other USB dongles, Nitrokey supports both formats.
Encrypted Mobile Storage

Carry important data with you, hardware-encrypted on your Nitrokey Storage device (8-64 GB). Compatible with Windows, Linux and Mac OS.
read more
Data Loss on USB drives

To avoid damage to data, and even subsequent lawsuits, it is necessary to encrypt all sensitive data that you carry with you. You don't want find yourself dealing with the horrible potential consequences of data loss ([1], [2], [3]).

Insecure proprietary USB vendors
- Hard disks and other equipment are routinely intercepted by the NSA en route from vendors to clients, and in the process are implanted with backdoors. With Nitrokey you can export the installed firmware and verify its integrity (or flash your own firmware).
- In 2011 RSA Inc was hacked and the secret keys from all of their SecurID tokens were stolen, allowing to circumvent the access control.
- FIPS 140-2 Level 2 certified USB storage devices from Kingston, SanDisk, Verbatim, MXI and PICO could easily be accessed using a default password (revealed in 2010).
Serious security flaws were also found in the following products:
- Xystec (2012)
- Corsair's Padlock (2010)
- Raidon‘s Staray-S-Serie (2009)
- All USB storage devices from 9Pay, A-Data and Transcend which use fingerprint readers based on the USBest UT176 and UT169 from Afa Technology (2008)
- Excelstor’s GStor Plus (2005)
- Lexar JumpDrive (2004)
Encrypted Storage

The Nitrokey Storage contains an encrypted mass storage space with a capacity of up to 64 GB. To unlock the drive, simply enter your PIN and all of the encryption and decryption will be performed within the hardware device. This is theoretically more secure than a software solution and means that you no longer need to be dependent on an operating system. The device can be used with Windows, Linux and Mac OS X.

Hidden Volumes

Nitrokey Storage contains a feature which allows you to set up hidden volumes in addition to the primary encrypted storage. These hidden volumes are protected by an additional password and their existence cannot technically be proven. This allows you to deny the existence of any additional encrypted data, for example during border controls.
Hard Disk & File Encryption

Encrypt your hard disks and files using TrueCrypt/VeraCrypt, GnuPG Tools and more. Keep your secret keys secure on your Nitrokey.

read more
If you have any private data stored on your computer or laptop, disk encryption is a must. With the Nitrokey you can use various disk encryption solutions. Your secret keys are stored securely on the Nitrokey device, which can be used similarly to a physical door key to unlock your computer. Among the supported solutions are TrueCrypt/VeraCrypt, Gnu Privacy Assistant and GnuPG. Microsoft Bitlocker and Linux disk encryption solutions should also work but have yet to be tested.
Server Protection

Protect your server certificates by using up to 43 ECC and 35 RSA keys with the Nitrokey HSM. Ideal for security servers.

read more
Servers are vulnerable to a large range of attacks, are online 24 hours a day, and are sometimes poorly maintained. Most servers will at some point contain a remotely exploitable security flaw (for example, OpenSSL's Heartbleed bug). Even though you may not be able to secure your server 100%, you can keep your private keys out of reach of attackers and store them on the Nitrokey.

	Nitrokey Storage 2	Nitrokey Pro 2	Nitrokey Start	Nitrokey HSM	Nitrokey FIDO U2F

Open source	✓	✓	✓	✓	✓
Tamper-resistant smart card	✓	✓		✓
S/MIME email and hard disk encryption (X.509, PKCS#11)	✓	✓	✓	✓
OpenPGP/ GnuPG email encryption	✓	✓	✓
Secure login (One Time Passwords)	✓	✓
Password Manager	✓	✓
Encrypted mass storage	✓
Hidden volumes	✓
Firmware updates and verification	✓		✓
RSA key length [bit]	2048 - 4096	2048 - 4096	2048**	1024 - 2048
Number of RSA key pairs	3*	3*	3*	20
ECC key length [bit]	256 - 521	256 - 521	256	192 - 320
Elliptic curves	NIST P, Brainpool	NIST P, Brainpool	NIST P, Curve25519, SECG	NIST P, Brainpool, SECG
Number of ECC key pairs	3*	3*	3*	31
PKI/CA management features				✓
Secure login (FIDO U2F)					✓
Factsheet	Nitrokey Storage 2	Nitrokey Pro 2	Nitrokey Start	Nitrokey HSM	Nitrokey FIDO U2F
Price	Starting from € 109.00	€ 49.00	€ 29.00	€ 59.00	€ 22.00
	Buy	Buy	Buy	Buy	Buy

Protect emails, files, hard drives, server certificates and online accounts using a physical USB key.

Nitrokey enables:

Secure Login

The Password is Dead

One Time Passwords (OTP)

Universal 2nd Factor (U2F)

Client Certificate Authentication

Password Safe

Email Encryption

Emails are readable like postcards

Nitrokey aims to make email encryption as easy as possible

Supported email encryption standards: OpenPGP and S/MIME

Encrypted Mobile Storage

Data Loss on USB drives

Insecure proprietary USB vendors

Encrypted Storage

Hidden Volumes

Hard Disk & File Encryption

Server Protection

How Nitrokey works

Nitrokey is better:

High Security

Independent Security Assessment

Open Source

Complete USB plug

No Backdoors - No NSA

Plausible Deniability

Easy Integration

Better Than Software

The Nitrokey Family

Our Customers

News

New: Nitrokey FIDO U2F

Nitrokey Pro 2 Available

Nitrokey Partners with Purism to Build the Librem Key

Be The first to know

Stay informed about the Nitrokey project, new models
and firmware updates.

Protect emails, files, hard drives, server certificates and online accounts using a physical USB key.

Nitrokey enables:

Secure Login

The Password is Dead

One Time Passwords (OTP)

Universal 2nd Factor (U2F)

Client Certificate Authentication

Password Safe

Email Encryption

Emails are readable like postcards

Nitrokey aims to make email encryption as easy as possible

Supported email encryption standards: OpenPGP and S/MIME

Encrypted Mobile Storage

Data Loss on USB drives

Insecure proprietary USB vendors

Encrypted Storage

Hidden Volumes

Hard Disk & File Encryption

Server Protection

How Nitrokey works

Nitrokey is better:

High Security

Independent Security Assessment

Open Source

Complete USB plug

No Backdoors - No NSA

Plausible Deniability

Easy Integration

Better Than Software

The Nitrokey Family

Our Customers

News

New: Nitrokey FIDO U2F

Nitrokey Pro 2 Available

Nitrokey Partners with Purism to Build the Librem Key

Be The first to know

Stay informed about the Nitrokey project, new models and firmware updates.

Confirm e-mail address

Stay informed about the Nitrokey project, new models
and firmware updates.