Nitrokey 3 Alpha Firmware
We have now released a new alpha version 20221130 of the firmware for now all Nitrokey 3 models. Future alpha versions will be available centrally in the Nitrokey 3 firmware repository.
One major difference is the availability for all Nitrokey 3 models, which is also an important step for the codebase. The firmware for the Nitrokey 3A NFC, 3C NFC and 3A Mini will now be built from one codebase, so all models will have the same functionality in the future.
One-time passwords (OTP)
The firmware includes an initial implementation for HOTP and TOTP as a second factor. The current version of the command line tool pynitrokey can be used to use these one-time passwords. A new Nitrokey App 2 is already in development to be able to use one-time passwords conveniently via a graphical user interface (GUI) in the future. Currently you can manage OTPs with the alpha firmware using pynitrokey as follows:
# Register a one-time password with the name 'test': $ nitropy nk3 otp register --experimental test ABCDEFGHIJKLMNOP # Display all registered OTP entries: $ nitropy nk3 otp show # Get the one-time password for the name 'test': $ nitropy nk3 otp get --experimental test # Show help: $ nitropy nk3 otp --help $ nitropy nk3 otp register --help # --clear-password & --set-password do not work at the moment
OpenPGP Card
The first alpha version of the OpenPGP Card has been further improved and the current version now supports RSA. In summary, RSA 2048, NIST P256 as well as Ed25519 keys can now be generated and RSA 4096 keys can be imported but not generated. In addition, we have improved the compatibility with OpenSC, as well as fixed numerous minor bugs. Please note, if you update from an earlier alpha firmware you need to factory reset the OpenPGP Card with a specific command, otherwise it won't work properly.
Outlook
Currently, the above functions are only implemented in software and the one-time passwords (or secrets) and cryptographic keys are still stored unencrypted in the microprocessor. Our goal is to integrate the Secure Element (SE050) first with one-time passwords and then with the OpenPGP Card in the next few months. Subscribe to this blog to stay informed about developments.
Short Nitrokey 3 Status Update
Essentially, there is nothing new to report. As mentioned before, we still plan to ship the Nitrokey 3C NFC with new cases starting at the end of this year.
Stay Secure
Your Nitrokey Team
Comments
Add new comment