OpenPGP Card Alpha For Nitrokey 3

OpenPGP is an open standard to encrypt, decrypt and sign documents, files and emails, which is mostly used with GnuPG. Storing cryptographic keys on a smart card such as the OpenPGP Card enables users to securely and conveniently use the same key across multiple devices. In case the device is lost, cryptographic keys remain securely in the device and can't be extracted. The OpenPGP Card can be used for email encryption or SSH authentication and many other cryptographic use cases too.

Opcard is written in Rust and for now available in a specific Nitrokey 3 firmware release available on the opcard repository. The first alpha release is only available for Nitrokey 3A Mini. A release for Nitrokey 3 NFC will follow within the next few weeks.Most features of the OpenPGP Card are already available such as:

  • Key generation and import
  • Signing and decrypting
  • Card administration

The following algorithms are supported:

  • X25519 and Ed25519
  • ECDH and ECDSA over NIST P-256

This alpha release doesn't not support RSA which should follow in one of the next releases.

WARNING: The current implementation is an alpha release and is only suitable for testing. Updates may lead to data loss (for OpenPGP keys only. Other applications will not be impacted), and the security of the keys and PINs is not guaranteed.

Test it!

Currently only available for the Nitrokey 3A Mini.

  1. Download the latest compiled release ZIP file.
  2. Plug your Nitrokey 3A Mini
  3. Use nitropy to install it with "nitropy nk3 update <path/to/release/zip/file>"
  4. Follow these instructions.

We encourage you to test opcard and report any bugs or missing functionality to us. Don't hesitate to discuss about it in our support forum.

What's next ?

There is still some road ahead of us before an official 1.0 release. We are already working on adding RSA support and integrating with the SE050 secure element available in the Nitrokey 3 for secure key storage and PIN protection.

We are also hard at work bringing it to Nitrokey 3 NFC thanks to our embedded runner that will unify the codebases for all models.

Funding

NLnet NGI PET

This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.

22.10.2022

Comments

Super! 541 since I ordered Nitrokey 3C NFC and Nitrokey 3A NFC bricks. Hopefully you'll finish firmware 1.0 until the 2 year anniversary which is in 176 days (I'm not trolling, I'm optimistic and happy that you have some progress finally) Good luck!
Since the Nitrokey3 firmware now supports Ed25519, will there be support for this algorithm in the FIDO2 feature as well? So far Nitrokey still only supports ECDSA, despite Ed25519 being recommended over it for years and it would be great to have this safecurve implementation added to the fido feature as well.
Hey, not sure what kind of support you mean ? You can easily already create e.g. a ssh key using a ed25519 resident key. This works without issues for me. Or are you referring to something else? Creating works like that:

ssh-keygen -t ed25519-sk -Oresident -Oapplication=ssh:foobar -f test.key

I am referring to the supported algorithms for Webauthn authentication with the Fido2 feature. Previously, Nitrokey Fido2 devices only supported the mandatory but controversial ECDSA algorithm. The question is if we now get the option to use EdDSA aka Ed25519 as well when it comes to WebAuthn
Ah, ok, well this is a decision that is made by the server during the request. We at this point support -7 & -8 as signing algorithms, thus p-256 (ECDSA) and Ed25519 (EdDSA). So, in short: yes, we support Ed25519 in general for Webauthn, but for a specific Webauthn request the Nitrokey 3 does use what the server asks for.
Thank you for the response. One more happy Nitrokey customer
Hi meissner, Can you tell me what "-Oapplication=sshfoobar" does to the key? I've looked into "man ssh-keygen" but can't quite grasp the idea of this parameter.
Sure, this is just label, this ssh-keygen call creates an Resident Key entry (you can see them using e.g. Chromium: chrome://settings/securityKeys "sign-in data"). So this parameter: "-Oapplication=ssh:foobar" is setting the option (-O) for the "application" label, which is in this case "ssh:foobar". So far I know this is a generic mechanism in ssh-keygen and the component that talks to the Nitrokey interprets it. But I also cannot say where to find a consistent list of all these options documented, I also just "know" it, but no idea where it comes from. If you find a source, please share it...
Hi! Thanks for your reply. I only found this - wonderfall.dev/openssh-fido2/ The author writes that not setting the application flag means that the next time you want to generate an SSH key, the existing one stored on the smartcard will be overwritten. So my question is - can you store more than one ssh key on a NK3?
Yes, you can store far more than just one ssh key on the Nitrokey 3. Easily more than 20 (there is no hard limit). You just have to know that "-Oapplication=ssh:foobar" serves as an identifier (in fact just "foobar"), all saved keys should have a unique identifier as the website also mentions.
Cool! BTW, do you have a more precise timeframe as to when OpenPGP capabilities are going to be available for NK3A NFC? I've just received my NK and am looking forward to this release.
Hey, you can already find an alpha release on Github. From here I guess we'll be in alpha for some months to integrate the se050 (currently it's software only, w/o the secure element), improve robustness and fix bugs.
Thanks for your reply. Why does the description on github only mention NK3 mini, then? I don't want to brick my brand new NK, so can you confirm the installation procedure and the zip file are the same for NK3 mini and NK3 A? Thanks in advance, M.
Right, good point, sorry didn't mention that. This release won't work for your NK3A. But no worries, you can't brick it that easily. The bootloader would not accept the new firmware, if it's not the correct one for the device. Anyways, the alpha release for the OpenPGP Card will also be available shortly (next 1-2 weeks) for the NK3A/C, too.
Vielen Dank für das Update. Habe das Tutorial erfolgreich durchgetestet :-)
Any plans to support also ES384 / P-384?
Generally yes, but there is no ETA yet as we first focus on the necessary one(s) specified through the OpenPGP Card Specification 3.4. Once this is in place we will prioritize new cryptographic primitives.
Hi, will nitrokey 3A be compatible with keepassxc ? How many key slots will it have ( openpgp/ssh)?
Hey, for the password manager we haven't decided on the different integration options, yet. But KeepassXC surely is on one of the top positions. Generally, OpenPGPCard only defines a set of keys for a single identity, we plan to be able to switch identities, but there are also no plans yet how many this will be. For SSH I would recommend using FIDO2 Resident Keys, there you can as of now already have 20+ easily.
Cool, nur 1 Jahr, 7 Monate und 9 Tage nach Vorbestellung bzw. 11 Monate und 14 Tage nach Lieferung gibt es eine erste Alphaversion für den Nitrokey 3A Mini. Ich würde mittlerweile gerne vom Kauf meines 3C zurücktreten. An wen kann ich mich wenden?
Ja danke, wir finden das auch ganz cool. Schade, dass Sie zurücktreten möchten. Zwecks Bestellungsabwicklung bitte eine E-Mail an shop (at) nitrokey (dot) com schreiben, am besten mit der Bestellnummer SOxxxxxxx. (edit: Natürlich gilt sowas nur während der Vorbestellung bzw. im Rahmen des Widerrufsrechts)
Hi! Any update on the state of opcard for NK3A/C? Best
Yup, see this release, currently in internal testing, flashable binaries will be available within the next days...
Hi meissner, I know the alpha firmware is currently being tested internally. I found information on docs.nitrokey.com/nitrokey3/linux/firmware-update.html that updating firmware on a NK3 will basically result in a loss of data. Can you confirm or refute this?
Oh, well this is only true for firmware updates coming from version 1.0 and below. We'll update the documentation accordingly, sorry for the confusion. If you update from version 1.1 and higher there should be no data loss. Anyhow we strongly suggest to have (at least) another login method registered with your services.
Sure, it's important not to get locked out of your email account if you lose data or the physical key. However, it's a good sign that updating from 1.1+ should not result in a data loss. Thank you and I'm looking forward to the release of new firmware.
Thank you for development of the OpenPGP feature. This will be super useful. I appreciate the work you put into the Open Source firmware very much. You just can't rush security.

Add new comment

Fill in the blank.