OpenPGP is an open standard to encrypt, decrypt and sign documents, files and emails, which is mostly used with GnuPG. Storing cryptographic keys on a smart card such as the OpenPGP Card enables users to securely and conveniently use the same key across multiple devices. In case the device is lost, cryptographic keys remain securely in the device and can't be extracted. The OpenPGP Card can be used for email encryption or SSH authentication and many other cryptographic use cases too.
Opcard is written in Rust and for now available in a specific Nitrokey 3 firmware release available on the opcard repository. The first alpha release is only available for Nitrokey 3A Mini. A release for Nitrokey 3 NFC will follow within the next few weeks.Most features of the OpenPGP Card are already available such as:
- Key generation and import
- Signing and decrypting
- Card administration
The following algorithms are supported:
- X25519 and Ed25519
- ECDH and ECDSA over NIST P-256
This alpha release doesn't not support RSA which should follow in one of the next releases.
WARNING: The current implementation is an alpha release and is only suitable for testing. Updates may lead to data loss (for OpenPGP keys only. Other applications will not be impacted), and the security of the keys and PINs is not guaranteed.
Currently only available for the Nitrokey 3A Mini.
- Download the latest compiled release ZIP file.
- Plug your Nitrokey 3A Mini
- Use nitropy to install it with "nitropy nk3 update <path/to/release/zip/file>"
- Follow these instructions.
We encourage you to test opcard and report any bugs or missing functionality to us. Don't hesitate to discuss about it in our support forum.
What's next ?
There is still some road ahead of us before an official 1.0 release. We are already working on adding RSA support and integrating with the SE050 secure element available in the Nitrokey 3 for secure key storage and PIN protection.
We are also hard at work bringing it to Nitrokey 3 NFC thanks to our embedded runner that will unify the codebases for all models.
This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.