Nitrokey 3 - Test Firmware Release

We are happy to announce that there is a new test firmware release for the Nitrokey 3, which comes with numerous improvements and enhancements. 

In particular, numerous minor bugs in the FIDO2 functionality have been fixed to ensure better compatibility with services and compliance with the specification.

A highlight is certainly the first integration of the SE050 Secure Element into the firmware. We want to proceed very defensively here and have initially only activated the initialization of the random number generator with the help of the SE050. In addition, there is an integrated test routine for numerous functionalities of the SE050 to gain initial insights into the stability of the driver across numerous devices.

Finally, there are various preparations for the full SE050 integration that are not directly visible. For more details and an exact breakdown of the changes, the release can be inspected at Github.



Does the new release also fix the problem where the NK3 is not recognizedas a second factor in the Nitrokey forum?
This should be working fine, on our side we cannot reproduce this behavior. If you still encounter this after this release, please write to support (at) nitrokey (dot) com - or post in the forums.
integration of the SE050 Secure Element into the firmware

This is huge, looking forward to the next few updates.

You guys got an ETA on when 384 and 521 ECC keys will be implemented?

Thanks, you are right, this is a pretty big leap - we first focus on introducing this into the stable firmware. This will bring rsa4k with pretty impressive generation times - more algorithms will follow afterwards - hard to tell for 384/521 - somewhere in Q1 would be a wild guess, this strongly depends on how robust the current implementation will integrate ...
Guys, I'm somewhat interested in buying a Nitrokey 3, and would probably prefer it to a Yubikey, but am not willing to buy a beta product. When do you think, you'll (roughly) get out of beta ? (Currently it seems like: never) remark: a product without proper pdf-spec IS beta (at best).
We don't see the Nitrokey 3 as being in beta. There is a stable firmware next to a test firmware released regularly. The latter can be considered "beta" or as "test" as the name suggests. Especially the FIDO2 and OpenPGPCard functionality is very mature. I'll take with me that for you a pdf seem to increase the maturity of a product and see if we can also provide one as we do for the other Nitrokeys.
hmm, that's a very steep thesis, there are a lack of announced functions and a stable firmware is of no use to the normal user without simple handling via app. how is this not only beta?
The Nitrokey 3 implements various standards, which don't need any 3rd party tools to be provided by us in order to be used. So OpenPGPCard can be used with several tools: gpg, kleopatra, Thunderbird - FIDO2 is integrated into either the OS itself (Windows) or can be managed from within the Browser (Linux). For the "normal user" these functionalities can be directly used, without any other tooling provided by us. Although, I fully understand your point and we are working on the nitrokey-app2 to ease management tasks.
When will we know how many resident keys will fit on the device? At least an estimate 10, 50, 100, 250, 500?
currently it is set to 10 - we plan to increase that, but this is currently bound to the internally available flash-space of the MCUs. Moving them to external memory would be an option, but then these won't be available through NFC. The next step will likely be to increase the available resident keys to something like 20 with some optimizations on storage size - supporting more will likely require moving into external memory and thus not having them available for NFC operations - we'll have to define how exactly we'll do this without loosing NFC capabilities for FIDO2 overall...
Thank you for the update/outlook. All big players which have enabled passkey in the past few months enforce resident keys (non-resident is not even available as an option) If other sites follow their example, then security keys must support 100+ keys to be future proof. Are 100 keys in reach? Even if I have to split them into two groups one with NFC support, one without?
if we are talking about non-nfc operation 100 keys are easily in reach - for NFC operation we are currently investigating options how far we can go. We also see a move towards passkeys and obviously welcome this development.

Add new comment

Fill in the blank.