Nitrokey 3 Test Firmware With Secure Element Support

Today we have published a special test firmware release for the Nitrokey 3. The highlight is the complete integration of the SE050 Secure Element into the OpenPGP Card.
With this firmware it is now possible to select the "backend" for the cryptographic primitives in the OpenPGP Card. The previous software backend offers full transparency through viewable open-source source code, but only allows the generation of a maximum of RSA-2048 keys on the Nitrokey 3. Longer RSA keys can be imported, but not generated, as the computing capacity of the microcontroller is limited. The SE050 backend now enables the generation of RSA-3072 and even RSA-4096 keys, the latter in about one minute. The Secure Element is not open source hardware, so the implementations of the cryptographic primitives are not reviewable, but it offers certified security according to FIPS 140-2 Security Level 3-4 and Common Criteria EAL 6+.
A recent pynitrokey is required to switch the backends. This can be used to switch on the SE050 backend as follows:
nitropy nk3 set-config opcard.use_se050_backend true
Please note the messages displayed. When changing the backend, all OpenPGP Card data in the previous backend is irrevocably deleted. As this is a test firmware, we recommend being careful and creating backup copies of sensitive data and not using it productively yet. In future, it will also be possible to change the backend via the Nitrokey App 2, which is currently being worked on intensively.
Comments
Add new comment