05 November 2019

Sie sind winzig und groß, sorgen für mehr Sicherheit bei der Anmeldung per Webauthn und können gepatcht werden: Die in Kürze erscheinenden Fido-Sticks von Nitrokey und Solokeys machen so manches besser als die Konkurrenz von Google und Yubico.

kuketz logo
03 Juni 2019

Der Schutz der digitalen Identität ist heute wichtiger denn je. Gestohlene Online-Accounts können in den falschen Händen erheblichen Schaden bei betroffenen Personen verursachen. [...] Abhilfe gegen den Account-Missbrauch schafft die Überprüfung weiterer Eigenschaften oder Informationen via Zwei-Faktor-Authentifizierung (2FA), die unter anderem von sogenannten Security-Tokens beherrscht wird.

logo golem
15 Mai 2019

Um den Anmeldeprozess für Nextcloud-Instanzen über Fido 2 einfacher und sicherer zu machen, will der Hersteller der Kollaborationsplattform mit dem Hersteller der Nitrokeys zusammenarbeiten.

logo nextcloud
15 Mai 2019

Nitrokey develops fully open and auditable security USB keys for two-factor authentication, cryptographic key storage and much more. Self-hosting a Nextcloud gives users 100% control over their data, protecting their privacy. But privacy doesn’t exist without security and Nextcloud offers many security features like two-factor authentication (2FA), brute force protection, server and client side encryption and much more. Nitrokey’s security and encryption devices are a perfect match. logo
22 März 2019

The many data breaches over the past few years have made one thing extremely clear: Passwords are not working. Enter the $25 Nitrokey Fido U2F USB security key. The Nitrokey makes it much harder for the bad guys to break into your account by adding a second authentication step to popular services like Google, Twitter, Facebook, and more.

13 März 2019

Sicher mit nur einer PIN oder einem schlechten Passwort: Fido-Sticks sollen auf Tastendruck Zwei-Faktor-Authentifizierung oder passwortloses Anmelden ermöglichen. hat getestet, ob sie halten, was sie versprechen.

Jekko logo
14 Februar 2019

On an infinite timeline of the internet, your email and password will eventually fall into the hands of a unknown party. [...] Having a strong password isn’t enough, that’s why today we’ll look at Nitrokey’s FIDO U2F as a physical device as a second layer of protection.

fladnag logo
23 Januar 2019

The goal of this tutorial is to build a relatively secure and cheap PKI for your business, organization or personal use...

finanztrends logo
17 Dezember 2018

Dass Startup Aktien 2019 an der Börse eine wichtige Rolle spielen könnten, wird von kaum einer Seite bestritten. [...] Zuletzt rückten in Deutschland Unternehmen wie Nitrokey [...] aufgrund ihres rasanten Wachstums in den Vordergrund. Wann dort eine Investition möglich ist, lässt sich bislang nicht absehen.

Logo LANline
08 November 2018

Um Konten zu Hause oder am Arbeitsplatz zu schützen, hat das deutsche IT-Sicherheitsunternehmen Nitrokey den USB-Schlüssel Nitrokey FIDO U2F vorgestellt. Dieser soll die Verwendung einer Zwei-Faktor-Authentifizierung deutlich vereinfachen. Anwender müssen nach der Erstkonfiguration nur noch den Touch-Sensor auf dem Gerät berühren, um sich bei ihren verschiedenen Konten anzumelden.

Logo BrandIT
20 Oktober 2018

Do zabezpieczenia swoich danych, w tym wrażliwych danych dostępowych do serwisów czy systemów informatycznych, można podchodzić w różny sposób, implementując określoną politykę bezpieczeństwa i metodę zabezpieczenia kluczowych danych. Zazwyczaj jednak żadna polityka nie zostaje wdrożona i dane są ogólnodostępne, niezabezpieczone przed utratą spowodowaną niezamierzonym lub celowym działaniem człowieka, wyciekiem czy zniszczeniem.

Slashdot Logo
22 September 2018

Purism announced Thursday that its highly anticipated Librem Key security key is now available for purchase as the first and only OpenPGP-based smart card to offer a Heads-firmware-integrated tamper-evident boot process for laptops. Developed in partnership with Nitrokey, a company known for manufacturing open-source USB keys that enable secure encryption and signing of data for laptops, Purism's Librem Key is dedicated to Librem laptop users...

Purism Logo
20 September 2018

A few months ago we announced that we were partnering with Nitrokey to produce a new security token: the Librem Key and I’m pleased to announce that today the Librem Key is available for purchase on our site for $59.

Logo of Linux Journal
18 Mai 2018

Purism, maker of the security-focused Librem laptops, announced yesterday it has partnered with Nitrokey to create Purekey, "Purism's own OpenPGP security token designed to integrate with its hardware and software. Purekey embodies Purism's mission to make security and cryptography accessible where its customers hold the keys to their own security."

linuxcom logo
04 April 2018

We are happy to announce a new special program sponsored by The Linux Foundation in partnership with Nitrokey -- the developer and manufacturer of smartcard-compatible digital tokens capable of storing private keys and performing PGP operations on-chip.

logo of
14 März 2018

The best way to completely protect your keys is to move them to a specialized hardware device that is capable of smartcard operations.

logo community
14 März 2018

This article presents a way of utilising the Nitrokey HSM hardware security token for signing DNSSEC zone files for use with the NSD name server daemon.

Logo Medium
26 Februar 2018

One goal of this partnership is to implement a secure login mechanism into our digital inheritance platform for our legal entities using Nitrokey products.

Logo Computerwelt
16 Februar 2018

Der oberösterreichische IT-Security-Distributor NESTEC IT-Solutions, mit Standorten in St. Florian bei Linz und Zagreb, hat Vertrieb und Betreuung der Lösungen des Herstellers Nitrokey aus Berlin für Österreich, Südtirol und den ostadriatischen Raum übernommen.

logo of guardian project
18 Dezember 2017

For the HSM, we recommend using Nitrokey hardware, since they are free software/hardware, and provide a wide range of options. Use a separate machine to put the signing keys on HSM. A good HSM will keep an audit trail of how many signatures have been made, so that information could be used to create an automatic auditing process to raise alarms if too many signatures have been made. That could mean that this server was breached and used to sign unauthorized packages.

Logo Chaospott
01 November 2017

Im Podcast vom "Chaospott Essen" wird über die Nutzung des Nitrokey berichtet.

27 Oktober 2017

Pour un particulier désireux de protéger ses données numériques, la solution la plus connue est la clé USB Yubikey de Yubico. Malheureusement, Yubikey a décidé l’année passée de fermer le code de leurs clés, ce qui est plutôt inquiétant, surtout venant d’une entreprise Américaine. Dans cet article, je vais vous présenter Nitrokey, une société qui offre une alternative libre à Yubico. logo
17 Oktober 2017

An earlier LWN article showed that private key storage is an important problem to solve in any cryptographic system and established keycards as a good way to store private key material offline. But which keycard should we use? This article examines the form factor, openness, and performance of four keycards to try to help readers choose the one that will fit their needs.

forgerock logo
14 August 2017

The Nitrokey HSM provides a PKCS#11 hardware security module the form of a USB key. The design is based on open hardware and open software.

This is a low cost option to familiarize yourself with an actual hardware HSM, and to test your procedures. With it, you can demonstrate that OpenDJ servers can in fact use the HSM as a key store. [...]

The current article demonstrates generating and storing keys and certificates on the Nitrokey HSM, and then using they keys to protect OpenDJ server communications.

speech bubble
07 Juli 2017

Getting yourself set up in macOS to sign keys using a Nitrokey HSM with gpg is non-trivial. Allegedly (at least some) Nitrokeys are supported by scdaemon (GnuPG’s stand-in abstraction for cryptographic tokens) but it seems that the version of scdaemon in brew doesn’t have support.

speech bubble
04 Juli 2017

So my Nitrokey HSM arrived and it works great, thanks to the Nitrokey peeps for sending me one.

Because the OpenSC PKCS #11 module is a little more lightweight than some of the other vendors, which often implement mechanisms that are not actually supported by the hardware (e.g. the Opencryptoki TPM module), I wrote up some documentation on how to use the device, focusing on how to extract the public keys for using outside of PKCS #11, as the Nitrokey doesn’t implement any of the public key functions.

wired logo
07 Juni 2017

You can’t lock down all the things all the time—it’s the digital equivalent of hiding in a bunker. Build a personal protection plan that makes sense for you.

speech bubble
09 Mai 2017

I got my hands on a Nitrokey pro! I went for Nitrokey over Yubikey since Nitrokey is totally open-source (something I strongly believe in) meaning more control and security.

ct logo
28 April 2017

Wer mehr Sicherheit haben will, muss Bequemlichkeit dafür hergeben – so lautet ein allgemein behauptetes Manko sicherer IT. Zum Glück bestätigen Ausnahmen die Regel. Die OpenPGP Smartcard ist so eine Ausnahme. Für das Plus an Sicherheit müssen Sie einmal unsere etwas längliche Installationsanleitung befolgen. Aber dann kommen Sie in den Genuss, Ihre Mails ohne weiteres Zutun bequem verschlüsseln und sich ohne Eingabe kryptischer Passphrasen automatisch per SSH einloggen zu können.

linuxcommunity logo
01 April 2017

Der Nitrokey Pro verspricht einen sicheren Safe für Passwörter und eine Zwei-Faktor-Authentifizierung. Im Praxistest tritt der Newcomer gegen den Platzhirsch YubiKey an.

speech bubble
28 Januar 2017

Bin neulich über das Akronym U2F (Universal Second Factor) gestolpert und fand die Tatsache, dass ich einige Dienste über einen USB-Stick absicher kann, doch recht praktisch. Zwar bieten die meisten großen Anbieter bereits mehrere Methoden (SMS, App etc) zur 2-Faktor-Autorisierung an, aber so ohne Smartphone ist auch ganz praktisch. Glaube ich zumindest bis jetzt.

speech bubble
21 Januar 2017

Ya de ca qq semaines je suis tombé sur une petite chose vraiment très intéressante et je n'ai pas pu m’empêcher d'en commander une pour la tester ...
Vous allez me dire : oui OK c'est bien on est content pour toi ...
Mais c'est quoi cette petite chose qui mérite carrément une review sur le fofo alors que ça a rien a voir avec le sat ???!!!
Et bien c'est une Nitrokey !

speech bubble
30 Dezember 2016

Nitrokey is an open source usb smart card that has multiple uses including one time passwords, email encryption, file encryption and computer authentication. The creators decided to create it when they needed a solution to securing their encryption keys on insecure computer systems.  In 2009 they released their first product and now in 2016 they have four different products and are on their way to creating another one.

ct logo
09 Dezember 2016

Alle Jahre wieder kommt die schwere Suche nach Geschenken: Apfel, Nuss und Mandelkern haben längst nicht alle Kinder gern – von Mama und Papa ganz zu schweigen.

Vom Himmel hoch kommen sie nicht her: gute Geschenk-Ideen. Doch die c’t-Redaktion macht hoch die Tür, lässt die Jingle Bells erklingen und stellt recht zeitig zur stillen Nacht Geschenktipps vor.

25 November 2016

Security crumbles if hackers manage to get at secret or private keys. The best way to protect your key material is to keep it inaccessible from software, so if the application or the OS gets compromised the keys cannot be extracted. Smart cards and hardware security modules (HSM) provide just that — a dedicated external device for storing keys and performing the actual crypto operations with them.

speech bubble
13 November 2016

The Nitrokey HSM is an open hardware security module, in the form of a smart card token, which is used to isolate a server's private key from the application. That is, if you have an HTTPS server, such a hardware security module will prevent an attacker which temporarily obtained privileged access on the server (e.g., via an exploit like heartbleed), from copying the server's private key, allowing for impersonating it.

lanline logo
10 November 2016

Die beiden Unternehmen Nitrokey und Netknights bringen gemeinsam eine Komplettlösung für eine vertrauenswürdige Zwei-Faktor-Authentifizierung in Unternehmen auf den Markt. Dabei handelt es sich um den USB-Schlüssel Nitrokey, der sich mit dem Mehr-Faktor-Authentifizierungssystem Privacy Idea initialisieren und verwalten lässt. Die gemeinsame Lösung soll als Open Source beziehungsweise als offene Hardware veröffentlicht werden.

speech bubble
21 September 2016

In einem vorherigen Artikel habe ich den Nitrokey Pro vorgestellt. Diesen habe ich nach und nach für immer mehr Einsatzzwecke verwendet. Die Erfahrungen, die ich dabei gesammelt habe, möchte ich in einer Artikelreihe zusammenfassen um Anderen einige Stunden voller Verzweiflung und wiederholtes Neu-Aufsetzen der Schlüssel ersparen zu können.

raymii logo
14 August 2016

The Nitrokey Start is an OpenPGP USB token. It supports three 2048 bit GPG keys and is based on gnuk version 1.0.4. Gnuk is an implementation of USB cryptographic token for GPG. A cryptographic token is a store of private keys and it computes cryptographic functions on the device. The main difference with other GPG cards like the Nitrokey Pro, Yubikey or the OpenPGP card is that this device does not use a smartcard. Whereas the other devices are basically USB smartcard readers, the Nitrokey Start has everything in it's firmware. Therefore it is a very cheap device ($29) and a great choice if you want token based GPG security but don't want to spend much on an expensive other key.

raymii logo
01 August 2016

This article sets up a Nitrokey HSM/SmartCard-HSM web cluster and has a lot of benchmarks. This specific HSM is not a fast HSM since it's very inexpensive and targeted at secure key storage, not performance. But, what if you do want more performance? Then you scale horizontally, just add some more HSM's and a loadbalancer in front.

27 Juli 2016

A few years ago, the hardware vendor Yubico made a bit of a splash when it introduced its YubiKey line of inexpensive hardware security tokens powered by open-source software. With its most recent product release, however, Yubico has dropped open source and started deploying only proprietary software in its devices. Consequently, many community members have started looking for a viable replacement that will adhere to open-source principles. At present, one of the leading contenders for Yubico's departed customers is Nitrokey, which manufactures a line of hardware tokens capable of generating one-time passwords (OTPs), storing and using OpenPGP keys, and several other features. The devices made by Nitrokey run open-source software and are open hardware as well.

raymii logo
17 Juli 2016

This is a guide which shows you how to write small elementary files to a nitrokey HSM. This can be usefull if you want to securely store data protected by a user pin. You can enter the wrong pin only three times, so offline brute forcing is out of the picture.

raymii logo
15 Juli 2016

This is a guide on using the Nitrokey HSM with sc-hsm-embedded module instead of the PC/SC daemon and OpenSC, mod_nss and the Apache webserver. This is an extension on the earlier guide, with new benchmarks. The sc-hsm-embedded module is not using a global lock like OpenSC, therefore providing better performance. The sc-hsm-embedded module is also a read only module, suitable for embedded systems. Read only also makes it more secure when deployed, even when the user pin leaks out an attacker cannot create new keypairs or delete the current ones.

raymii logo
13 Juli 2016

This is a guide which shows you how to extract private RSA key material from the Nitrokey HSM / SmartCard-HSM using the DKEK. This way you can get the private key out of the HSM in an unencrypted form. It does require access to the HSM device, all the DKEK share and their passwords. Do note that doing this defeats the entire purpose of a HSM, namely that you never have access to the keys. In the article I'll go over some explanation why this might be a feature you need and why it might be a case of security over convinience.

raymii logo
21 Juni 2016

This is a guide on using the Nitrokey HSM with mod_nss and the Apache webserver. The HSM allows you to store the private key for a SSL certificate inside the HSM (instead of on the filesystem), so that it can never leave the device and thus never be stolen.

The guide covers the installation and configuration of mod_nss, coupling the HSM to NSS, generating the keys and configuring Apache, and last but not least we also do some benchmarks on Apache with the HSM and different key sizes.

raymii logo
19 Juni 2016

This is a guide to get started with the Nitrokey HSM (or SmartCard-HSM). It covers what a HSM is and what it can be used for. It also goes over software installation and initializing the device including backups of the device and keys. Finally we do some actual crypto operatons via pkcs11, OpenSSH, Apache and OpenSSL. We also cover usage in Thunderbird (S/MIME), Elementary Files (EF), a Web cluster with Apache and mod_nss and the decryption of the keys.

ct logo
29 April 2016

NitroKey Pro ist im Wesentlichen eine Smartcard in Form eines USB-Sticks. In Verbindung mit Standard-Tools wie OpenPGP hilft der Stick, Daten zu verschlüsseln und zu signieren. Zudem beherrscht er die Zwei-Faktor-Authentifizierung mit One-Time-Passwords (OTP), wodurch man etwa den Zugriff auf Web-Dienste absichern kann.

Speech bubble
14 April 2016

A lot of deployment of Active Directory Certificate Services is never deployed with an Hardware Security Module (HSM). Now this does not have to be a problem depending on the use of the issued certificates. In some deployments however it can be a serious security risk not to incorporate a HSM into the design.

medium logo
26 März 2016

Hardware security modules are physical devices that manage keys. Generally, the rule is that they let you use the keys for operations (e.g. signing) given correct authentication, but don’t let you extract the raw key material. This means that if you’re holding the HSM, you know that no one else is currently abusing your key (though they may have done so in the past).

speech bubble
01 März 2016

A GnuPG key should always be secured with a passphrase, but if you want to secure it further, then one popular option is to move it off the hard drive, onto a USB device with OpenPGP Card support such as the Nitrokey Pro.

speech bubble
29 Februar 2016

Der Nitrokey ist das Produkt eines Open-Source-Projekts, dass es sich zur Aufgabe gemacht hat, Passwörter und kryptographische Schlüssel sicher zu verwahren.

Für eine sichere Übertragung von Daten im Internet ist die Vertraulichkeit des privaten Schlüssels unabdinglich. Doch genau dieser gerät in Zeiten von Bundestrojanern und immer heimtückischerer Krimineller zusehends in Bedrängnis. Selbiges gilt für Passwörter, die viel zu oft  im Klartext irgendwo auf der Festplatte liegen und nur darauf warten, von Eindringlingen abgegriffen zu werden.

ct logo
19 Februar 2016

Der Nitrokey Pro ist eine Smartcard für verschiedene Verschlüsselungsaufgaben im handlichen USB-Stick-Format. Er lässt sich etwa zur Mail-Verschlüsselung mit GnuPG nutzen oder aber, um Daten mit TrueCrypt zu chiffrieren. Die geheimen Krypto-Schlüssel verbleiben stets im Smartcard-Chip im Inneren des Sticks, wo sie vor Trojanern sicher sein sollen. Zudem generiert der Nitrokey auch Einmalpasswörter zur Zwei-Faktor-Authentifizierung (OTP) und arbeitet als verschlüsselter Passwort-Tresor.

speech bubble
01 Januar 2016

Schon seit längerem hadere ich mit der Absicherung meiner Kennwörter über eine Smartcard oder einen USB Stick. Das ist zwar unbequem und ich rechne mit einer langen steilen Gewöhnungskurve aber dieses Jahre werde ich mich diesem Bären stellen.

Speech bubble
28 Dezember 2015

I rarely advertise any products, and even though this is not physically available yet: get your USB Nitrokey Storage at Indiegogo until tomorrow. Realized with Open Hardware and Free Software it will enable secure logins, encryption, backups, ... Further information is available at the Nitrokey web site.

zdf logo
27 Dezember 2015

Nachrichtensendung 'Heute' des ZDF über den Nitrokey

Im Rahmen eines Beitrags zum Hacker-Congress 32c3 des Chaos Computer Clubs berichtet die Nachrichtensendung ZDF Heute auch über den Nitrokey, der als "digitaler Haustürschlüssel" Systeme absichert. Dabei wird erklärt, dass die Software dahinter Open Source ist und inwiefern dies wichtig für die Nachvollziehbarkeit der Sicherheit ist.

xmodulo logo
23 Dezember 2015

With the mounting online security risks, simple one-step security no longer suffices, and people resort to multiple layers of security to thwart increasingly sophisticated attacks on their digital assets and online privacy. An advanced form of security defense often employed in financial sectors and other corporate environments is hardware-based protection, where a tamper-proof physical security key (also known as "security token" or "hardware token") acts as a protection layer for secret software keys or login credentials.

business insider logo
22 Mai 2015

Germany's thriving startup scene is one of the most unique in Europe.

The capital Berlin is home to a mixture of hackers, privacy experts, scientists, and video companies that are making waves in the tech scene.

Here are some underground companies as well as more established names that are worth watching. 

10 Februar 2015

In order to ensure maximum security for our community, we are using a dedicated signing server with a hardware security module (HSM) that is not connected to the Internet. This drastically reduces the risk of a remote attacker compromising the CloudRouter Project key and attempting to sign malicious packages as legitimate components. [...] A huge variety of HSMs are available. We went with Nitrokey as it had several key benefits

hacker10 logo
18 Januar 2015

Nitrokey is a physical USB thumbdrive developed in Germany to encrypt email with OpenPGP, GnuPG or S/MIME, use One Time Passwords, encrypt your computer hard drive files, manage digital certificates and act as a double authentication token with websites that have adopted the Universal 2dn Factor U2F standard supported by Google services, OpenSSH and WordPress. The hardware design and software code of this encryption thumbdrive has been made open source to allow the review of their security and for developers to be able to integrate their own applications.

mozilla logo
13 Februar 2013

Mozilla maintains a wide range of services which are secured using different solutions.  For internal repositories, our Operations Security team has chosen to use the low-cost, open source and open hardware CryptoStick from the German Privacy Foundation.
An HSM is a Hardware Security Module. It’s a hardware card, stick, device able to perform crypto operations. In general, it stores private keys which are used to sign, encrypt or authenticate. The key itself never leaves the hardware, thus attackers cannot steal the key (i.e., if the hardware is disconnected, the key cannot be used anymore.)

linux-pro-magazine logo
02 Februar 2011

During CeBIT 2011 open source projects such as Crypto Stick, USB stick developed to allow easy and high-secure encryption of emails and more, will have the opportunity to showcase what is currently in active development.

linux-magazin logo
01 Dezember 2010

Open-Source-Hardware ist keine Spielerei, das zeigt ein USB-Stick der German Privacy Foundation. Auf dem können bis zu drei Benutzer ihre GPG-Schlüssel, RSA- und PKCS#11-Zertifikate hinterlegen und sich mit Linux und Windows für E-Mails, Browser oder SSH authentifizieren.