Under certain circumstances the Nitrokey Storage could use an empty AES key to encrypt the mass storage and Password Safe, allowing an attacker to decrypt the encrypted data. As a precaution all Nitrokey Storage should be updated to firmware 0.51 or higher which prevents unlocking with a zero AES key. Nitrokey Storage with firmware 0.51 or higher and other Nitrokey models are not affected.
Nitrokey is proud to announce a partnership with The Linux Foundation to equip over 2000 Linux kernel developers with Nitrokey Start USB keys. Linux kernel developers will have the ability to cryptographically sign code with OpenPGP/GnuPG signatures, as a strict requirement when sending merge requests directly to Linus Torvalds.
Researchers discovered the ROCA vulnerability (CVE-2017-15361) which enables attackers to compute their victim's private RSA keys with little effort. Affected are RSA keys being generated in various hardware systems which contain the vulnerable chip from Infineon Technologies, such as computers with a Trusted Platform Module (TPM), smart cards and USB dongles.
Do you need strong hardware-based encryption for your own software but are afraid of it's complex integration? Here is a solution for you. The Nitrokey Encryption Tool is a command line interface application which uses on-device RSA keys to encrypt/decrypt AES keys used in turn to encrypt user data. This way you don't need to deal with hardware integration or more complicated RSA.
Due to numerous requests from our customers and in order to make (especially international) payments more attractive, we have added Bitcoin as an accepted payment method in our online shop. If you're not sure what to do with your increasingly valuable Bitcoins, this is for you too.
Finally it is possible to use Nitrokey on Android smartphones. OpenKeychain, the popular Android app for OpenPGP encryption, supports Nitrokey. You can use your private keys on your Nitrokey to encrypt, decrypt and sign emails using OpenKeychain.
Our Nitrokey App, which is the GUI used for one-time passwords, password safe and Nitrokey Storage, has been completely restructured and has undergone tons of bug-fixes. The low-level device interface has been moved into the new libnitrokey, which can be directly integrated into your own applications.
Due to technical limitations Nitrokey’s one-time passwords previously couldn’t be used to login to Amazon Web Services (AWS). But now with the Nitrokey Pro 0.8 (released in November 2016), one-time passwords can also be used to protect your AWS account.