5 New Nitrokey Models and Their Availability

Update: After user feedback to this announcement, we decided for the name Nitrokey Start instead of Nitrokey Lite.

The Nitrokey portfolio has now become so expansive, that it is no longer accurate to simply refer to ”Nitrokey”. We are pleased to be able to unveil the latest Nitrokey models we have been working on:

Nitrokey Storage

Nitrokey Storage is the original option for the all-encompassing protection of your personal data. It contains an encrypted mass storage (8-64 GB), allowing you to carry your important files with you securely. Nitrokey Storage also allows you to create hidden volumes whose existence can be plausibly denied. Nitrokey Storage is ideal for encrypting emails and hard drives, protecting SSH accounts and protecting your important web accounts with One Time Passwords. Like Nitrokey Pro it contains a tamper-resistant OpenPGP Card, a Password Safe and One Time Password functions.

Nitrokey Pro

Nitrokey Pro is ideal for encrypting emails and hard drives, protecting SSH accounts and protecting your important web accounts with One Time Passwords. Nitrokey Pro is the successor of the Crypto Stick 1.2 and contains a tamper-resistant OpenPGP Card, a Password Safe and One Time Password functions.

Nitrokey Start Lite

Nitrokey Start Lite is the developer-friendly and economical solution for encrypting emails and hard drives and for protecting SSH accounts. Nitrokey Start Lite is an OpenPGP Card-compatible implementation based on Gnuk 1.0 (Many thanks to Free Software Initiative of Japan). It is not tamper-resistant but does enable easy coding.

Nitrokey HSM

Protect your server's keys with Nitrokey HSM. Nitrokey HSM is based on the SmartCard-HSM, can store up to 60 ECC-256 bit keys or up to 48 RSA-2048 keys, enables administrative operations (e.g. multi-party access, backup) and provides reasonable performance (RSA-2048: 100 signatures/minute, ECC-256: 360 signatures/minute).

Nitrokey U2F

Protect your Google, YouTube and CMS accounts with the super easy-to-use Nitrokey U2F. You won't need any additional software apart from the Google Chrome web browser. U2F is a new, secure and easy method of website authentication, and has the potential to replace One Time Passwords in the future. The Nitrokey U2F is a third party product that completes our portfolio and sponsors the development of our own open U2F solution.


You can find an overview table with more technical details on the home page of our website (scroll down).


When will the Nitrokeys be available? All models except Nitrokey Storage will be available in August. We will let you know as soon as Nitrokey becomes available for order.

Nitrokey Storage has been available as beta for quite some time. At this point it requires additional work in order to be considered secure and stable enough for use. We do not yet have a release date for Nitrokey Storage, but we are currently undergoing a third party security audit and preparing a crowdfunding campaign. We will let you know more soon.



actually nitrokey u2f should be part of nitrokey pro for being useful...

Yes, we are working on integrating U2F functionality to Nitrokey Pro and Storage.

Is it still in the working? Will the Nitrokey Pro be able to update with the new U2F functionality when it's ready?

U2F will be part of the next major release but their won't be any firmware update.

When will the next major release happen? A combined one, maybe including support for ECC as well, would be super interesting.

We will start working on it soon. Perhaps releasing a next version in 2018 but it is too early for a specific release date.

So, this won't be a firmware upgrade on the Pro to get U2F, but a new Nitrokey Pro v2 device?


All orders from now on will get a NK Pro 2 with ECC support.

please take a look at the outer case and the USB connector of the nitrokeys. It should be small enough to comfortably fit a keychain, should have a metal ring to be attached to the keychain alongside with other conventional keys and have a durable outer case (metal - not plastic). Items for daily use are suffering from high mechanical stress. the nitrokey beta case was worn out after only some weeks.

When will this be out would you say?

Casings are very small and can fit a keychain. Unfortunately casing production is a surprisingly complex and expensive when it is in small quantities. You don't want to pay additional €20 just for a metal case, right? This is why plastic is the best choice for now. However a metal case is on the roadmap.

It is out of question that I would pay additional 20EUR for a metal case that protects the nitrokey with my keys and data.

For sure I would pay 20€ for a metal case, too. Remember that this is a rather one time investment with long term advantages. A solution for attaching the USB cap to the rest of the case would be nice, too, because I have lost caps like these many times.

The USB cap will most likely be attached to the rest of the case -- if its practical enough during assembly.

According to your website, the firmware verification and update is only available for the nitrokey storage. Why is this so? Will we not be able to verify/upgrade the firmware of the other nitrokeys?

You are right, firmware update and verification is only possible with the Nitrokey Storage. For the other devices it needs more work to be done. However, Nitrokey Light is based on Gnuk which supports firmware updates as well. But we didn't test it sufficiently yet to be certain that it works stable.

Is it possible to verify/update firmware if I have ST-LINK (or similar) JTAG or serial programmer? Does device have readout protection flag set?

If you open (break) the casing of the Nitrokey Pro or HSM you can update the firmware via ST-LINK or bootloader. The readout-protection is activated so that you can't verify the installed firmware but you can flash your own firmware.

Is it possible to open it carefully or case designed to be secure locked?
I see a small hole near the USB plug in a case (on some photos), is this hole has something to do with case lock?

The hole is irrelevant. The casing is glued which is why most likely you will break it when opening.

Will it be possible to get a replacement for a key model when a new version comes out? For example, if the NK Pro will get U2F support in a later version, can I send my current one in and get the new one, for a small update price?

For the Nitroke Storage beta - yes. For other models - most likely not but it also depends on the future change.

According to your announcement, the Nirokeys are available in August. Now it is September. Are there any updates?

Our shop is online now.

it would be interesting to see an equivalent or a strong competitor to yubikey neo e.g. nfc and u2f implemented in the nitrokey pro. It would open up doors to be used with android devices similar to the Yubico Authenticator app.

We are working on U2F support. NFC sounds good in theory but did you actually used it? It has compatibility issues and only works with certain phone vendors, depending on your dongle vendor. Not talking about the general issue of how to secure an unsecure connection. Remember Yubikey's recent security flaw which allows an attacker to easily disable the PIN? However, we are watching that space and may implement NFC or another wireless protocol in the future.

Of course there will always exist security flaws known or unknown. NFC might or might not be a optimal to implement.
My point with seeing NFC in a future device is to extend the use of a nitrokey to your phone or tablet. And not being limited to use it with a computer. So of course the idea is not limited to NFC, I in the moment of writing the comment just compared nitrokey with yubikey with how they have merged PC and mobile support for their devices because its a feature I seek.

For me it might not be the right time to buy a device. The future hopefully will reveal many improvements!
As your point being the drawing board is open.

For example, Bluetooth may be an interesting alternative to NFC because it's supported by most smartphones and laptops and works well.

One downside of bluetooth (even the low energy variant) is that it still would need a power source in the device, nfc might be powered from the target device

That is right. But on the other hand, NFC doesn't provide enough power for strong encryption e.g. RSA-4096).

Right. That would be a problem. But right now, even without encryption if nitrokey could bring in at least OTP (and U2F) support over NFC it would already be a great improvement. I mainly use my yubikey neo NFC ability to log in to my lastpass account from my androi devices. Not having OTP over NFC support is a deal breaker for me. U2F over NFC would be even greater in the long term.

+1 for NFC. I use it with my YubiKey NEO and KeePass (and KeePass2Android) on my Android phone. I sync the KeePass file with SyncThing between my laptop and phone, and viola, I have no need for external services like LastPass for my password management needs.

When will the Nitrokey Pro v2, or PureKey, will be available for sale?

All orders from now on will get a NK Pro 2 with ECC support. We may delay a big public announcement until after the summer holiday season.


I have Nitrokey Storage 64GB first revision, but currently don't have the money to afford an upgrade to version 2. Will I still be able to import a RSA-4096 key on the old hardware? I have always been skeptical about your previous standard configuration of RSA-2048, as it would expire too soon to be feasible in the long run.

Yes, you can use RSA-4096 with any version of Nitrokey Storage.

Add new comment

Fill in the blank.