Nitrokey Storage 2 Released

The new Nitrokey Storage 2 is now available and can be ordered in our online shop! Nitrokey Storage 2 includes the following new features and improvements:

  • Support of elliptic curve cryptography (ECC): In addition to RSA (2048-4096 bit), Nitrokey Storage 2 supports elliptic curve cryptography (ECC. Brainpool and NIST). Because RSA-2048 is not considered safe for use beyond 2022, ECC is becoming increasingly important as a fast and secure alternative. See instructions. This feature requires the new Nitrokey Storage 2 hardware and cannot be installed by upgrading the firmware.
  • Improved keystore support for Windows: It is now possible to roll out company certificates via Active Directory on Windows devices. These certificates can be used for Windows logon and for e-mail encryption using S/MIME. In addition, OpenPGP and S/MIME email encryption can be easily used in parallel on a single Nitrokey Storage 2. See instructions. This feature requires the new Nitrokey Storage 2 hardware and cannot be installed by upgrading the firmware.
  • Manual initialization of the storage is not necessary: On delivery, the device's storage is already initialized with random numbers and an encrypted partition is set up. This eliminates manual setup and Nitrokey Storage 2 can be used immediately.
  • Protection of unencrypted storage: The Nitrokey App for Windows, macOS and Linux (AppImage) is now pre-installed on the unencrypted storage. In addition, the unencrypted storage is read-only, which can only be changed with the Admin PIN (requires Nitrokey App 1.3.1). This prevents the unintentional distribution of viruses and the unintentional storage of sensitive data on the unencrypted storage. This function is particularly interesting for enterprise customers who configure Nitrokey Storage 2 centrally and whose employees only use the user PIN.

Don't compromise on protecting your sensitive data and order the new Nitrokey Storage 2 in our online shop!

We have been shipping the hardware of Nitrokey Storage 2 for all new orders for several weeks now. In this case, the remaining new functions can be retrofitted by means of a firmware update. The hardware version can be determined executing the command "gpg2 --card status". If version 3.3 is displayed, it is the new hardware of Nitrokey Storage 2.

28.6.2018

Comments

What about Curve25519? Is it not supported? That would be so bad…

Curve25519 is not supported because the underlaying smart card chip doesn't support it. But Nitrokey Start supports Curve25519, maybe this is an option for you.

I asked exactly the same question on the support forum

I highly agree, if not now, in the future, support Curve25519 as it is more secure than any curve currently.

If not, I hope you can reassure us that those keys are secure.

If you don't trust NIST curves then Brainpool is for you. BTW, Curve25519 has the disadvantage that it is difficult to secure against side channel attacks.

Jan said:

BTW, Curve25519 has the disadvantage that it is difficult to secure against side channel attacks.

This message on the GnuPG mailing-list by the author of Curve25519's implementation says exactly the opposite.

Hmm... I hadn't known about this.  Is this brainpool more secure than curve25519 even?

Is there planned U2F support in future firmware and if so when is it scheduled?

Sooner or later we will add FIDO2 or FIDO U2F support. No date is scheduled yet. It will require another hardware revision.

nitrokey storage 2, ecc:

what key lengths are supported, i don't see that anywhere ?, and will there be an upgrade to nitrokey pro ?.

ECC 256-512 bit. We will update the factsheet shortly. Also Nitrokey Pro will receive a corresponding update soon.

Add new comment

Fill in the blank.

Nitrokey - Made in Berlin