The New Nitrokey 3 With NFC, USB-C, Rust, Common Criteria EAL 6+

The new Nitrokey 3 is the best Nitrokey we have ever developed. It offers NFC, USB-C and USB-A Mini (optional) for the first time. The Nitrokey 3 combines the features of previous Nitrokey models: FIDO2, one-time passwords, OpenPGP smart card, Curve25519, password manager, Common Criteria EAL 6+ certified secure element, firmware updates. This reliably protects your accounts against phishing and password theft, and encrypts your communications and data. With strong hardware encryption, trustworthy thanks to open source, quality made in Germany.

Pre order now!

Use Cases

For private and corporate use - protection against mass surveillance and hackers

  • Passwordless login: Forget your password to log in to Microsoft services (e.g. Office 365) and Nextcloud and use Nitrokey for passwordless login instead.
  • Protect online accounts using two-factor authentication (2FA): Nitrokey is your key to secure login to websites (e.g. Google, Facebook; overview at Using FIDO2, FIDO U2F, or one-time passwords (OTP), your accounts remain secure even if your password is stolen.
  • Phishing protection: When using FIDO, the respective domain is automatically checked and users are effectively protected against phishing attacks.
  • Mobile usage with smartphones: Using FIDO and NFC, you can also securely access your accounts on Android and iPhone smartphones.
  • Encrypt data and emails: Encrypt your emails with GnuPG, OpenPGP, S/MIME, Thunderbird or Outlook. Encrypt entire hard drives using TrueCrypt/VeraCrypt, LUKS or individual files using GnuPG. Your private keys are securely stored in Nitrokey and cannot be exported/stolen.

For companies - protection against hackers and industrial espionage

  • Passwordless logon to Windows 10 computers: Employees will be able to log in to their Windows 10 Pro computers managed by Azure Active Directory without passwords. All that is required is a Nitrokey 3.
  • Passwordless login to your own enterprise systems: Replace your password policy, unauthorized password slips and costly password resets with passwordless login with the Nitrokey 3. Security and acceptance through simplicity. We are happy to advise you on integration.

For IT administrators and security experts - protect critical infrastructure

  • Administering servers securely with SSH: Always have your SSH key securely with you in Nitrokey. Your key is PIN protected and cannot be exported/stolen from the Nitrokey. This eliminates the insecure and annoying synchronization of key files on client systems.
  • Protect Internet of Things (IoT) and own products: Protect your own hardware products by integrating Nitrokey. Ideal for remote maintenance and ensuring product authenticity.
  • Store cryptographic keys securely: Store cryptographic keys and certificates securely in Nitrokey, preventing their theft.
  • Protect computer BIOS integrity: Using the Nitrokey and Measured Boot, the integrity of the computer BIOS/firmware is verified. The colored LED of the Nitrokey signals whether the BIOS has integrity (green) or whether tampering has been detected (red). Compatible e.g. with NitroPads.


  • FIDO U2F, FIDO2 for passwordless login: FIDO sets new standards in easy usability and thus achieves high acceptance. FIDO reliably protects your accounts against password theft and phishing.
  • Disabled passwords to protect accounts against identity theft: Protect your accounts against identity theft. One-time passwords are generated in Nitrokey and serve as a second authentication factor for logins (in addition to your normal password). Thus, your accounts remain secure even if your password is stolen.
  • Secure cryptographic key storage: Store your private keys for encrypting emails, hard drives or individual files securely in Nitrokey. This way they are protected against loss, theft and computer viruses and are always with you. Key backups protect against loss.
  • Password Manager: Store your passwords securely encrypted in the integrated password manager. This way you always have your passwords with you and they remain protected even if you lose your Nitrokey.
  • Integrity Check / Tamper Detection: Verify the integrity from the computer BIOS using Verified Boot. The Nitrokey's colored LED indicates whether the BIOS has integrity (green) or tampering has been detected (red). Supported computers require a BIOS based on Coreboot and Heads such as the NitroPad.

Security Technology

The Nitrokey 3 is based on a novel security architecture:

  • All firmware is developed in the memory-safe programming language Rust. This avoids potentially security-critical memory errors.
  • The firmware is based on the framework Trussed developed in Rust, which is designed for security-critical embedded systems and developed in cooperation with our partner SoloKeys. Among other things, Trussed implements cryptographic operations. Of course, the code is published as open source.

    Trussed logo

  • The hardware is based on the LPC55S6x microprocessor, which has numerous security features, such as Secure Boot, ARM TrustZone, Physical Unclonable Functions (PUF).
  • Additionally, a Secure Element, quasi a smart card, is used for the cryptographic memory. This has been security-certified up to the operating system level according to Common Criteria EAL 6+ and thus also meets high security requirements. Due to the power requirement, the secure element can only be used via USB but not via NFC.
  • As with all Nitrokey developments, Nitrokey 3 is open source, so the secure implementation can be reviewed by anyone.

Pre order now!

Status Update, 6/11/2021

In the last months and weeks the development of the Nitrokey 3 has made significant progress. Nevertheless, its delivery will unfortunately have to be delayed, especially due to lack of electronics.

We have achieved:

  • The electronics development is finished and the electronics works stable.
  • The firmware has FIDO2, which can be used via USB and NFC.

In work at the moment is:

  • Electronics procurement and production has started
  • Firmware development of one-time passwords (OTP) and the password safe.
  • Porting of firmware to the nRF52 microprocessor. This is important to be able to avoid future supply shortages that we are facing due to the global electronics shortage.

The delivery of the Nitrokey 3 depends on:

  • We are waiting for an electronics component to arrive no later than July.
  • Completion of the case development

It is anticipated that the Nitrokey 3 will ship in the next few weeks or during the summer. We apologize for the delay and ask for your understanding.



Die Auslieferung verzögert sich offenbar noch weiter und ich gehe nicht davon aus, dass es hier zeitnah ein Update geben wird, das vom Gegenteil überzeugt. Da in der Zwischenzeit sicherlich weiter an der Firmware gearbeitet wird, werden alle bereits vorab für "später" geplanten Funktionen wie Einmalpasswörter, Passwortmanager und OpenPGP Chipkarte zum tatsächlichen Release verfügbar sein?
Das kann ich leider so nicht bestätigen, aber was ich sagen kann ist, dass es jetzt in naher Zukunft ein weiteres Update geben wird.
Wie nah ist diese Zukunft?
Sobald es für uns möglich ist sinnvolle Zusagen zu machen, wir warten leider immer noch auch Elektronikkomponenten.
Hallo, ich wollte 2 Stk vorbestellen. Das die Entwicklung Geld kostet, verstehe ich, ich halte die Preise für die Sticks auch für gerechtfertigt. Aber 18€ für UPS Versand von D nach D? Dafür sende ich 25kg um die Welt. Woher kommen die Sticks, wird sich das ändern? Gibt es eine Einkaufsmöglichkeit in Berlin? Mika
Im Shop gibt es leider aktuell ein Problem mit der Versandberechnung, dieser wird die Woche behoben. Sorry, für die Umstände, entweder die Bestellung per Überweisung wählen und uns dann eine kurze Mail an schreiben, dann updaten wir die Rechnung, oder bis Ende kommender Woche gedulden bitte.
Mich würde es ebenfalls interessieren wann das Problem behoben ist? Immerhin haben wir mittlerweile Ende der Woche.
Es sollte jetzt wieder voll funktionieren, bitte melden falls das nicht der Fall ist!
Moin, gibt es hier schon updates wann die Auslieferung beginnt?
Wir werden in Kürze weitere Informationen für alle Veröffentlichen.
"As with all Nitrokey developments, Nitrokey 3 is open source, so the secure implementation can be reviewed by anyone." How was the OpenPGP SmartCard Applet Open Source? Not to talk about the underlying BasicCard OS? To me this sounds like you have two realities: A Marketed one, and a real one - where you publish tons of sources on github, but not the ones that matter... the Crypto Functions!
Well, reality is not black & white here: We as Nitrokey open-source nearly all development efforts. Nevertheless we have to use components that are not (entirely) open-source, the OpenPGP SmartCard Applet is open-source btw.: ... ZeitCard/BasicCard OS provides various means to audit/review their crypto functions, but various components are under NDA - it's still (patented) crypto and semi-conductor-layout material. If you know of a "more" open-source-ish solution, feel free to point us there...


Add new comment

Fill in the blank.