Nitrokey 3 Milestone: SE050 Secure Element, 5% Discount

We are pleased to announce that we have reached a new milestone in the development of the Nitrokey 3. With the latest firmware version 1.7, the integrated secure element is now used for the secure storage of cryptographic keys. The secure element has been certified up to operating system level according to Common Criteria EAL 6+ and therefore meets high security requirements. Together with the open source firmware developed in Rust, the Nitrokey 3 is one of the most secure and modern security keys of all time.

All announced features of the Nitrokey 3 are now available:

  • FIDO2 / WebAuthn / Passkeys for secure and simple passwordless login and two-factor authentication (2FA)
  • Password storage for classic passwords and one-time passwords (HOTP, TOTP)
  • OpenPGP Card for encrypting emails and other data. By default, the cryptographic keys are stored in the SE050 security element. Optionally, a software-only implementation can be used for greater transparency.
  • NFC interface for wireless use on smartphones

Additionally, we have developed:

  • PIV smart card for easy login to local Windows computers (test version)
  • WebSmartCard for direct use in browsers or web apps without additional software (test version)

In addition, the Nitrokey App 2 is a modern, graphical software for managing Nitrokeys. We have developed this from scratch over the last few years.

We thank you for your continued support and trust in our products. Celebrate the Nitrokey 3 milestone with us and get your Nitrokeys at a reduced price: For one week you will receive a 5% discount on all Nitrokeys! From the Nitrokey 3 models to the Nitrokey HSM 2, the Nitrokey Storage and the new Nitrokey Passkey.

This is the opportunity to purchase our high-quality security solutions at a reduced price to protect your digital world.

Get your discount now!



Wenn ich es richtig verstehe gibt es nun zwei Optionen für OpenPGP: a) Die bisherige Implementierung in Rust die OpenSource ist. b) Die nun neue Nutzung des Secure Element. Es bietet eine zertifizierte Sicherheit bietet. Verarbeitet die PGP Operationen schneller. Aber der Code im Secure Element ist closed source. Und dabei zwei Fragen: Zur Kommunikation zwischen Secure Element und dem PC wird nehme ich an eine OpenSource Firmware in Rust genutzt? Bietet das Secure Element irgendwelche Vor-/Nachteile in hinsicht unterstüzter Schlüsseltypen/längen (RSA/ECC)?
Die 2 Optionen: vollkommen richtig wiedergegeben. Zu den Fragen: 1) das SecureElement kommuniziert nicht direkt mit dem PC, sondern lediglich (über I2C) direkt mit dem Microkontroller - die Kommunikation mit dem PC geschieht über standardisierte Software wie gpg. Der PC kriegt von den beiden Varianten quasi nichts mit. 2) Ja, das Secure Element bietet wesentlich mehr Optionen für Schlüssellängen, so kann man RSA4k Schlüssel zum Beispiel nur mit dem Secure Element Backend generieren (die Generierung ohne Hardwarebeschleunigung dauert einfach in Software zu lange) - dazu gibt es noch keine vollständige Liste, besonders weil wir gerade noch dabei sind weitere Algorithmen bereitzustellen (p384, p512, brainpool...). Man kann zB pkcs11-tool -M benutzen um eine vollständige Liste der unterstützten Primitiven/Algorithmen/Schlüssellängen zu bekommen.
I had a question about the secure element. What cryptographic keys are stored in the SE050 security element ? Is it only the OpenPGP card keys or even the FIDO2/webauth/passkeys and password storage are stored on the SE ? If they are not then how are FIDO2/webauthn and passwords are protected on the key from physical attacks ? Thanks for the product :)
Currently only the OpenPGPCard keys are stored and secured through the SE050. We plan to also support FIDO2 and Password Safe storage in the future, the features page inside the docs will list the current capabilities. Furthermore Passwords are kept on the external memory, these are encrypted using a fusion of hardware+salt+pin(if set) as key. FIDO2 keys are stored on the internal flash, also safe from physical attacks.

Add new comment

Fill in the blank.