Nitrokey is an open-source

USB Universal Serial Bus (USB) is an industry standard that establishes specifications for cables, connectors and protocols for connection, communication and power supply (interfacing) between computers, peripherals and other computers. A broad ...

key Key or The Key may refer to: Common meanings * Key (cryptography), a piece of information that controls the operation of a cryptography algorithm * Key (lock), device used to control access to places or facilities restricted by a lock * Key (map ...

used to enable the secure

encryption In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decip ...

and signing of

data In the pursuit of knowledge, data (; ) is a collection of discrete values that convey information, describing quantity, quality, fact, statistics, other basic units of meaning, or simply sequences of symbols that may be further interpreted ...

. The secret

keys Key or The Key may refer to: Common meanings * Key (cryptography), a piece of information that controls the operation of a cryptography algorithm * Key (lock), device used to control access to places or facilities restricted by a lock * Key (map ...

are always stored inside the Nitrokey which protects against

malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...

(such as

computer viruses A computer virus is a type of computer program that, when executed, replicates itself by modifying other computer programs and inserting its own code. If this replication succeeds, the affected areas are then said to be "infected" with a compu ...

) and attackers. A user-chosen

PIN A pin is a device used for fastening objects or material together. Pin or PIN may also refer to: Computers and technology * Personal identification number (PIN), to access a secured system ** PIN pad, a PIN entry device * PIN, a former Dutch ...

and a tamper-proof

smart card A smart card, chip card, or integrated circuit card (ICC or IC card) is a physical electronic authentication device, used to control access to a resource. It is typically a plastic credit card-sized card with an embedded integrated circuit (IC) c ...

protect the Nitrokey in case of loss and

theft Theft is the act of taking another person's property or services without that person's permission or consent with the intent to deprive the rightful owner of it. The word ''theft'' is also used as a synonym or informal shorthand term for some ...

. The hardware and

software Software is a set of computer programs and associated documentation and data. This is in contrast to hardware, from which the system is built and which actually performs the work. At the lowest programming level, executable code consists ...

of Nitrokey are

open-source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized sof ...

. The

free software Free software or libre software is computer software distributed under terms that allow users to run the software for any purpose as well as to study, change, and distribute it and any adapted versions. Free software is a matter of liberty, no ...

and

open hardware Open-source hardware (OSH) consists of physical artifacts of technology designed and offered by the open-design movement. Both free and open-source software (FOSS) and open-source hardware are created by this open-source culture movement and a ...

enables independent parties to verify the security of the device. Nitrokey is supported on

Microsoft Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...

macOS macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac computers. Within the market of desktop and lapt ...

Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...

, and

BSD The Berkeley Software Distribution or Berkeley Standard Distribution (BSD) is a discontinued operating system based on Research Unix, developed and distributed by the Computer Systems Research Group (CSRG) at the University of California, Berk ...

History

In 2008 Jan Suhr, Rudolf Böddeker, and another friend were travelling and found themselves looking to use encrypted emails in

internet cafés The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a ''internetworking, network of networks'' that consists ...

, which meant the secret keys had to remain secure against

. Some proprietary USB dongles existed at the time, but lacked in certain ways. Consequently, they established as an

open source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized sof ...

project - Crypto Stick - in August 2008 which grew to become Nitrokey. It was a spare-time project of the founders to develop a hardware solution to enable the secure usage of

email encryption Email encryption is encryption of email messages to protect the content from being read by entities other than the intended recipients. Email encryption may also include authentication. Email is prone to the disclosure of information. Most emails a ...

. The first version of the Crypto Stick was released on 27 December 2009. In late 2014, the founders decided to professionalize the project, which was renamed Nitrokey. Nitrokey's firmware was audited by

German German(s) may refer to: * Germany (of or related to) **Germania (historical use) * Germans, citizens of Germany, people of German ancestry, or native speakers of the German language ** For citizens of Germany, see also German nationality law **Ger ...

cybersecurity Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, the ...

firm

Cure53 Cure53 is a German cybersecurity firm. The company was founded by Dr. Mario Heidrich, a client side security researcher. After a report from Cure53 on the South Korean security app Smart Sheriff Smart Sheriff ( ko, 스마트보안관) is a Sout ...

in May 2015, and its hardware was audited by the same company in August 2015. The first four Nitrokey models became available on 18 September 2015.

Technical features

Several Nitrokey models exist and the Nitrokey Pro is the flagship model. It contains the following features: * A secure key storage to support

OpenPGP Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitio ...

(popular with individuals) and

S/MIME S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of MIME data. S/MIME is on an IETF standards track and defined in a number of documents, most importantly . It was originally developed by R ...

(popular with businesses) email encryption standards. Nitrokey can also be used with various 3rd party applications such as

TrueCrypt TrueCrypt is a discontinued source-available freeware utility used for on-the-fly encryption (OTFE). It can create a virtual encrypted disk within a file, or encrypt a partition or the whole storage device (pre-boot authentication). On 28 May ...

and VeraCrypt for disk encryption. *

One-time password A one-time password (OTP), also known as a one-time PIN, one-time authorization code (OTAC) or dynamic password, is a password that is valid for only one login session or transaction, on a computer system or other digital device. OTPs avoid seve ...

s (which are similar to TANs and used as a secondary security measure in addition to ordinary passwords). It supports the

HMAC-based One-time Password Algorithm HMAC-based one-time password (HOTP) is a one-time password (OTP) algorithm based on HMAC. It is a cornerstone of the Initiative for Open Authentication (OATH). HOTP was published as an informational IETF RFC 4226 in December 2005, documenting th ...

(HOTP, RFC 4226) and

Time-based One-time Password Algorithm Time-based one-time password (TOTP) is a computer algorithm that generates a one-time password (OTP) that uses the current time as a source of uniqueness. As an extension of the HMAC-based one-time password algorithm (HOTP), it has been adopted a ...

(TOTP, RFC 6238), which are compatible with

Google Authenticator Google Authenticator is a software-based authenticator by Google that implements two-step verification services using the Time-based One-time Password Algorithm (TOTP; specified in RFC 6238) and HMAC-based One-time Password algorithm (HOTP; spec ...

. * Client Certificate Authentication is used to administrate servers securely via SSH, access Virtual Private Networks via

OpenVPN OpenVPN is a virtual private network (VPN) system that implements techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It implements both client and server appl ...

. * Password Safe stores encrypted static passwords inside the Nitrokey. The upcoming Nitrokey Storage provides the same features as the Nitrokey Pro and additionally contains an encrypted mass storage.

Characteristics

* Nitrokey's secret keys are stored securely internally. * A user-chosen PIN protects in case of loss and theft. * Nitrokey's tamper-proof design protects it from sophisticated physical attacks. * RSA keys of up to 4096 bit and AES-256 are supported. * It is supported for

, and

. * It is compatible with many popular software like

Microsoft Outlook Microsoft Outlook is a personal information manager software system from Microsoft, available as a part of the Microsoft Office and Microsoft 365 software suites. Though primarily an email client, Outlook also includes such functions as Calen ...

Mozilla Thunderbird Mozilla Thunderbird is a free and open-source cross-platform email client, personal information manager, news client, RSS and chat client developed by the Mozilla Foundation and operated by subsidiary MZLA Technologies Corporation. The project s ...

, and

OpenSSH OpenSSH (also known as OpenBSD Secure Shell) is a suite of secure networking utilities based on the Secure Shell (SSH) protocol, which provides a secure channel over an unsecured network in a client–server architecture. Network Working Gr ...

. * The secure implementation of the Nitrokey is published as open source and open hardware to enable independent reviews of the

source code In computing, source code, or simply code, is any collection of code, with or without comments, written using a human-readable programming language, usually as plain text. The source code of a program is specially designed to facilitate the wo ...

and hardware layout and to ensure the absence of back doors and other security flaws. * Nitrokey's security is not dependent upon secret keys stored centrally with the device manufacturer. * Nitrokey is published as

open source software Open-source software (OSS) is computer software that is released under a license in which the copyright holder grants users the rights to use, study, change, and distribute the software and its source code to anyone and for any purpose. Open ...

, and

Devices

* Nitrokey Start * Nitrokey HSM * Nitrokey Pro * Nitrokey Storage 16GB * Nitrokey Storage 32GB * Nitrokey Storage 64GB * Nitrokey FIDO U2F * Nitrokey FIDO2

Philosophy

Nitrokey's developers believe that proprietary systems cannot provide strong security and that security systems need to be open source. For instance there have been cases in which

NSA The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collecti ...

intercepts security devices being shipped and implanted backdoors into it. In 2011 RSA was hacked and secret keys of

securID RSA SecurID, formerly referred to as SecurID, is a mechanism developed by RSA for performing two-factor authentication for a user to a network resource. Description The RSA SecurID authentication mechanism consists of a " token"—either ...

tokens been stolen which allowed hackers to circumvent their authentication. As revealed in 2010, many FIPS 140-2 Level 2 certified USB storage devices from various manufacturers could easily be cracked by using a default password. Nitrokey, because of being open source and because of its transparency, wants to provide high secure system and avoid security issues which its proprietary rivals were facing. Nitrokey's mission is to provide the best Open Source security key to protect the digital lives of its users.

References

External links

* {{Official website Authentication methods Computer access control Open hardware organizations and companies Open hardware electronic devices Open-source hardware Cryptographic hardware