The website mentions that the firmware can be exported and verified, but have you considered attestation using challenge/response or an IC based PUF?

We considered challenge response but firmware export seems to be simpler and maybe even more secure. We can do this because of the open source nature of the firmware. Other proprietary devices can’t do this and need to consider more complex methods.

From a brief view it seems that PUF is not the right solution when users should be able to flash their own firmware.

Typically, attestation has two objectives:

  1. Ensure that a key pair was generated on the device and the private key has not been copied
  2. The device is indeed an unmodified Nitrokey.

It seems that exporting the microcode is not sufficient (a manipulated device could send me a the right copy of the microcode). The microcode would need to be signed and the freshness ensured with a challenge etc. Still it would not help with 1.

The question was possed more than 4 years ago: is attestation supported in meantime, maybe, similar to the attestation provided by Yubico?

We provide online attestation of Nitrokey FIDO2 devices. However, the required web portal is not public yet. If this is seriously important and urgent to you, let me know.

Online attestion sounds great. In case it is not too late for wishing for features, it would be great if

  1. one can query this via some (REST) API,
  2. one would get a certificate (chain) that can be verified later, and
  3. the certificate says that the private key has not and will not be copied from the device.

No immediate urgency on my side.

Created ticket for Nitrokey FIDO2 at