Dear @dfgasgafg
please note, that this discourse forum here is not the official customer support platform. If you are looking for support for a bought product, please address this to support (at) nitrokey (dot) com. This forum does serve as a platform for users to communicate - not necessarily to provide product support.
On top of that, if you ask very generic questions and introducing yourself as new to this type of stuff - answering your questions is kind of time intensive - mainly because you ask questions without defining what you would like to achieve. You can also imagine that public insults will likely also not motivate more people to help you.
But as I am already here, let me try to share some (partial) answers:
There are several authentication methods, some of them do not require a login. Please list which of the methods supported by Nitrokey keys do not require login, and which do. It would be very convenient to register with just a key, without coming up with a unique login.
Not trivial to answer, I assume you mean web authentication methods, which are mostly based on FIDO - the Nitrokey 3 supports all of them. But the Nitrokey 3 is not meant to decide which one is actually used, this decision is made by the server.
Is it possible to compare registration and login data made with the same key on different resources and determine that the accounts on these resources belong to the same person?
Nope, this is by definition not possible for FIDO-based authentication. If you meant this, there are ways to realize web-logins using PKCS#11 + OpenPGPCard, then this would likely be possible, but these are very rare.
Nitrokeys only support 3 RSA key pairs, is that a lot or a few? Why have multiple key pairs on the same device?
This highly depends on your needs. Also this is kind of unrelated to the questions before, because you are now within the OpenPGPCard application (which has nothing to do with the FIDO-application on the Nitrokey 3). In short for why to have multiple key pairs on the same device: because keys can have different purposes (one for signing, one for encryption …) - but this again depends on your use case, e.g., a Nitrokey HSM2 can easily keep 50 keypairs.
Is it possible to make a complete copy of the key (for example, as a QR code printed on paper) so that if the key is lost, it could be restored. I mean restore the functionality of ALL authentication methods, U2F, OTF and others. I read a bit about U2F it has a secret character set and a counter. And, if I save a set of symbols on a sheet of paper, what about the counter, which will be reset to zero on each new Nitrokey?
No, this is currently not possible and only partly for specific applications:
- FIDO2 by definition (specification) does not foresee this as a feature, this might change soon with some “special” credentials called “Passkeys” (discoverable Resident Keys / Credentials)
- OpenPGPCard by specification doesn’t allow extraction of the private portion of the key(s), but there are ways to import an existing, so you can realize it like that
- PasswordSafe (which btw. is already implemented, so no need to necro-reference old threads) can due to its nature extract passwords+logins, but currently no OTP secrets
Long term we are looking into backup mechanisms, but this is complex. Especially, as there is data on the Nitrokey 3 generated for specific authentication methods, which cannot be broken down to something like one mnemonic (or QR-code) like it is done for other devices.
best