Currently I’m using two Nitrokey 2’s (Storage & Pro) in different locations. I store 3 GPG keys on it (SC, E, A) and use it mainly for SSH authentication, git commit signing and some sporadic file/message encryption.
I keep an eye on the Nitrokey 3 for a long long (…long!) time and it feels like its going soooo slow. My personal feeling is that you get too distracted with all the other products you offer. And I couldn’t care less about all of them, I just want the new Nitrokey… Probably you will tell me that this isn’t the case. However, not even now the Nitrokey is finished, but I want some features that the Nitrokey2 can’t offer. More on that later. So I want to buy a new stick, whether that’s a Nitrokey or another brand. Nitrokey would be my first choice but I won’t wait another year. (Sorry for the little rant)
First: Is the Nitrokey 3 in a state where it could/should replace my Nitrokey 2’s for productive (personal) use?
Second: I imagine using the following features together on one stick, is that even possible (now or in future)?
- Storing my 3 GPG keys (SC, E, A) on it.
- Using PIV for age with age-plugin-yubikey (???), mainly for sops.
- FIDO/U2F for website logins
- Unlock KeePassXC with it.
- Could I theoretically use X.509 alongside GPG on the stick?
- In general, what are the limitations of which features I can use together on one stick?
Third: Should I consider switching from RSA (4096 Bit) to ECC (Curve25519?) with 384 Bit? (Since 521 Bit is not yet supported.) - This wasn’t a question before since my Nitrokey2’s didn’t support it. But currently interaction with the Nitrokey takes some time and I assume its because of the 4096 RSA keys… would it be faster with ECC? Would it be comparable or even more secure?
Thank you for your time!