Can I switch to Nitrokey3 for my use-case?

Currently I’m using two Nitrokey 2’s (Storage & Pro) in different locations. I store 3 GPG keys on it (SC, E, A) and use it mainly for SSH authentication, git commit signing and some sporadic file/message encryption.

I keep an eye on the Nitrokey 3 for a long long (…long!) time and it feels like its going soooo slow. My personal feeling is that you get too distracted with all the other products you offer. And I couldn’t care less about all of them, I just want the new Nitrokey… Probably you will tell me that this isn’t the case. However, not even now the Nitrokey is finished, but I want some features that the Nitrokey2 can’t offer. More on that later. So I want to buy a new stick, whether that’s a Nitrokey or another brand. Nitrokey would be my first choice but I won’t wait another year. (Sorry for the little rant)

First: Is the Nitrokey 3 in a state where it could/should replace my Nitrokey 2’s for productive (personal) use?

Second: I imagine using the following features together on one stick, is that even possible (now or in future)?

  • Storing my 3 GPG keys (SC, E, A) on it.
  • Using PIV for age with age-plugin-yubikey (???), mainly for sops.
  • FIDO/U2F for website logins
  • Unlock KeePassXC with it.
  • Could I theoretically use X.509 alongside GPG on the stick?
  • In general, what are the limitations of which features I can use together on one stick?

Third: Should I consider switching from RSA (4096 Bit) to ECC (Curve25519?) with 384 Bit? (Since 521 Bit is not yet supported.) - This wasn’t a question before since my Nitrokey2’s didn’t support it. But currently interaction with the Nitrokey takes some time and I assume its because of the 4096 RSA keys… would it be faster with ECC? Would it be comparable or even more secure?

Thank you for your time!


The Nitrokey 3 supports the 3 GPG keys that you need.
It also supports up to date FIDO/U2F standards so you should not have any issues using it for 2FA or even passwordless login on supported websites and applications.

PIV support is currently in development, and it’s not released as stable yet.

You can use it to unlock KeypassXC with it given a sufficiently recent version: Release Release 2.7.6 · keepassxreboot/keepassxc · GitHub

Could I theoretically use X.509 alongside GPG on the stick?

There is dedicated storage for X.509 certificates in the GPG implementation, following the GPG Smartcard specification. You can use them provided you have software that can interact with them.

Should I consider switching from RSA (4096 Bit) to ECC (Curve25519?) with 384 Bit? (Since 521 Bit is not yet supported.)

ECC is both faster, requires less storage (for keys and signatures), is easier to implement than RSA and has fewer attacks that force using larger keys. It is likely the best choice unless you need RSA for compatibility reason.
Curve25519 is probably the best choice there. You can also use P-256.
We don’t have support for P-384 for the moment, but that is planned (and P-521 will likely arrive at the same time). You should also be aware that most internet communication is protected by either P-256 or Curve 25519 (and more and more rarely by RSA), and some protocols (FIDO) are not defined for larger curves. Curve25519 and P-256 are fine.