Differences between Start and Storage

DamienCassou · June 29, 2018, 6:57am

Hi,

I’m wondering which key I should choose. My use case is protection of 3 GnuPG keys that I will be using 10 times per day at least. I plan to create a new key ring from scratch. Because ECC seems more future-oriented than RSA, this is what I chose to use. Currently, I hesitate between the Start and Storage 2 keys.

On nitrokey’s homepage, I see that the Start does not have “Tamper-resistant smart card”. However, the Nitrokey_Start_factsheet.pdf that is accessible from the Shop] says

keys are always stored in the tamper-resistant and PIN-protected Nitrokey

so I’m not sure.

Moreover, I learned in ECC on Storage 2 documentation that Storage 2 only supports NIST and Brainpool whereas Start supports other curves according to its fact sheet. But Storage 2’s fact sheet as accessible from Storage 2’s shop page doesn’t even mention ECC.

jan · June 29, 2018, 8:24am

The statement in Nitrokey Start is an error. Correct is, the NK Start isn’t tamper resistant (tamper resistant = smart card).
The Nitrokey Storage factsheet hasn’t been updated yet.
We will update both factsheets shortly. Thank you for the pointers!

DamienCassou · June 29, 2018, 1:30pm

what is inside NK Start if it is not a smart card?

jan · June 29, 2018, 6:22pm

An ordinary microprocessor. The PIN is used to encrypt the keys inside.

Perflyst · July 2, 2018, 5:52pm

Wait, you CANNOT store three different rsa keys (keys with other main key).
Only three keys for ONE identity can be stored on one nitrokey.

DamienCassou · July 2, 2018, 8:05pm

Sure, that’s what I meant. I will push 3 sub keys.