and a question, is it possible to have 3 independent keys on the nitro key, which are all generated on nitrokey?
Sure they can be generated on the SC? I have only read you can import one (RSA 4096), but not generate on card. (Info was/is from December 2022)
But regarding GPG, why you want to use RSA 4096 and not an ECC key?
No guaranty, but as far I’ve understood PGP SmartCards, you have 3 slots and “normally” people generate a key and 2 subkeys:
One key with “C” (Certificate) and “S” (Signing), and
one key with “E” ("Encrypt),
and one with “A” (Authenticate), to be used with SSH.
Maybe you can try to generate 3 keypairs with your desired key functions and load them on the SC, or generate them on the SC as you like. Either nuke your test setup later or stick with it… But what would be the point in having 3 independent key pairs?
1 Like
i think the 3A NFC is in the category “start” of the table?:
https://docs.nitrokey.com/storage/windows/openpgp-keygen-on-device
and the 3 keys are 1 but for signing, auth and encryption.
and i don’t know, rsa feels a bit less mathematical. But i will generate a additional post quantum key on another board, so doesnt matter
3 keys for 3 identitys 
but 1 is also okay i think
okay then 1 last question, what can i do with the nfc function xD
must i set any pin to use it? or is there a command to activate? my android doesnt say anything, nfctools doesnt even scan smth
That’s still the case, but the the next test firmware adds rsa4096 on device generation.
No pin, no and they are working on improving reception. In my case with a NK3 A nfc it gets recognised easily, but it takes a bit trying to find the correct spot to touch. Perhaps set a fido2 pin first, because you need that functional for it.
Regarding NFC: did you have tested to use the NK with an OTG USB cable too? My NFC support is not great/reliable and other HSM work with OTG but for some reason the Nitrokey 3 does not 
(I am using android 12.)
I’ve now tried it via OTG (USB A-C adapter) and it works too, yes.
Perhaps, nfc.fail helps to figure the spot on your phone. On mine the spot is close to the flashlight and I hold the backside of the Nitrokey flat onto it. For the test, I’ve had bad results to register with the webauthn.io demo. I know there are other alternatives, but I used the webauthn demo at yubico, which works fine. It just shows “unknown device”, but you can register and authenticate and see the authentication data. For good measure I used brave for nfc and firefox for OTG on android 13. Their default OTG demo uses touch to confirm presence, the NFC demo not.
This. I just get various errors.
Ok, let me try. Thanks.
Is there any difference to android 12? I do not need to “setup” anything, do I?
Edit: I’ve tested the yubico webauthn demo. NFC works. Even with the phone cover. But OTG still results in “oops”. But cool, now I know at least that NFC works. Thanks again, @ion
After doing this webauthn demo twice, shouldn’t I see something with nitropy fido2 list-credentials ? I still do see only an SSH ed25519-sk entry, and that 1 out of 10 slots is used. But I would have expected 2 more credentials from the demo registration?
The demo triggers an android pop-up to choose between a nfc or usb key here. Perhaps double-check you can transfer data to a regular usb storage device via OTG (perhaps an adapter problem). If that works, I don’t see why it should fail for your Nitrokey.
Not with demo defaults, those only derive a key from the fido2 secret. I’m sure you can use the demo playground to create a resident credential. Check the details and explanation here: Number of FIDO2 keys I can store? - #2 by daringer
NFC isnt working for me, ive NFC on, im using GrapheneOS. There is no additional NFC permission missing. Tried it with Firefox, Vanadium, Chrome 
And for PGP, in Openkeychain i get “Error intialization failed”
Interesting: if no APP is opened and i stick the usb on my phone it opens the website nitrokey.com, so just the URL link is working over NFC and i cant even change it with the app “NFC Tools”
Yes, Firefox offers that dialog, and NFC works (with the yubico demo), even with my silicon cover. But for unknown reason OTG does not. I just confirmed with my Onlykey and its FIDO2: I select USB, the Token blicks, I interact, and everything “just works”…
With the NK3 however I can “register”, but the “auth” immediately fails.
However: I’ve just tested with Github (at least they say their 2FA is webauth so it should be fido2), and this works with USB/OTG but not with NFC 
It’s confusing.
Thanks. But I might want to ask a follow up question: I have a hard time to understand “what the fido2 secret is”. Is it correct that the user can not configure this secret? Is it generated on the key or burned in?
If it is generated on the HSM, then does a factory reset triggers a re-key/re-generation, or are just all slots deleted?
I’d like to get a little bit more details here. Most sites just do boring “end user” marketing bla bla but skip over all details “what is actually happening” and “how”… This would be great if you could point me in a direction…
With fido2-token regarding its man-page, I can list credentials and remove credentials; or I can do a “reset” and set a new pin. But it also does not cover the topic of key generation…
PS: I’m somehow sorry about taking over this thread But now it’s to late to start a new one 
Openkeychain with NFC complains I’ve removed the NK to early. And if attached via OTG, Openkeychain states that “this security key is currntly not supported”.
I have no use case for gpg on the phone, so I don’t use the tools. I’ve noticed that Nitrokey deactivated NFC for the ccid smartcard protocol, because it’s not supported. Perhaps that is related to the error.
As for FIDO: the Nitrokey url is preconfigured in the firmware, so it works. While I don’t know the NFC tools app features, try the web demo like Bernd and me. Pretty sure now that will work for you too.
The point of fido2 is to authenticate with a service, be it online or local…
Yes, but it is important to define the FIDO2 secret, because it has a number of components, some optional. The whole FIDO2 specification is geared to make the authentication safe for both parties. For example, (just speculating, I don’t use FIDO2 for github) your github trial may fail via NFC because github expects a resident key - validated via PIN (and you can’t do that via NFC). I find the specification itself quite helpful, also to get an overview of what happens in the background, along with the man page of fido2-token. But yes, it is complicated and user documentation is poor. Then again, fido2-token is a universal tool to manage fido2 keys and is usually called by a service/application/relying party. The specs and properties of the key define what operations are supported, the relying party defines its requirements, and only then the complete, individual fido2 secret for the service is generated.
Finally, quickly back to the PIN: Consider the authenticator (Nk3) does never get the PIN, but only receives a hash (to keep it simple), which it can verify against. Still, you are able to change the PIN, and it does not invalidate the FIDO2 secrets which were generated with the old PIN. Does that not imply the authenticator needs a [shared] secret, independent of user choice?
I may should have been done better searching…
I just skipped it briefly. But as I’ve understood, when a especially a resident credential is generated, the remote party needs to ensure that the key on the Token is valid. This is done by attestation, and either the vendor of the FIDO2 chip or the manufacturer of the Security Key is in that Attestation Certificate Trust Store.
However, by now it seams to me, that with each new (resident) credential a key is generated…
Web Authentication: An API for accessing Public Key Credentials - Level 2
7. Once the authorization gesture has been completed and user consent has been obtained, generate a new credential object:
…
7.3. LetcredentialSourcebe a new public key credential source with the fields:type public-key privateKey privateKey rpId rpEntity.id userHandle userHandle otherUI Any other information the authenticator chooses to include.
Thanks again @ion.I’m not sure what else you expected.
Technically the expected level of attestation is up to the platform, and the data/cert exchanged you can see in the demo you performed earlier in the thread. Some info on NK3 attestation is discussed in:
No expectation, because I did not know what to expect 
That’s why I asked “how does it work?”
Good to know.