Could Nitrokey consider potting future Nitrokey models in resin to increase durability and protect against tampering?
Security keys like OnlyKey encrypt the entire external storage, forcing you to use a PIN for things like FIDO2 operations. This prevents users from needing to just rely on the secure element. If Nitrokey does not already do this, could this be considered?
It seems that there will be a future Nitrokey using the open source Tropic chip. When could this be expected? Also, devices like the Trezor Safe 7 have multiple Secure Enclaves to increase security even more, could Nitrokey consider doing this too?
This is already being worked on, but I can’t share an ETA yet.
Following applies to the Nitrokey 3. The data on the external storage is encrypted. The secure element is used if the app is configured to use it. A list of the apps that support the secure element can be found in the documentation.
This is in a very early stage and only exists as a proof of concept. At this point I can’t confirm this as a planned product.
I don’t really see the need for it at this point, but we will of course reevaluate this in the future.
I think the major advantages would be in the RNG to really ensure good entropy even if a flaw would be detected in one, having a redundancy if there would be an issue with the security or availability of the particular Secure Element. Maybe even chaining the encryption for sort of defense in depth. If one would be broken, the other stands guard. Would be a selling point for governments that maybe would want to have more control about the supply chain? Maybe even deactivating a chip altogether and switching to a chip from another geographic origin?
Hm, what would be a scenario where it helps to switch RNG? Whatever a Nitrokey is used for, a discovered RNG flaw affects all generated secrets with it, i.e. everything must be rotated asap. Sure, having an drop-in key with another (unaffected) secure element would be necessary, but is there benefit to have it on the same device - considering its an ultra-portable usb-token?
Being able to disable a flawed RNG and rely on software (/firmware) RNG may be an option for some users (who don’t need a certified source) in the medium term, similar to what AMD recommends to mitigate CVE-2025-62626.
The more, the better only holds with high quality sources for starters (also consider how one singular source could be certified, if it enables mixing entropy).
The important point is you cannot determine entropy quality used during keygen while the flaw for one source was existing. Hence, you do need to regenerate and rotate each and every secret; anything else is roulette.
