Future updates to nk3

Now version 1.7.0 has been released, nitrokey 3 has ctap 2.1 and other features. What’s next for the nk3? What new features are even possible?

I’m keen to find out what there is in store.

I lack any roadmap insights as I’m just a user, but I can speculate based on the following:

  1. Prioritizing the stabilization of existing apps before exploring new concepts. Given the challenges posed by COVID, supply chain disruptions, and collaboration with other Trussed Framework teams, development timelines were quite long and customer patience is not universal.
  2. Enhancements to Nitrokey App 2, aiming to make existing command-line tools more accessible to regular users. Effective management of passkeys is critical due to the available secure space on the key. Also the industry pushes a lot for passkeys.
  3. Introduction of support for Post-Quantum Algorithms. This is already under exploration by other open-source developers like gnuk/Trussed and it was once a kickstarter stretch goal idea of another company using the Trussed Framework.
  4. Integration with wireguard VPN, which is very useful for general users to secure networking. This is already somewhat possible with the PIV app and a patched wireguard server. Would make a good addition to other Nitrokey products.
  5. Implementation of age encryption support, which already somewhat works with OpenPGP cards. It would allow secure encryption and derived keys backed by a hardware token.
  6. Support for DICE-derived secrets and off-token applications. This move would be logical for extending the Trussed Framework, and there’s an existing open-source hardware key demonstrating the concept. Essentially, the concept involves an application being authenticated by a token, with the resulting signature integrated into the derived secret accessible to the application. Modifications to the application trigger the generation of new secrets and thereby enabling an expansion of the root of trust and offering endless potential for software linked to the security of a hardware token.

Wow that’s a helluva answer, yeah let’s stick it to those snobs at yubikey


Sadly, as new users adopt keys more and more, I am afraid NitroKey has a massive barrier compared to Yubi, and I LOVE NitroKey and everything it represents. User-friendly just isn’t there for “noobs.” I am just being 100. The look I see on people’s faces, and the response is always, “I just want it to be simple.” “Command Line” anything is NOT simple and extremely intimidating to most folks. I really hope the GUI gets significantly more “love” than it has.