How secure is Nitrokey Storage against physical attacks?


I was wondering… How secure is this device against physical attacks i.e. suppose authorities confiscate the device at a US border crossing and decide to perform forensics. What information will they be able to obtain (assuming I’m using all features offered by Nitrokey Storage)? Which data can be compromised by gaining physical access to the device, if any?

Also, how can someone reliably verify the nitrokey storage firmware, if for example an adversary gains physical access and flashes a malicious version of the firmware? While trying to read the flash memory, the malicious firmware can simply be programmed to lie about the contents by reading and returning the original firmware data that resides somewhere on the internal SD flash storage. But there’s no way to remove that SD card without opening the case first. I haven’t tried opening it yet, not sure if its a good idea… glue anyone?

Best regards!

Basically all sensitive data are encrypted. Note that OTP secrets are a 2nd factor only which is why they are stored in clear text by default. But you can encrypt them too.

See this 3rd party audit for details: … rity-audit

Flashing of firmware is protected by the Firmware Password.