Importing ECC to Nitrokey Storage fails

I’m trying to import an ECC-Key to Nitrokey Storage via the “keytocard”-command and it gives me:
"gpg: keytocard failed: invalid value "

Here is my setup:
ECC-Key: edd25519
gpg version: 2.2.4
Nitrokey-Firmware: 0.51

Importing the same key with the same setup works flawlessly with a Nitrokey Start, so I assume that there might be a problem with ECC/Storage?

Any Ideas ?

The last Nitrokey Storage uses OpenPGP Card v3.3 (that is the last available version). Furthermore OpenPGP Card v3.3 supports only brainpool and nist curves. BTW Previous OpenPGP cards don’t support ECC at all.

Can you show the “gpg --card-status” output in order to confirm the OpenPGP card version?



1 Like

Hi Luigi,
you are right, I’m using V3.3 : I thought that Nitrokey Storage also supports the edd25519-curves as the Nitrokey Start does, but obviously that’s wrong.

Possibly a newbie-question but: could a NK-Storage firmware upgrade also upgrade the OpenPGP-version so that I could import his ECC-keys?

Or is there a time schedule when NK-Storage will be available with ECC-capabilities?


No. The OpenPGP part is forwarded to OpenPGP Card. The Nitrokey Storage/Pro acts just like a smartcard reader and you cannot add new key types support by firmware update.
If you haven’t any problem with NSA or CIA, you can use nist curves that are also supported by ssh.

My actual use case:

  • Encryption and Signing: RSA -> widely accepted from old pgp/gpg clients. I don’t really use encryption, but just signing. The signing speed is an issue for me (I use it very often to sign my commits), furthermore few seconds are still acceptable.
  • Authentication: NIST ECC -> used on my systems where I’m using recent GPG and OpenSSH. I’m not using Brainpool curves because OpenSSH doesn’t support them. ECC curves give me a fast login. I’m pretty sure that NSA is not interested to my boring systems.

My Master Key is an RSA-4096 and is stored on a cold storage, paper and a vanilla OpenPGP card. I use the master key only to sign other keys and signing speed is not an issue.

The main trouble is that Poldi doesn’t support ECC curves yet and you should use RSA Authentication Key to authenticate (slow but secure).

I will suppose to switch to a full ECC in the next 2 years when:

  • OpenPGP card (v4?) will support safe ECC curves (;
  • ECC will be widely used;
  • I will feel confident on ECC (very subjective)

Until the next 2 years. Nitrokey Pro/Storagre with OpenPGP card (V2.1+) is a perfect everyday companion for me.



Sorry for the noise. You can follow the support status here:

Curve25519 for Zeitcontrol card

Now it is just blank…