OpenPGP smartcard spec mentions “Secure Messaging” which (AFAIU) is an encryption scheme to secure data going over USB port when we’re talking to the smartcard. Is this feature supported by Nitrokey pro? I can see that Nitrokey HSM explicitly supports something similar but I’m looking to use the device to create PGP signatures. Thanks.
Nitrokey Pro (version 1 and 2) doesn’t support secure messaging. If you are seriously interested, we could prepare a special version with SM for you. Please see the OpenPGP Card 3.3 specification for details, if that would be sufficient or not.
Thanks for the reply. Meanwhile I’ve verified that smartcard commands are sent in the clear by scdaemon when talking to Nitrokey.
Are you saying that Nitrokey hardware is capable of running with SM and this is a question of firmware enhancement?
I should have been more specific in my reply - Nitrokey Pro hardware
It’s not a matter of firmware. We would prepare a special hardware version with SM included.
We would be interested in secure messaging between an application (running inside a TEE) and the NitroKey. Have you added this feature in meantime to new NitroKey (Pro) version?
Nothing has changed for the regular Nitrokey Pro 2 version in this matter.
Here is the link to the mentioned OpenPGP v3.3 specification. It’s SM implementation is described in chapter
7.5 Secure Messaging (SM), page 70.
In case of any questions please let us know. I believe the option of preparing a special hardware variant is still in power.