Nitrokey 3 firmware version 1.4.0 release notes: keys will be stored encrypted in flash and not in the secure element yet

The release notes announce the support of the OpenPGP card functionality now

The new firmware now allows you to securely store your private keys on a Nitrokey 3 and use them on the go.

but this sentence is confusing me:

For now your keys will be stored encrypted in flash and not in the secure element yet.

  • Where do other Nitrokeys store the keys? Also in the flash or in the secure element?
  • Where is the credential stored that is used to encrypt the (OpenPGP) key in the flash?
  • What does “secure element” mean?
  • Which security impact does this have?
  • Are there plans to support storing the (OpenPGP) key in the secure element in the future?


Hey @jaltfeld

Nitrokey Pro/HSM/Storage store their keys inside a smartcard, which is comparable (in its physical tampering capabilities) to a secure element. The Nitrokey Start stores the keys (encrypted) on the internal flash, thus comparable to how Nitrokey 3 does this currently. Noteworthy is also the fact that not only the keys are stored within the respective component, but moreover the cryptographic primitives are provided by the component. This is exactly the reason the Nitrokey Start exists, as this enables 3rd parties to fully review the software which is used for the cryptographic primitives. In contrast smartcards and/or secure elements, which provide higher levels of e.g., physical tamper resistance, are mostly closed source.

The “credential” is essentially an en-/decryption key, which is not stored in plain text. It is derived from various factors: an “encryption root” fused into the MCU, a salt (saved inside the internal flash) and the pin, which is not saved anywhere obviously.

A secure element is an electronic component (microchip), which is comparable to a smartcard. We have an NXP SE050 included in all Nitrokey 3s. A secure element usually comes with various security certifications (i.e., the SE050 has Common Criteria EAL 6+ and FIPS 140-2 certified security). Despite many formal security factors, one of the most interesting details is likely its physical tamper resistance.

Not trivial to answer, we strongly believe that open source delivers a very high level of security due to the fact that it can be reviewed and thus improved. On the other side a secure element like the SE050 is certified, thus formally delivers a very high level of security, although being closed source. Ultimately, we will likely make SE050 the default, especially due to its “battle-proof” physical tamper resistance - but will still leave the option to switch to a (open source) software-based security.

Yes, in detail we plan to provide the possibility to configure whether the keys should be stored on the secure element or if the current mechanism (software-based security and cryptographic primitives) shall be used.



@daringer Thanks for openly addressing these topics in the release notes and in your answers here :slight_smile: