NitroKey 3A Mini RSA 4096 signing performance seems poor, is this normal?

Hey there.

Recently, I set up my 3A mini and it all seems fine. However, I noticed the signing performance to be very poor. It’s not bad, but it’s certainly not as it is laid out on the spec sheet.

I’ll have a video here to demonstrate, as it’s easier to explain this way: NitroKey 3A Signing performance - YouTube

My question is: Is this normal? If so, the comparison chart makes it sound like the 3A mini is faster than the NitroKey Start, but it turns out to be slower (assuming the Start really does do it in 8 seconds).


Hey @peterwilli

yes, currently this is expected. The current RSA implementation is a pure (RustCrypto) software (afaik even w/o ARM optimizations) realization. We are currently working on the integration of the SE050 (an NXP secure element included in all Nitrokey 3s) as an (optional) cryptography backend, once this is included, the performance (if activated) will improve significantly.


1 Like

OOOOH! So the secure element has hardware crypto and does a much better job due to dedicated hardware. So awesome to read all this.

It’s refreshing to get so much details in the engineering process of a security key


I have a NitroKey 3 NFC and my experience is similar to yours so I’m glad you asked this question.
My other keys from Yubico are much faster but they’re all closed source so I’d rather use a NitroKey.

I have a RSA 4096 key so @daringer’s explanation make sense.

1 Like

@daringer any ETA for that? Will you announce it also in this thread, please? Thanks.

We already have a pretty (functional) complete implementation in place by now.
The plan is to release a test firmware within the next 1-2weeks, which will introduce some minimal se050 functionalities to make sure we test the communication & some functionalities between the MCU and the SE050 on a bigger amount of devices. Directly after that we’ll be working towards a test release using the se050 with the OpenPGPCard … Currently we plan to have this released into stable before the end of the year. Obviously this depends on how many (and how severe) issues are found during the test releases…