Hello, I wonder how safe the Nitrokey is when I opened the encrypted folder when my computer could be hacked or infected with malware…
The whole reason for having a secure encrypted folder/file on the USB drive is to store highly sensitive files and documents right?
Should I disconnect my computer entirely from Internet & Bluetooth, etc before unlocking encrypted file to be absolutely sure I am working secure?
Hello!
Use should operate on trusted PC. I am not sure that even “clean” PC will do the job. Only 1 possibility to be sure that your data is not intercepted is to use “signed” and verified OS image on “trusted” hardware.
This is very complicated in current spy age. Too many NSA frieds want to know whats happening.
My personal opinion and usage of Nitrokey is to store sensitive data, authentication data and prevent lost with dongle.
So in that case the Nitrokey might give a user a false sense of security and if his/her computer is hacked, might give a hacker the opportunity that when the Nitrokeys’ encrypted file is inserted and ‘open’, access to the very private files inside.
I guess still safer then leaving private files on a computer.
Hi, I don’t think the encryption - regardless if you do it on disks or with a NK Storage Key - is any protection against malware. When you mount a disk for read/write through the operating system, the malware will be handled as “normal” files and also encrypted. When Malware access disks, the encryption is transparent as the user normally only give one password at the startup.
To really protect a storage against malware, you will need a gateway that controls every access to the storage. Or you would need an automatic cut-off (connections) and verification process (memory and running processes) , which starts , when an encrypted storage is connected.The fun then starts, when you want to copy data from a server to this encrypted storage.
As @Peacekeeper told gateway would be nice feature( but it is hard to implement). If NK would use software which only would be able to copy in and out files from NK. This software(or installation package) would be stored on read only NK part. The we would able to control everything copied to NK.
Hmm, the copy would be interesting: How would you practical do it ? Just sending a serial stream ? ( Any file system framework would make NK more specialised. You would need a control app on your Computer to send & receive the stream. But even then, a Malware would be able to modify that stream.
It might be more secure, but I am sure - like today lot of things pass firewalls by http / port 80 it is a Syphifus work 
Let me explain my idea.
We are creating 2 components -1 new driver which would allow IO from APP to NK.
2. APP which would read\write files after manual pointing them.
I hope that driver would check datachunk’s crc when it writes it to NK, APP would generate this crc. If APP would be tamper resistant and driver will modify IO with some values stored in NK, this would work.
I do not dig in fs theory, but suppose we able to protect IO.
Hi,
as @Peacekeeper already points out: opening the encrypted partition on an untrusted system will expose your data. There is no way to change that easily.
Thus, the NK Storage is more about “moving”/storing the data securely, than protecting it against malware in general. The PGP keys can be used safely without exposing the keys though (as they can accessed directly).
Kind regards
Alex
I total agree. I think the focus of NK Storage is a secure transportation storage , that in case of lost or stolen is still secure - means will not deliver ANY data without the right pin and decryption key.
If the content is infected as my computer was, I would not see NK Storage as a solution.
I think already that the hidden partitions make NK Storage way too complicated ( and the bugs shows that it is ) . This might be a higher risk of destroying data than malware - at least in my mind. So I would prefer to strip down the FW, but make it more reliable for the “easy” standard.