Nitrokey as a master key


I am new to secure USB and have what may be a basic question.

I am trying to use Nitrokey as a type of master key that would enable application feature(s) when inserted in a USB port. I need to store something on the Nitrokey device that would not be easily replicatable that I can use to authenticate that this Nitrokey was not created by an adversary.

Perhaps I can store a [RSA] private key on the Nitrokey and a set of public keys in my app. I can then encrypt a test file using a public key and try to decrypt it with Nitrokey.

Will this work?

Are there examples of doing something similar?

Thank you very much!


honestly, I am not quite sure if I understand you correctly.

You can create a key directly on the Nitrokey. This key never exist outside the card, as the card is tamper-resistant and the key is not cloneable. So only the person in possession of the Nitrokey and the PIN should be able to decrypt a content encrypted with the public key of the Nitrokey, yes.

Kind regards