Nitrokey choices

Hello, I want to buy a nitrokey, with USB-A, but not sure which model, my idea is to use it with openpgp signatures and encryption. And also to open a password database used in softwares like keepassxc.
How is the backup of the encryption keys made, is it possible to have something on paper, then if one loses the device, just restore on a new device?

In fact you could do a backup of your GPG key using paperkey and it will be indeed safe on paper.

For your use case I would recommend a Nitrokey Storage 2 because of the following features:

  • GPG key on smartcard which is the best possible security
  • Password manager for 16 passwords on smartcard e.g. for master passwords used in software or cloud password managers.
  • Unencrypted storage that can be made read-only e.g. for safely storing a Linux ISO for booting a trusted environment
  • Encrypted storage to hold a backup of your most important files like a password manager database
  • Password managers like Keepass could be protected by HTOP generated on the Nitrokey

Backup of the GPG key is also possible with the entry level Nitrokey Start while not using a smartcard, it also stores keys encrypted and secure in the flash on the token. A file or paper backup would be just the same and you could use pass a password manager that encrypts all entries using a GPG key.


Thanks for your detailed answer, I only did not understand one thing completely, I have used a Yubikey to open the keepassxc client in the past instead of using a password, can it be done with the Nitrokey Storage 2 as well?

There are different plugins. For keepass 2.0 otpkeyprov can be used to bind the database to the Nitrokey Storage and Pro HTOP. Not tried with keepassxc.

1 Like

Thanks for all the info!