Nitrokey HSM 2: Number of Keys Storage


I am a little bit confused about how many keys are storable inside the Nitrokey HSM 2:

  • Info from the Website: Nitrokey HSM 2 |
    Speicherkapazität: 76 KB EEPROM insgesamt, max. 150 x ECC-521 Schlüssel, max. 300 x ECC/AES-256 Schlüssel, max. 19 x RSA-4096 Schlüssel, max. 38 x RSA-2048 Schlüssel, max. 65536 Datenobjekte
  • Info from the Datasheet:
    Speicherkapazität: 76 KB EEPROM insgesamt, max. 35 x ECC-521 Schlüssel, max. 55 x ECC/AES-256
    Schlüssel, max. 27 x RSA-4096 Schlüssel, max. 55 x RSA-2048 Schlüssel, max. 65536 Datenobjekte

There is 76KB if non-volatile memory available:

  • How many data objects does a key need?
    • AES256: 32 data objects
    • RSA-2048: 256 data objects
  • Can I also store only RSA-2048 + AES256 Keys? Is the the maximum still 55 RSA-2048 and 55 AES-256.
  • Is the number of storable keys additive? ( 35 x ECC-521 + 55 x ECC/AES-256
  • 27 x RSA-4096 S+ 55 x RSA-2048 + 65536 Datenobjekte)

Thank you for your help.
Best Regards

1 Like

Hi @51m0n !

As far as I know the non-volatile memory is shared among all key types and objects, hence the calculated maximum counts. There is some overhead for metadata as well (name, type, etc.), so it is not a raw secret key storage only.

@simon Can you check please, which of the calculations is correct?

Thanks for the feedback. We corrected the information on our website.

Each key and each certificate is stored in one data object.

The available storage is shared among all keys, nomatter of their types.

Hi @jan,

thank you for your answer.

Just for my understanding: The Nitrokey HSM 2 has 65536 data objects, so it is possible to store 65536 RSA-4096 certificates? But It only has 76KB of EEPROM data.

This is my assumption:
I have an application which needs 3 RSA-4096 certificats and one AES256 key. How many of this bundle of keys can I store on the Nitrokey HSM 2?

( 3 * 4096 + 256 ) / 8 = 1568 Byte
76 KB / 1568 Byte = 49,63 = 49 key pairs can be stored?

Is this correct?


In your case, ignore the 65536 data objects but just focus on the max. possible keys. It would be at least 27/4=6 combinations of 3xRSA4096 + 1xAES256 each. To get the exact number you would need to test it.

1 Like