I was thinking to use Nitrokey (NK) so that
- Nitrokey will be used on daily basis. It is used by me for authentication (e.g. SSH), encryption (e.g. my data), and signing (e.g. documents like PDFs).
- Masterkey is generated offline and locally - not in NK. It means that I can back up the masterkey and subkeys how I want.
- Secrets that are used on daily basis are stored to Nitrokey as subkeys.
IMO, this is pretty basic and minimal secure setup. But when I read the documentation, I noticed that you can import one master key and two subkeys to a NK, which means that I can only fit two subkeys instead of three (authentication, encryption, signing). So the first question is that is the NK designed to be used so that you always need to store master key in it? Although NK is a secure device, ideally I would not like to store masterkey to it. Have you considered use case like this when designing the NK? Or is my thinking somehow wrong to begin with? For example, should masterkey be used for signing user’s documents too?
If I can fit only two subkeys into NK, I have limited options available. For example, masterkey [sec] SC, subkey#1 [ssb] S, and subkey#2 [ssb] EA. With my current understanding however, ideally there would be separate subkeys for S, E, and A, right? Or do you think that there are some other alternatives?