I am interested in buying some of the Nitrokey Storage 2 devices. I read the docs but have still some questions.
As I am using KeepassXC I want to move my KeePass database to the encrypted Nitrokey Storage 2 hidden volume. How can I move my KeePass database file (.kdbx) to the Nitrokey Storage hidden volume? Is this done via Nitrokey App 1 which I have to install on my OS or via OS terminal/file manager?
Is KeepassXC or another password manager preinstalled on Nitrokey Storage 2 which should be used instead of my described method above? If yes, why?
Same questions apply for the use of PGP keys. How should I move them to the encrypted Nitrokey Storage hidden volume and is a software like GPA preinstalled on the Nitrokey Storage?
You don’t tell which is your operating system. Assuming you are running KeePass on Linux, Mac or Windows*, you’ll need to install the corresponding utility on your OS, then run it to mount the Nitrokey volumes (the encrypted one and the hidden one).
There is a third, small volume that is NOT encrypted, automatically mounts and just contains the latest versions of these utilities, allowing you to plug the key on some friend’s computer and run from there, assuming you trust your friend’s machine.
Once the hidden volume is mounted it appears just like another volume, and you simply use your OS to drag & drop your database there like any other file.
You say you want to move it. Please remember that if you lose your Nitrokey, or forget your password, absolutely nobody can help you recovering.
You may wish to keep a second copy somewhere… I for one leave my sensitive files on the home machine, because I am not a spy or else, and move them to work and back on the key -my use case is probably not yours : just “if I loose the key during the trip, I’m safe.”
There is no Keepass instance on the Nitrokey, but you can copy one there for instance.
H.
(*) To my knowkedge and sadness, there is no utility for connecting the Nitrokey to an Android system -but things may have changed since I bought mine.
For PGP keys: Is my understanding right, that you should not just copy the PGP keys (.asc files) to the Nitro Key Storage, instead you should use the keytocard function of GnuPG as described here: OpenPGP Key Generation With Backup - Nitrokey Documentation ?
But how it is ensured that the keys are copied into the hidden volume by using keytocard?
In general does that mean there is some sort of smartcard software installed on the Nitrokey Storage by default so that GnuPG recognizes this and the keytocard function works as well as the card manager function of GPA?
The Nitrokey Storage contains a full smartcard that is OpenPGP compatible and can hold your secret key. If it needs to be hidden, then you would need to copy regular filebased gpg keys to the hidden storage area.
You have multiple areas:
Smartcard can store a private key and certificates in Data Objects
Public volume (can be made read/write, modified by you and locked again. This is unencrypted available and could store portable apps
Encrypted volume that gets unlocked via the app, the smartcard and your password
Hidden volume. Same as above but hidden and uses another password
