NitroKeys Have Latest GnuPG Update? (2.3)

Hey all, recently GnuPG put out their first stable release of GnuPG 2.3

They made this announcement through their mailing list on April 8th, 2021. Here’s the link to that announcement:

There are some considerable improvements that they have made to this latest version of GPG.

Such as:

  1. New experimental key database daemon provided; this allows one to store keys in a ‘SQLite database’ for faster lookups. SQLCIpher (sqlite w encryption on the fly), immediately came to my mind when I read this one.

  2. Theres’ a new tool (gpg-card) which serves as a "flexible frontend for all types of supported smart cards.

  3. Users can now --chuid gpg, gpgsm, gpgconf, gpg-card, and gpg-connect-agent

  4. tpm2d is a new daemon that allows one to “physically bind keys to the local machine”

  5. ed25519/cv25519 is now the default

  6. Verification was strengthened ( you can read the changelog for more details on that)

  7. AEAD encryption is now supported via OCB or EAX (modes) for encryption

  8. v5 keys & signatures are supported

  9. ed448 has finally been added (and it can be used as an OpenSSH key pair too, which is a huge benefit

  10. There’s a ‘force sign key’ option

  11. EdDSA Certs can now be created (this used to not be an option)

Plenty of other useful features. Given NitroKey’s heavy security focus, this seemed like a match made in heaven.

Its listed on their downloads page now:

1 Like

The fact that there’s no response to this post here is actually kind of crazy in my opinion.

The entire purpose of this tool is to protect users and PGP is one of the main ways that this is done. In specific, you all use GnuPG.

So I would expect that the manufacturers of this product would be up to date on the latest version updates of this software, especially the major releases that provide considerable security enhancements.

I’m not stating that Nitrokey should be shipping out augmented devices immediately, but there should be a press release, announcement, etc., that addresses the latest release by GnuPG alongside either:

A) A roadmap with an estimated date for inclusion (by default) in most, if not all products


B) A good reason for why this isn’t being included (and it should be a really good one)

Can’t give this company any slack on this one because the entire reason and purpose for someone purchasing your products is to be secure. So for this company to avoid / ignore a massive update provided by GnuPG that essentially brings the tool into the 21st century (a little further, at least), is pretty egregious in my opinion.

If there won’t be a response, then I’ll consider another manufacturer that actually takes security seriously.

As regards content, I agree with you insofar as GnuPG’s update seems really important and also relevant to Nitrokeys.

I shall like to note, though, that not only in offline life the probability of getting a response rightfully depends strongly on how the question is phrased. In that respect, you neither really asked a question in the first place nor were exceptionally polite in your follow-up. Also, given that Nitrokey is a rather small company in terms of staff, only giving them less than 2 days to respond to a post in their user forum isn’t really adequate. You could have at least waited a bit longer. Sending them a direct message would also have been an option. Finally, this forum is, in my opinion, quite a testament for Nitrokey’s friendly customer communication.

Just my two pennies worth.


Hi @librehash !
Indeed, @Tencel is right here - I can’t find any direct question in the original body of your post. It does look more like an announcement to be honest. I have not noticed that until the last post.
If it is still valid, could you repeat / rephrase the question please?