Password safe / otp feature requests


With the Nitrokey App, I see an option to send HOTP with double press of keys that have keyboard indicator lights. I’ve created a device that does something similar, it acts as usb hid keyboard and types a different string based on how many times the indicator has changed. I’d like to see additional options with Nitrokey app for doing something like this:

1.) Options to type from password vault and/or totp as well as hotp
2.) Options for more selections based on number of keypress (example: double press caps lock = slot 1, triple press caps lock = slot 2, etc)
3.) I’d like to see OTP information stored encrypted (or an option for the same) instead of plaintext in flash memory. It could be stored plaintext if pin entry is not required, and stored encrypted if pin entry is required (providing level of security based on user’s selection).

With my creation, it also checks state of capslock and sends key press to unset capslock before and reset capslock after string is typed if necessary, as well as toggle of indicator on odd number of key presses (so that with odd number of indicator changes, it isn’t left in inverted state).


Conceptually triggering TOTPs with double-clicks won’t be possible because the Nitrokey doesn’t has a clock which is requried to generate a TOTP.

Could you help to implement this by any chance? That would be great.

If the OTP value is encrypted, double-clicking can’t work anymore due to lack of password entry. But more important: OTPs are 2nd factors and not primary factors. This is why they are usually not protected at all! Think of those OTP dongles with display which show everybody who presses the button the OTP. Our PIN protection is very much an option and usually not required and if I remember correct the OTPs are encrypted in memory - but I’m not sure.

Thanks for that information. Indeed, totp would be difficult without a real time clock source on the device. It might be done by periodic time sync with app, but probably more troublesome than it’s worth and too likely to be buggy (the same reasons I haven’t tried totp on my AVR creation). For implementing more hotkey options, I’ll have to see if I can wrap my head around the workings of the hardware and software stack of the Nitrokey. I really like this product / project, so I wouldn’t mind contributing if I find myself capable. Before I begin, is it conceptually feasible to have password vault entries available by hotkey based on whether pin entry has been provided in the application (or pin given by gpg application)?

Do you mean the user would need to enter PIN in Nitrokey App, perhaps exit the app, and double-press the hotkey eventually? I don’t see the actual benefit because users would need the App anyway.

Yes, I mean adding password vault entries to hotkey, make them only available when key is unlocked. I never said it was a **good ** idea :wink: , if you don’t see the value in it I am OK with that.