Before I’ll buy the Nitrokey, I want to ask some basic questions:
I see only supported ECC key length for Nitrokey 3 is 256. Do I need to buy a new Nitrokey when support for 384, and 521 ECC key length will be added or can I have this support on already bought Nitrokey 3 through firmware upgrade?
Let’s say I need to move for a long time from one system to another or reinstall Linux/Windows. Will that change be any problem, that will require any additional manual intervention, some combinations or even worse buying the new Nitrokey? Can I use the same Nitrokey on multiple operating systems?
Are Nitrokeys compatible only with Windows 10/11 and Linux, or can I use them with FreeBSD, NetBSD, and OpenBSD too?
Can I use the same Nitrokey on multiple devices?
Is there limit how often or how many times I can upgrade Nitrokey firmware? Is Nitrokey firmware upgradeable?
Hardware does support higher bit lengths. App opcard-rs already got upgraded over time to enable more algorithms.
The device is meant to be used on multiple systems in parallel. Some things like gnupg settings need to be backed up.
They also work on Mac and according to shop page also on BSD. Some features might require Linux or Windows. e.g. firmware updates or using the companion app.
see 2
It is upgradeable with signed binaries from Nitrokey (but not downgradeable or with your own firmware if you don‘t have a development model) and there is also a high limit on the durability of the flash cells. But many upgrades should be no issue and safe for day to day use. There are development units that constantly got upgraded.
There is a secure element SE050 with a fixed algorithm support and capable microcontrollers for software implementations. But the apps e.g. OpenPGP (opcard-rs) or PIV must be written with the algorithms enabled and Nitrokey concentrated on fulfilling specs focussing on the most popular algorithm choices.
Yes. The Nitrokey is designed with this in mind. Upon insertion there is a small volume mounting that contains a version of the handling utility for each and every OS. Using this if needed, you don’t even require any preinstalled software on any foreign machine.
Can I return Nitrokeys if I found they don’t meet my requirements and get back money I spent? What about shipping costs? How many days do I have to return them?
Do Nitrokeys have split like primary device on which they should be mainly used and foreign devices on which they’re used occasionally or doesn’t it matter to which computer I plug Nitrokey in as soon as computer have supported OS?
From the perspective of the Nitrokey, it does not make a difference to which machine it is connected. So it is mostly about the state and configuration of your machines. The details depend on the application. For example, FIDO2 can generally be used from any device without configuration. For GnuPG, you need to import the public key before the first use.