Store both OpenPGP and SSH Ed25519 in the same Nitrokey


I consider buying a new Nitrokey to store both my OpenPGP and SSH keys. Both are Ed25519 keys. The OpenPGP has SC capability for the primary key and E for the sub-key. The SSH key would be the equivalent of an OpenPGP key with A capability I presume.

Now the Nitrokey documentation is quite helpful to learn how to store an OpenPGP key with SC, E and A capabilities. I did not find instructions to add the SSH key as a OpenPGP sub-key with A capability substitution though.

Considering that storing SSH in a Nitrokey is advertised on the website, how could one achieve that?

And which Nitrokey would support that considering the keys are both Ed25519 (Nitrokey Start or Nitrokey 3)?


In general, SSH auth should be possible with both Start and Pro (and 3), but importing two different subkeys may be a bit cumbersome and it’s definitely simpler/faster to just generate that anew. If not, check out this thread: ED25519 SSH! Key on Nitrokey Start - #7 by Perflyst and these docs for OpenSC utils: OpenPGP card · OpenSC/OpenSC Wiki · GitHub

1 Like

Actually, I do not need to import an existing key. I can generate a new one, which will be considerably easier.

I also found in another part of the Nitrokey documentation how to use keys for SSH authentication, which is what I was looking for.

1 Like