Nitrokey 3 has recently added support for OpenPGP and it would be great if it could be used on Android, for example with OpenKeychain. Although its maintenance is on hold, I don’t know of any other alternatives at this time.
It looks like I was wrong, I tested it today by first adding the public key to the app from a file (since it didn’t want to read it from the token). The application works with Nitrokey 3, successfully encrypts and decrypts files.
Are you sure this works? Here it looks like the NK3 is not supported by OpenkeyChain. I’ve manually imported the public-key but I am not able to decrypt mails in K9.
If I open an encrypted mail a Dialog pops-up showing a message: “This key is not available. To use this key, you have to import them as one of your own keys”
When I try to add the Token to OpenkeyChain it reports: “This Security Token is not yet supported by OpenKeychain”
It doesn’t work over USB, but it works with NFC. Although on the latest firmware it doesn’t connect, it says that I removed the token too early, although this is not the case. At the same time, a red light is on on the token.
Thanks for your response! In this case I suspect my nitrokey has a nfc-malfunction . It seems to be not detected at all.
Seems to be a problem with NFC on 1.4.0 is known: OpenPGP card stuck after trying to use it in OpenKeychain · Issue #157 · Nitrokey/opcard-rs · GitHub
I faced the same issue on both of my nk3c with latest firmware 1.5.0
And now i read, that gpg via NFC is not supported anymore… wtf…
And it does not work via USB-C on my android with openkeychain. Not on my Huawai not on my Samsung.
Just to confirm/understand: you imported your public key which resides on the Nitrokey 3 into OpenKeychain and then encrypting via NFC works on Android?
This worked in the Testrelease.
And now, they dropped support.
I’m really pissed.
Got my keys more thsn one year after i ordered them, and firmware is still after 2 years after ordering not finisged, and they dropped promised functionality.
I’m rwally pissed.
The lack of support is very sad. I bought the Nitrokey 3 to use K9 Mail and Openkeychain via NFC and OpenPGP to get rid of USB dongles. Now I have to go back and use my Nitrokey Pro 2 with a USB-C to USB-A cable.
The problem isn’t NFC support, but the need to implement NK3 over USB support in Openkeychain. But since this project stagnates, then we need to create a fork or another app. Even if it only works with Nitrokey, it’s much better than no such app.
There is currently an open pull request to add support for USB in openkeychain for nitrokey: Add support for NitroKey v3 by sjlongland · Pull Request #2842 · open-keychain/open-keychain · GitHub
It was explained on github that due to power limitations NFC support for PGP is tricky, but possible to be added and if enough people will declare need for this functionality it will probably be added sooner. If you’d have a use for that let developers know.
If NFC was available I could much more quickly use PGP on android and it would become practical to login to online services on-demand rather than staying always logged in (which wouid be better for security).
For this I have as a customer no understanding that you still have to go begging to developers. The webshop suggests that the Nitrokey 3A NFC supports Android and OpenPGP, FIDO2, etc. Quote:
Supported Systems and Interfaces
- Operating Systems: Windows, macOS, Linux, BSD, Android, iOS
- Interfaces: Microsoft CSP, OpenPGP, S/MIME, X.509, PKCS#11, OpenSC, FIDO2, FIDO U2F
I have the latest firmware 1.5 and Android 13 with all updates. NFC with Android does not work reliably for me. With NFC, OpenKeychain tells me that Nitrokey 3A must have been taken off too early. With and without protective case the same. With USB, OpenKeychain tells me that Nitrokey 3A is not supported.
I have to put the E from the CE sign exactly on the plus of the OnePlus logo. Then the app NFSee could sometimes read the Nitrokey via NFC (see screenshot). But not always either. After that, the Nitrokey seems to freeze somehow and NFC stops working for a while.
In my opinion, the NFC firmware is not yet mature and unusable at the moment.
How long has it been on the market? More than 2 years? High time that the promises are kept!
Then the app NFSee could sometimes read the Nitrokey via NFC (see screenshot). But not always either.
My guess as a non-tech person would be that this is symptom of the power limitation in the current design.