What about adding flat SC-HSM 4K smart cards and cyberjack readers to your shop?


It would be more convenient to order from a single place to save on shipping.

For example I am interested in your Nitrokey FIDO2 tokens and HSM2 preferably as a flat smart card.

Also adding a compatible SC reader with a PIN PAD like Reiner SCT Cyberjack would be very helpful.

May be you could test also other readers mentioned as supported on the open CCID driver page and having PIN PADs like: SCM SPR 532, Kobil KAAN Advanced, Cherry ST2000
with OpenSC and verify that their PIN PAD actually works correctly for a PIN confirmation especially with desired SC-HSM2 4K smart cards, and if they are compatible then you could add them to your shop too.

It would more convenient to order everything needed for a HSM2 flat smart card from your single reliable shop being sure they have the latest stable firmware and are all tested for compatibility with each other than ordering all of them from different places with unknown compatibility, unknown firmware levels and often sellers not competent enough even to answer corresponding technical questions.

May be sometimes in the future you could reach an agreement to being allowed to rebrand them as a Nitrokey :slight_smile:

Thank you for your suggestion. Those are always welcome.

From our experience the smart cards are not very popular among our customers which is why we don’t offer such. But if more people like you ask for it, we may add it.

IMHO smart cards have following advantages over USB tokens:

  1. If a user already has a good standalone SC reader it is generally less expensive to purchase several smart cards than several USB tokens with its own integrated reader each (if it is a real token with a secure SC chip inside it of course). HSM2 smart card is more economical than Nitrokey HSM2 USB token too.

  2. Nitrokey and many other USB tokens still are missing a confirmation button, so a reader with a PINPAD can be a workaround for better security to prevent malware on the host to do transactions by itself without user’s permission.

  3. Someone can trust a brandname USB reader he already has and tested more than to a manufacturer of a rare USB token device (I do not mean HSM2 smart card now). I mean malware issues like so called badusb.

  4. Someone may not like USB bus for security issues, and there are PCMCIA readers available, though I am not sure they are not actually just a USB->PCI bridge and a USB chip inside them.

I guess it is harder to integrate a malware into a small secure chip on a flat card? It shall have corresponding support in its PKCS11 driver? But if the driver is open like OpenSC then it is less risky than having a whole new USB device which can switch into a keyboard HID mode on its own and type for example rm -Rf / in a shell or something other nasty like it.