What I would like to see in the next NitroKey


#1

I have been using a NitroKey Pro for about a year. I use it to boot my Debian GNU/Linux laptop and a few servers I run. I use 2fa for all my personal accounts from github to protonmail etc. Of course I sign everything I push into my repos etc with it too! I have also been using Maple Mini clones or “Blue Pills” with Gnuk. I like the fact that they can use ed25519 and are 100% code based and open source. I wont touch the Yubikey since they are NOT open source!

RSA was first publicly published in 1978. PGP is from 1991! Looking around at the code in the libs feels like you took a time machine back to the 90s! Ancient crusty old code! Not to mention the keys are freaking HUGE!! My Debian dev key-ring is well over 50MB!

What I and many others like me want to see is support for 25519. I am sure you know all about the perks of 25519 when it comes to side channel attacks etc. Don’t get me started about NIST snake oil!

As you know the OpenPGP card in the NK Pro and NK Storage do not support anything but RSA. This means a mcu solution is in order. This also means firmware upgrades and a lot of flexibility. Maybe something like the STM32F427VIT6? Can lock the boot loader but enable flashing of verifiable reproducible firmware builds etc. Lots of power and room for later development too. I also do not like that there are some NDA restrictions on the OpenPGP cards. Cost about eight USD in bigger lots but you save on not having to use a OpenPGP card.

Imagine a storage version of a firmware flashable token that could do ECC such as ed25519 and also U2F. Of course 100% open source both in hardware and code.

Any chance we might see something like this in the future?


#2

Hi,

At this moment, Nitrokey Pro and Storage are equipped with OpenPGP Card 2 and therefore are not compatible with elliptic curves (Nitrokey Start on the other hand is!). But there are plans to offer keys with the newer Version of OpenPGP Card which consequently will be capable to use curves. When exactly this will happen I can not say. We have to further test, but stay tuned!

As far as I know there will be no such combination of NK Storage and U2F in the near future. Hardware development and production is rather expensive and difficult. Combining the two conecpts (Smartcard based on OpenPGP Card and Fido U2F) would need some major adjustments in hardware and production.

Kind regards
Alex


#3

Hardware development and production is rather expensive and difficult. Combining the two conecpts (Smartcard based on OpenPGP Card and Fido U2F) would need some major adjustments in hardware and production.

This is very understandable. I am really interested in nitrokey succeeding for lots of principled reasons, however something like the yubi nano 4 currently beats out every product that nitrokey has in terms of practical usage (for crypto, obviously not storage): it has u2f + pgp support along with hardware touches to confirm pgp actions. It has a much better form factor too when on the go (think balancing a laptop on your lap).

Winning in this space requires something that can compete with that, otherwise you are going to have to fallback purely on the “we are opensource” argument, which some will find compelling, but many will not.

I have just purchased two nitrokey starts for pgp because I am interested in your principles, but I doubt they will be replacing the nanos that I have in my laptops anytime soon.


#4

I would be happy and even delighted if ecc curve 25519 was supported for nitrokey storage.

Although, I would want that to be what encrypts the volume with which my files are put on.

I don’t really use nitrokey for anything but storage at this time. :wink:


#5

Hi zapper,

ecc support for Pro and Storage is planned for the near future, but we have no release date yet, I am afraid.
Nitrokey Start is already capable of saving ECC though.

Kind regards
Alex


#6

I also would like to see elliptic-curve and U2F support in NK Storage. I’m sad there is no release date for the former and the latter is not even planned.


#7

Hi Damien,

ECC is supported on NK Storage 2 (because it is uses OpenPGP Card v3.3). It is already shipped, but not yet announced officially (should happen the next weeks though).

Supporting U2F means changing the hardware, which is not an easy task regarding the whole production chain. Thus, it needs a lot development time. Therefore we have no release plan for this feature, but we would like to see it as well.

Kind regards
Alex


#8

I will do without U2F for now and will let the browsers, web apps and android mature WebAuthn. Where can I buy a Storage 2?

Best


#9

You can’t yet (officially). Please wait for announcement on our News section to be sure. Shouldn’t take long anymore.


#10

It seems that Nitrokey Storage can only contain 3 keys. Will the Storage 2 allow for more than that?

I would like to store 4 keys: the main one and 3 sub-keys (sign, encrypt, authenticate). Is that a bad practice?


#11

While it may is not bad practice, currently no software would support it and thus you wouldn’t be able to make use of it. As far as I understand the OpenPGP Card v3 has kind of space for extending it for keys, but this isn’t neither described in the OpenPGP Card specification nor is it implemented in GnuPG or anything else.

I am not sure if using a DO would make any sense, @jan?


#12

Please please please, don’t store the master key on same device that you are using everyday, you neend’t and it’s dangerous. Use a cold storage, paper or another openpgp card (that you will store on a secure site).
You need master key: to sign subkeys or to sign other users key. There are not other use cases. Then you needn’t to have the master key side-by-side the subkeys. If you really want this, you can store the master storage as signing key…

ciao

luigi


#13

@nitroalex,
you should not suggest to follow a worst practice.


#14

Regarding master key: I don’t see a problem storing the master key on a Nitrokey and using it daily. The whole point of Nitrokey in respect to GnuPG is that keys are stored secure in the hardware. So why not use a master key? Still, a backup would be advisable in any case.

This won’t make sense.