I have been using a NitroKey Pro for about a year. I use it to boot my Debian GNU/Linux laptop and a few servers I run. I use 2fa for all my personal accounts from github to protonmail etc. Of course I sign everything I push into my repos etc with it too! I have also been using Maple Mini clones or “Blue Pills” with Gnuk. I like the fact that they can use ed25519 and are 100% code based and open source. I wont touch the Yubikey since they are NOT open source!
RSA was first publicly published in 1978. PGP is from 1991! Looking around at the code in the libs feels like you took a time machine back to the 90s! Ancient crusty old code! Not to mention the keys are freaking HUGE!! My Debian dev key-ring is well over 50MB!
What I and many others like me want to see is support for 25519. I am sure you know all about the perks of 25519 when it comes to side channel attacks etc. Don’t get me started about NIST snake oil!
As you know the OpenPGP card in the NK Pro and NK Storage do not support anything but RSA. This means a mcu solution is in order. This also means firmware upgrades and a lot of flexibility. Maybe something like the STM32F427VIT6? Can lock the boot loader but enable flashing of verifiable reproducible firmware builds etc. Lots of power and room for later development too. I also do not like that there are some NDA restrictions on the OpenPGP cards. Cost about eight USD in bigger lots but you save on not having to use a OpenPGP card.
Imagine a storage version of a firmware flashable token that could do ECC such as ed25519 and also U2F. Of course 100% open source both in hardware and code.
Any chance we might see something like this in the future?
At this moment, Nitrokey Pro and Storage are equipped with OpenPGP Card 2 and therefore are not compatible with elliptic curves (Nitrokey Start on the other hand is!). But there are plans to offer keys with the newer Version of OpenPGP Card which consequently will be capable to use curves. When exactly this will happen I can not say. We have to further test, but stay tuned!
As far as I know there will be no such combination of NK Storage and U2F in the near future. Hardware development and production is rather expensive and difficult. Combining the two conecpts (Smartcard based on OpenPGP Card and Fido U2F) would need some major adjustments in hardware and production.
Hardware development and production is rather expensive and difficult. Combining the two conecpts (Smartcard based on OpenPGP Card and Fido U2F) would need some major adjustments in hardware and production.
This is very understandable. I am really interested in nitrokey succeeding for lots of principled reasons, however something like the yubi nano 4 currently beats out every product that nitrokey has in terms of practical usage (for crypto, obviously not storage): it has u2f + pgp support along with hardware touches to confirm pgp actions. It has a much better form factor too when on the go (think balancing a laptop on your lap).
Winning in this space requires something that can compete with that, otherwise you are going to have to fallback purely on the “we are opensource” argument, which some will find compelling, but many will not.
I have just purchased two nitrokey starts for pgp because I am interested in your principles, but I doubt they will be replacing the nanos that I have in my laptops anytime soon.
ECC is supported on NK Storage 2 (because it is uses OpenPGP Card v3.3). It is already shipped, but not yet announced officially (should happen the next weeks though).
Supporting U2F means changing the hardware, which is not an easy task regarding the whole production chain. Thus, it needs a lot development time. Therefore we have no release plan for this feature, but we would like to see it as well.
While it may is not bad practice, currently no software would support it and thus you wouldn’t be able to make use of it. As far as I understand the OpenPGP Card v3 has kind of space for extending it for keys, but this isn’t neither described in the OpenPGP Card specification nor is it implemented in GnuPG or anything else.
I am not sure if using a DO would make any sense, @jan?
Please please please, don’t store the master key on same device that you are using everyday, you neend’t and it’s dangerous. Use a cold storage, paper or another openpgp card (that you will store on a secure site).
You need master key: to sign subkeys or to sign other users key. There are not other use cases. Then you needn’t to have the master key side-by-side the subkeys. If you really want this, you can store the master storage as signing key…
Regarding master key: I don’t see a problem storing the master key on a Nitrokey and using it daily. The whole point of Nitrokey in respect to GnuPG is that keys are stored secure in the hardware. So why not use a master key? Still, a backup would be advisable in any case.