Which Nitrokey is the best, for my app off course

just to have your opinion.

I am searching a device to stock 5 AES-128 symmetric or private keys.

Those keys have to be created or imported on the device, but should be exporter or imported using a XKEK, to be able to be also used on other type of device, so with an XKEK.

What item matches the best this requirements ?

Thank you all and have a nice we !


1 Like


Nitrokey HSM 2 should complete these requirements. It supports XKEK, and can store 38 RSA keys or 300 ECC keys. Here is the Nitrokey HSM 2 factsheet.

From your other posts I see you have tested it already, but it has not worked for some of your cases. Let me response in proper topics.

Edit: AES keys might not be supported though. Here is supported algorithms reference table.

Edit: According to the HSM vendor, AES is supported: https://www.smartcard-hsm.com/features.html.

Hello szszszsz, thank you.

Yes, I am trying with a HSM 2, but did not yet make it work. With your confirmation, I will try a little longer…

Hello szszszsz,

indeed, it seems to be the one.

I have still to have the XKEK work, but the rest is fine.

Thank you.


About XKEK, I am not aware of any documentation unfortunately. I would search however either on HSM vendor pages, or through his CDN / support channels. In case you would find it please let me know.

cc: @sc-hsm Could you direct to the XKEK documentation?

Better XKEK documentation would be perfect! XKEK would solve some still existing drawbacks …

I asked already about XKEK here: Key Exchange between two or more NitroKey HSM2 with XKEK

There seems to be low-level documentation at CDN. But I didn’t find any examples so far.

Yes, I read this, and agree with you.

In the “AGD_SmartCard-HSM_V3.1rc1_User_Manual” we can find how to use it, but this is not trivial and has no examples…