Which should i choose

abijma · June 3, 2020, 1:38pm

Hi all, i’m new to Nitrokey and wondering which i should choose.

NitroKey Fido2 looks newer to me than Fido U2F, is that right?
I’ve seen the “Nitrokey Family” overview with all the specs. But which should i choose?

I would like to use Fido2, but that is only available on the NitroKey Fido2?
Harddisk encryption is nice aswell but is not available on NitroKey Fido2.
HSM2 has the PKI feature, but the others doesn’t.
OTP and email encryption are only available on the Storage2 and Pro2.

Pro2 could be the best buy for me but then i’m missing the Fido2 and PKI feature. In which the Fido2 is more important for me.

As you see i need some tips, who can help me in this? Please share your experience!

nitroalex · June 4, 2020, 8:55am

Hello,

if you are looking for a device which combines all - you won’t find it! I am sorry.

Instead, it might be useful to ask yourself, what exactly you actually need. If you need all the mentioned features, I guess, you need to buy the FIDO2, a Start, Pro OR Storage and a HSM (=3 devices).

We would love to bring FIDO2 to the Pro/Storage one day, but unfortunately, this is not the case yet and not an easy task for a small company. The HSM with the pki compatibility does not make sense for the other devices, so this probably won’t get included elsewhere anytime.

Kind regards
Alex

szszszsz · June 4, 2020, 10:30am

Hi!
Just wanted to clarify, that FIDO2 support for the all models except Nitrokey HSM is on the roadmap though, with no specific dates yet.

abijma · June 4, 2020, 10:59am

well i could work with the FIDO2 i guess but it’s a pitty i’m then missing the OTP, but i understand that’s what is it. And otherwise i have to order the Pro also.
Thanks for the answers!

Peacekeeper · June 4, 2020, 2:55pm

Let me hijack this for one question: If I would like to use multiple different ID’s, shall I use multiple NK Pro’s or one HSM ( which might be a bit difficult ) ? Is there a NK on the roadmap to support such a use case ?

szszszsz · June 6, 2020, 10:37am

Hi @Peacekeeper!

We have just released a new Nitrokey Start firmware (RTM.9+), which supports 3 completely separated identities. More about this feature: nitrokey-start-firmware#33.
We plan to release the tool for switching identities as Python package (until then it has to be run by the Python file directly).

Peacekeeper · June 7, 2020, 5:34pm

Oh ! That sounds interestin- now: do you also plan to do a simliar function on the NK Pro 2 or do I need to buy a new hardware

nitroalex · June 8, 2020, 9:31am

If you talk about GnuPGs IDs, then HSM is not the best solution, I would go for the multiple physical devices option regarding Pro/Storage. If NK Start is suitable for your use-case, the mentioned new feature is cool. This is not applicable the Pro and Storage though, unfortunately.

Peacekeeper · June 8, 2020, 2:46pm

Thanks for the additional infos. I assume multiple ID’s will be a requirement in the future like dual sim cards for phones - to differentiate private and business use cases. Or to store different PK for different servers in one key - instead of a bunch of keys on a keyring.