Nitrokey is an open sourceUSB key to enable secure encryption and signing of data. The secret keys are always stored inside the Nitrokey which protects against malware and attackers. A user-chosen PIN and a tamper-proof smart card protect the Nitrokey in case of loss and theft. The hardware and software of Nitrokey are available as open source, free software and open hardware which enables independent parties to verify the security of the device. Nitrokey is supported on Microsoft Windows, Linux, and macOS.
History
In 2008 Jan Suhr, Rudolf Böddeker and another friend were travelling and found themselves looking to use encrypted emails in internet cafés, which meant the secret keys had to remain secure against computer viruses. Some proprietary USB dongles existed at the time, but lacked in certain ways. Consequentially, they established as an open source project - Crypto Stick - in August 2008 which grew to become Nitrokey. It was a spare-time project of the founders to develop a hardware solution to enable the secure usage of email encryption. The first version of the Crypto Stick was released on 27 December 2009. In late 2014 the founders decided to professionalize the project, which was renamed Nitrokey. Nitrokey's firmware was audited by German cybersecurity firm Cure53 in May 2015, and its hardware was audited by the same company in August 2015. The first four Nitrokey models became available on 18 September 2015.
Technical features
Several Nitrokey models exist and the Nitrokey Pro is the flagship model. It contains the following features:
The secure implementation of the Nitrokey is published as open source and open hardware to enable independent reviews of the source code and hardware layout and to ensure the absence of back doors and other security flaws.
Nitrokey's security is not dependent upon secret keys stored centrally with the device manufacturer.
Nitrokey is published as open source software, free software, and open hardware.
Devices
Nitrokey Start
Nitrokey HSM
Nitrokey Pro
Nitrokey Storage 16GB
Nitrokey Storage 32GB
Nitrokey Storage 64GB
Nitrokey FIDO U2F
Nitrokey FIDO2
Philosophy
Nitrokey's developers believe that proprietary systems cannot provide strong security and that security systemsneed to be open source. For instance there have been cases in which NSA intercepts security devices being shipped and implanted backdoors into it. In 2011 RSA was hacked and secret keys of securID tokens been stolen which allowed hackers to circumvent their authentication. As revealed in 2010, many FIPS 140-2 Level 2 certified USB storage devices from various manufacturers could easily be cracked by using a default password. Nitrokey, because of being open source and because of its transparency, wants to provide high secure system and avoid security issues which its proprietary rivals were facing. Nitrokey's mission is to provide the best Open Sourcesecurity key to protect the digital lives of its users.
