[cryptography] Crowdfunding USB Security Key for Encryption - Nitrokey Storage

Jan Suhr jan at nitrokey.com
Mon Nov 23 17:38:05 EST 2015


Hi Ondrej!

Am 20.11.2015 um 14:31 schrieb Ondrej Mikle:
> On 11/19/2015 10:20 PM, Jan Suhr wrote:
>> Nitrokey Storage is a USB device which operates as a “digital latchkey”
>> to protect your data and user accounts.
> 
> Can you compare it to Yubikey Neo/Yubikey 4?
> 
> As far as I can see, Nitrokey has only the file encryption on top of
> Yubikey. Both Yubikey and Nitrokey support OpenPGP card and U2F. Yubikey
> has PIV applet.

Correct, Nitrokey Storage includes an encrypted mass storage (which
Yubikey doesn't). Furthermore Nitrokey is open source and open hardware,
allowing independent security reviews (we passed one audit already).

> Does Nitrokey implement U2F in a similar way to Yubikey - secp256r1
> elliptic curve on the smartcard? Seems also Nitrokey doesn't have the
> button required to press to activate U2F authenthication.

Only Nitrokey U2F, which is a separate product, supports U2F. The others
don't yet. However we are working to integrate U2F into the other
products as well.

>> Encryption of emails, hard drives, SSH, and other data via a highly secure
>> smart card
> 
> I can't see where the smartcard functionality is implemented. I looked
> at the repositories on your github, but can't find either the smartcard
> or a FPGA that would implement it in the BOM (I see the STM32 used for
> file/disk encryption). Or is the "smartcard" implemented on the STM32?

It's a completely separate smart card placed into a Micro-SIM socket.
You can't miss the SIM socket in the layout and BOM. The smart card
(OpenPGP Card) itself may not be in the BOM because it isn't sourced
through the ordinary electronic distributors but from the vendor directly.

Regards,
Jan

> Regards,
>   Ondrej
> 

-- 
Jan Suhr

Nitrokey UG (haftungsbeschränkt)
Web: https://www.nitrokey.com

Email: jan at nitrokey.com
Phone: +49 163 7010 408

Berliner Str. 166, 10715 Berlin, Germany
CEO / Geschäftsführer: Jan Suhr
Register Record: AG Charlottenburg, HRB 164549 B
VAT ID / USt-IdNr.: DE300136599


More information about the cryptography mailing list