The topic of this article may not meet Wikipedia's notability guidelines for companies and organizations. (January 2016)
|Jan Suhr (CEO and Founder)|
Nitrokey is an open-source USB key used to enable the secure encryption and signing of data. The secret keys are always stored inside the Nitrokey which protects against malware (such as computer viruses) and attackers. A user-chosen PIN and a tamper-proof smart card protect the Nitrokey in case of loss and theft. The hardware and software of Nitrokey are open-source. The free software and open hardware enables independent parties to verify the security of the device. Nitrokey is supported on Microsoft Windows, macOS, Linux, and BSD.
In 2008 Jan Suhr, Rudolf Böddeker, and another friend were travelling and found themselves looking to use encrypted emails in internet cafés, which meant the secret keys had to remain secure against computer viruses. Some proprietary USB dongles existed at the time, but lacked in certain ways. Consequently, they established as an open source project - Crypto Stick - in August 2008 which grew to become Nitrokey. It was a spare-time project of the founders to develop a hardware solution to enable the secure usage of email encryption. The first version of the Crypto Stick was released on 27 December 2009. In late 2014, the founders decided to professionalize the project, which was renamed Nitrokey. Nitrokey's firmware was audited by German cybersecurity firm Cure53 in May 2015, and its hardware was audited by the same company in August 2015. The first four Nitrokey models became available on 18 September 2015.
Several Nitrokey models exist and the Nitrokey Pro is the flagship model. It contains the following features:
- A secure key storage to support OpenPGP (popular with individuals) and S/MIME (popular with businesses) email encryption standards. Nitrokey can also be used with various 3rd party applications such as TrueCrypt and VeraCrypt for disk encryption.
- One-time passwords (which are similar to TANs and used as a secondary security measure in addition to ordinary passwords). It supports the HMAC-based One-time Password Algorithm (HOTP, RFC 4226) and Time-based One-time Password Algorithm (TOTP, RFC 6238), which are compatible with Google Authenticator.
- Client Certificate Authentication is used to administrate servers securely via SSH, access Virtual Private Networks via OpenVPN.
- Password Safe stores encrypted static passwords inside the Nitrokey.
The upcoming Nitrokey Storage provides the same features as the Nitrokey Pro and additionally contains an encrypted mass storage.
- Nitrokey's secret keys are stored securely internally.
- A user-chosen PIN protects in case of loss and theft.
- Nitrokey's tamper-proof design protects it from sophisticated physical attacks.
- RSA keys of up to 4096 bit and AES-256 are supported.
- It is supported for Microsoft Windows, macOS, Linux, and BSD.
- It is compatible with many popular software like Microsoft Outlook, Mozilla Thunderbird, and OpenSSH.
- The secure implementation of the Nitrokey is published as open source and open hardware to enable independent reviews of the source code and hardware layout and to ensure the absence of back doors and other security flaws.
- Nitrokey's security is not dependent upon secret keys stored centrally with the device manufacturer.
- Nitrokey is published as open source software, free software, and open hardware.
- Nitrokey Start 
- Nitrokey HSM 
- Nitrokey Pro 
- Nitrokey Storage 16GB 
- Nitrokey Storage 32GB 
- Nitrokey Storage 64GB 
- Nitrokey FIDO U2F 
- Nitrokey FIDO2 
Nitrokey's developers believe that proprietary systems cannot provide strong security and that security systems need to be open source. For instance there have been cases in which NSA intercepts security devices being shipped and implanted backdoors into it. In 2011 RSA was hacked and secret keys of securID tokens been stolen which allowed hackers to circumvent their authentication. As revealed in 2010, many FIPS 140-2 Level 2 certified USB storage devices from various manufacturers could easily be cracked by using a default password. Nitrokey, because of being open source and because of its transparency, wants to provide high secure system and avoid security issues which its proprietary rivals were facing. Nitrokey's mission is to provide the best Open Source security key to protect the digital lives of its users.
- "Nitrokey | Secure your digital life". www.nitrokey.com. Retrieved 2016-01-07.
- "Introduction | Nitrokey". www.nitrokey.com. Retrieved 2016-01-07.
- "Krypto-Stick verschlüsselt Mails und Daten". c‘t Magazin für Computer und Technik. Retrieved 2016-05-31.
- "Krypto-Multitool". c‘t Magazin für Computer und Technik. Retrieved 2016-10-31.
- "Der mit Open-Source-Methoden entwickelte Crypto-USB-Stick". Linux-Magazin. Retrieved 2016-01-15.
- "GnuPG-SmartCard und den CryptoStick". Privacy-Handbuch. Retrieved 2016-01-15.
- Heiderich, Mario; Horn, Jann; Krein, Nikolai (May 2015). "Pentest-Report Nitrokey Storage Firmware 05.2015" (PDF). Cure53. Retrieved 15 February 2016.
- Nedospasov, Dmitry; Heiderich, Mario (August 2015). "Pentest-Report Nitrokey Storage Hardware 08.2015" (PDF). Cure53. Retrieved 15 February 2016.
- "How to secure your Linux environment with Nitrokey USB smart card". Xmodulo. Retrieved 2016-01-15.
- "Nitrokey Storage: USB Security Key for Encryption". Indiegogo. Retrieved 2016-01-15.
- "Nitrokey". GitHub. Retrieved 2016-01-15.
- "Nitrokey Storage Firmware and Hardware Security Audits". Open Technology Fund. Retrieved 2016-01-15.
- "Nitrokey Start". Nitrokey Start Shop. Retrieved 2018-06-29.
- "Nitrokey HSM". Nitrokey HSM Shop. Retrieved 2018-06-29.
- "Nitrokey Pro". Nitrokey Pro Shop. Retrieved 2018-06-29.
- "Nitrokey Storage 16GB". Nitrokey Storage 16GB Shop. Retrieved 2018-06-29.
- "Nitrokey Storage 32GB". Nitrokey Storage 32GB Shop. Retrieved 2018-06-29.
- "Nitrokey Storage 64GB". Nitrokey Storage 64GB Shop. Retrieved 2018-06-29.
- "Nitrokey FIDO U2F". Nitrokey FIDO U2F Shop. Retrieved 2018-06-29.
- "Nitrokey FIDO2". Nitrokey FIDO2 Shop. Retrieved 2020-01-02.
- "RSA Break-In Leaves SecurID Users Sweating Bullets | Security | TechNewsWorld". www.technewsworld.com. Retrieved 2016-01-07.
- "FIPS 140-2 Level 2 Certified USB Memory Stick Cracked - Schneier on Security". www.schneier.com. Retrieved 2016-01-07.
- "Using CryptoStick as an HSM". Mozilla Security Blog. Retrieved 2016-01-07.