Nitrokey
What is Nitrokey?
NitrokeyAn open-source security key from German vendor Nitrokey GmbH that provides FIDO2, OpenPGP, X.509 smart-card and OTP functionality in a USB token.
Nitrokey is a family of hardware security tokens designed and manufactured by Nitrokey GmbH in Berlin under fully open-source firmware and hardware. Models such as the Nitrokey 3, Nitrokey Pro 2 and Nitrokey HSM 2 offer combinations of FIDO2/WebAuthn, OpenPGP signing and encryption, PKCS#11/X.509 smart-card emulation, HOTP/TOTP one-time passwords and disk encryption helpers. Because firmware sources and audits are public, Nitrokey is popular with developers, privacy advocates and organisations that want a vendor-neutral, EU-made alternative to closed authenticators. It integrates with GnuPG, OpenSSH, Microsoft Entra, Linux desktops and standard FIDO2 services.
● Examples
- 01
Storing an OpenPGP signing subkey on a Nitrokey Pro 2 for git commit signing.
- 02
Using a Nitrokey 3 as a FIDO2 authenticator to log on to a Linux workstation.
● Frequently asked questions
What is Nitrokey?
An open-source security key from German vendor Nitrokey GmbH that provides FIDO2, OpenPGP, X.509 smart-card and OTP functionality in a USB token. It belongs to the Cryptography category of cybersecurity.
What does Nitrokey mean?
An open-source security key from German vendor Nitrokey GmbH that provides FIDO2, OpenPGP, X.509 smart-card and OTP functionality in a USB token.
How does Nitrokey work?
Nitrokey is a family of hardware security tokens designed and manufactured by Nitrokey GmbH in Berlin under fully open-source firmware and hardware. Models such as the Nitrokey 3, Nitrokey Pro 2 and Nitrokey HSM 2 offer combinations of FIDO2/WebAuthn, OpenPGP signing and encryption, PKCS#11/X.509 smart-card emulation, HOTP/TOTP one-time passwords and disk encryption helpers. Because firmware sources and audits are public, Nitrokey is popular with developers, privacy advocates and organisations that want a vendor-neutral, EU-made alternative to closed authenticators. It integrates with GnuPG, OpenSSH, Microsoft Entra, Linux desktops and standard FIDO2 services.
How do you defend against Nitrokey?
Defences for Nitrokey typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Nitrokey?
Common alternative names include: Nitrokey 3, Nitrokey Pro, Nitrokey HSM.
● Related terms
- cryptography№ 413
FIDO Security Key
A hardware authenticator that uses the FIDO U2F or FIDO2/WebAuthn standards to perform phishing-resistant, public-key-based authentication to web and enterprise services.
- cryptography№ 1054
Smart Card
A credit-card-sized device with an embedded secure microcontroller that stores credentials and performs cryptographic operations, defined by ISO/IEC 7816 for contact cards.
- cryptography№ 827
PIV Card
A US federal smart card that carries identity credentials and PKI keys as defined by FIPS 201 and NIST SP 800-73, used by federal employees and contractors.
- identity-access№ 1230
WebAuthn
A W3C standard JavaScript API that allows web applications to register and authenticate users with public-key credentials stored on platform or roaming authenticators.