22 May 2023

Nitrokey 3

A while ago I bought a Nitrokey 3C NFC, and they just released version 1.4 of the firmware, which brings one important new feature.

Nitrokey

Nitrokey is the name of a German company but also of their main product. A Nitrokey is a hardware security token, usually in the form of a USB dongle.

Those keys usually implement different features for different usage like:

• FIDO/FIDO2 for multi-factor authentication or passwordless authentication;
• OpenPGP Smart Card for encryption and digital signature;
• …

Nitrokey 3

Version 3 is the latest one and comes in different flavors:

• a USB-C connector and NFC;
• a USB-A connector and NFC;
• a USB-A connector, no NFC, small size.

The main difference with the previous Nitrokeys is that the firmware is being completely rewritten in rust and is based on the Trussed framework (also used by Solokeys).

Like previous ones, it’s still open source and open hardware.

The main issue with re-writing everything, is that everything as to be rewritten 😉. Lots of functionalities available on previous Nitrokeys are not yet implemented on Nitrokey 3. But the recent 1.4 firmware added a long awaited functionality: OpenPGP card.

PGP can be used in a lot of different scenarios and is a critical piece of information that need to be stored safely, like in an OpenPGP card.

Installing a Nitrokey 3

Being a recent device, you might need to install specific udev rules:

wget https://raw.githubusercontent.com/Nitrokey/libnitrokey/master/data/41-nitrokey.rules
sudo mv 41-nitrokey.rules /etc/udev/rules.d/
sudo service udev restart

The official documentation has a detailed installation procedure and how to update the firmware.

This series of posts is mostly for myself, as a reminder of how to do things. Also, the official Nitrokey 3 documentation was a bit light when I started to write those posts, but now it contains quite a lot of information.

Update 2025-07-13: my Nitrokey 3C NFC broke. The connector’s soldering broke as it’s surface mounted and not through-hole mounted. Surface mounting a connector is usually a bad idea as it’s prone to break given the force applied to the connectors each time is connected/disconnected. I had confirmation that current Nitrokey 3C NFC still have, at the date of this update, an SMT connector. For people planning to buy one, I would suggest waiting, maybe check the hardware repo for any changes, or buy a Nitrokey 3A NFC; that one seems to have a THT connector.

This is why you MUST have backup solutions (backup codes for FIDO, private key backup for PGP…).

Next steps:

• Nitrokey 3: GPG keys generation
• Nitrokey 3: Importing GPG keys
• Nitrokey 3: GPG and emails
• Nitrokey 3: SSH
• Nitrokey 3: Git
• Nitrokey 3: Login
• Nitrokey 3: Misc