Nitrokey 3A Mini
For private and corporate use - protection against mass surveillance and hackers.
Description
Security technology
Nitrokey 3 is based on an innovative security architecture:
All firmware is developed in the memory-safe Rust programming language. This avoids potentially security-critical memory errors.
The firmware is based on the Trussed framework developed in Rust, which is designed for security-critical embedded systems and developed in collaboration with our partner SoloKeys. Trussed performs, among other things, cryptographic operations. The code is, of course, published as open source.
The equipment is based on the LPC55S6x or nRF52 microprocessor, which has numerous security functions, such as Secure Boot, ARM TrustZone, Physical Unclonable Functions (PUF).
Additionally, the cryptographic memory uses a Secure Element (SE050), which is a quasi-smart card. It has been security certified up to the operating system level according to Common Criteria EAL 6+ and therefore also meets high security requirements.
Like all Nitrokey solutions, Nitrokey 3 is open source, so anyone can check its secure implementation.
klucz bezpieczeństwa, klucz sprzętowy, klucz zabezpieczający komputer, dwuetapowe uwierzytelnianie, zabezpieczenia kont w portalach internetowych, potwierdzenie tożsamości podczas logowania, klucz unikalny, security key, hardware key, computer security key, two-step authentication, security of accounts on Internet portals, identity confirmation when logging in, unique key, Sicherheitsschlüssel, Hardwareschlüssel, Computer-Sicherheitsschlüssel, Zwei-Faktor-Authentifizierung, Sicherheit von Konten auf Internetportalen, Identitätsbestätigung beim Anmelden, eindeutiger Schlüssel,
Technical Data
| Supported Systems and Interfaces | |
|---|---|
| Operating Systems | Windows, macOS, Linux, BSD, Android, iOS |
| Interfaces | Microsoft CSP, OpenPGP, S/MIME, X.509, PKCS#11, OpenSC, FIDO2, FIDO U2F |
| Overview of some websites with two-factor authentication on Dongleauth | |
| Technical Details | |
| Authentication standards | WebAuthentication (WebAuthn), CTAP2/FIDO2, CTAP1/FIDO U2F 1.2, HMAC-Based One-Time Password (RFC 4226), Time-Based One-Time Password (RFC 6238) |
| Two-factor authentication and passwordless login for unlimited number of accounts (FIDO U2F, FIDO2) | |
| Signed firmware updates | |
| With touch button | |
| Certification of the tamper-proof secure element according to CC EAL6+ | |
| Secure key storage | RSA 2048-4096 bit or ECC 256-521 bit, AES-128 or AES-256 |
| Elliptic curves | NIST P-256, P-384, P-521 (secp256r1/prime256v1, secp384r1/prime384v1, secp521r1/prime521v1), Ed25519/Curve25519, Koblitz (192-256 bit), brainpoolP256r1, brainpoolP384r1, brainpoolP512r1 |
| External hash algorithms | SHA-256, SHA-384, SHA-512 |
| One-time passwords | HOTP (RFC 4226), TOTP (RFC 6238), HOTP checking |
| Physical random number generator (TRNG) | |
| Activity indicator | four-color LED |
| Hardware interfaces | USB 1.1, type A |
| Compliance | FCC, CE, RoHS, WEEE, OSHwA |
