Nitrokey 3C NFC
FIDO sets new standards in terms of ease of use and thus achieves high acceptance.
Description
FIDO U2F, FIDO2 for passwordless login
FIDO sets new standards in terms of ease of use and thus achieves high acceptance. FIDO reliably protects your accounts against password theft and phishing.
Protect your accounts against identity theft. One-time passwords are generated in Nitrokey and serve as a second authentication factor when logging in (in addition to the regular password). This will ensure your accounts remain safe even if your password is stolen.
Store your private keys securely for encrypting emails, hard drives or individual files in Nitrokey. This way they are protected against loss, theft and computer viruses and are always with you. Key backups protect against loss.
Keep your passwords securely encrypted in the integrated password manager. This way you will always have your passwords with you and they will be protected, even if you lose your Nitrokey.
Check the integrity of your computer's BIOS using Verified Boot. The colored Nitrokey LED indicates whether the BIOS is integral (green) or tampering has been detected (red). Supported computers require a Coreboot-based BIOS and heads such as NitroPad.
Security technology
Nitrokey 3 is based on an innovative security architecture:
All firmware is developed in the memory-safe Rust programming language. This avoids potentially security-critical memory errors.
The firmware is based on the Trussed framework developed in Rust, which is designed for security-critical embedded systems and developed in collaboration with our partner SoloKeys. Trussed performs, among other things, cryptographic operations. The code is, of course, published as open source.
The equipment is based on the LPC55S6x or nRF52 microprocessor, which has numerous security functions, such as Secure Boot, ARM TrustZone, Physical Unclonable Functions (PUF).
Additionally, the cryptographic memory uses a Secure Element (SE050), which is a quasi-smart card. It has been security certified up to the operating system level according to Common Criteria EAL 6+ and therefore also meets high security requirements. Due to energy requirements, the secure element can only be used via USB, but not via NFC.
Like all Nitrokey solutions, Nitrokey 3 is open source, so anyone can check its secure implementation.
klucz bezpieczeństwa, klucz sprzętowy, klucz zabezpieczający komputer, dwuetapowe uwierzytelnianie, zabezpieczenia kont w portalach internetowych, potwierdzenie tożsamości podczas logowania, klucz unikalny, security key, hardware key, computer security key, two-step authentication, security of accounts on Internet portals, identity confirmation when logging in, unique key, Sicherheitsschlüssel, Hardwareschlüssel, Computer-Sicherheitsschlüssel, Zwei-Faktor-Authentifizierung, Sicherheit von Konten auf Internetportalen, Identitätsbestätigung beim Anmelden, eindeutiger Schlüssel,
Technical Data
| Supported Systems and Interfaces | |
|---|---|
| Operating Systems | Windows, macOS, Linux, BSD, Android, iOS |
| Interfaces | Microsoft CSP, OpenPGP, S/MIME, X.509, PKCS#11, OpenSC, FIDO2, FIDO U2F |
| Overview of some websites with two-factor authentication on www.dongleauth.com | |
| Technical Details | |
| Authentication standards | WebAuthentication (WebAuthn), CTAP2/FIDO2, CTAP1/FIDO U2F 1.2, HMAC-Based One-Time Password (RFC 4226), Time-Based One-Time Password (RFC 6238) |
| Two-factor authentication and passwordless login for unlimited number of accounts (FIDO U2F, FIDO2) | |
| Signed firmware updates | |
| With touch button | |
| Certification of the tamper-proof secure element according to CC EAL6+ | |
| Secure key storage | RSA 2048-4096 bit or ECC 256-521 bit, AES-128 or AES-256 |
| Elliptic curves | NIST P-256, P-384, P-521 (secp256r1/prime256v1, secp384r1/prime384v1, secp521r1/prime521v1), Ed25519/Curve25519, Koblitz (192-256 bit), brainpoolP256r1, brainpoolP384r1, brainpoolP512r1 |
| External hash algorithms | SHA-256, SHA-384, SHA-512 |
| One-time passwords | HOTP (RFC 4226), TOTP (RFC 6238), HOTP checking |
| Physical random number generator (TRNG) | |
| Activity indicator | four-color LED |
| Hardware interfaces | USB 1.1, type A or type C, NFC |
| Compliance | FCC, CE, RoHS, WEEE, OSHwA |
