Key to Security

Consumer-grade security implemented by software is cost effective for most users, who may install and run password managers, encryption tools, and other privacy programs for virtually no cost; however, software comes with limitations.

Most users can live with these limitations, but if you are exceptionally conscious of your privacy or handle top secret data, you do not want to take any chances. Thankfully, you have alternatives to running your security applications in software only: Nitrokey.

Enter the Key

Nitrokey GmbH [1] is a German hardware company focused on security products. Its main product line is a variety of Nitrokeys, which are hardware authentication tokens in the form of pen-drive-sized units that connect to your computer or server over the universal serial bus (USB). The manufacturer offers a whole range of models with different capabilities, with prices ranging from EUR29 to 109 (VAT not included; or about $25--$88). They also produce a line of Qubes OS-certified laptops and Nextcloud appliances and provide a free Matrix instance for those who want a secure chat platform.

The Nitrokey website claims that their hardware can be used to enhance the security of certain web logins, email encryption, hard disk encryption, and SSH access. Whether this is true, and whether a Nitrokey is worth the cost, is what I intend to determine in this article.

I am reviewing Nitrokey Storage 2, the most featureful Nitrokey available. For EUR109 plus taxes and shipping, you get a Nitrokey with 16GB of encrypted, tamper-resistant storage, a password manager, and a sticker (Figure 1). What it lacks is a manual, which is disappointing. For the price, they should have included at least a quickstart guide. Instead, a label in the packaging instructs you to check the online documentation [2] for instructions.

Figure 1: A Nitrokey Storage 2 comes with a keychain hole and a sticker but no instruction manual.

The Nitrokey looks solid enough, but I have seen Kingston pen drives that looked hardier. The cap that covers the USB plug might to be easy to lose because you don't have a way to attach it to the body of the Nitrokey while the device is in use.

Getting Started

Your computer will need a software application to interface with the Nitrokey. Thankfully, you are provided a free, open source program [3] that supports FreeBSD, macOS, Windows, and many Linux distributions. AppImages, Flatpaks, and Snaps are also available.

Nitrokeys appear to be partially supported on Android smartphones over USB On-the-Go (OTG) [4], although it would require an adapter (Figure 2). In any case, Android is not listed as an officially supported platform.

Figure 2: An inexpensive OTG adapter would let you use a Nitrokey with an Android phone.

For testing, I decided to use Knoppix 9.1. The software necessary to initialize a new Nitrokey can be installed by issuing the commands:

sudo apt update
sudo apt install nitrokey-app

The Nitrokey App ends up under the Accessories category of the Start menu, from which the program may be launched and the Nitrokey plugged in for initialization. The documentation instructs you to change the default user and admin PINs and then load either OpenPGP or S/MIME keys into the Nitrokey (see the "What is OpenPGP?" box). The steps for changing the PINs are very intuitive (Figure 3), but key initialization is not.

Figure 3: The default PINs are easily guessable and must be changed from the systray applet.

I decided to generate an OpenPGP set of keys for testing, but the steps suggested by the documentation failed to function. As an alternative, I issued the commands

$ gpg --edit-card
gpg/card> admin
gpg/card> generate

to start an interactive menu (Figure 4) from which I could generate a set of keys. The strength of this method is that the keys are generated by an internal Nitrokey chip and are never accessible to the operating system. Therefore, the private keys cannot be retrieved by any means, even if the operating system is compromised. The Nitrokey boasts tamper-resistant storage, which in theory makes it impossible to access the private keys by prying the Nitrokey open.

Figure 4: The steps described by the official documentation didn't work, but gpg --card-edit made it possible to generate a set of OpenPGP keys on the Nitrokey.

Although not emphasized in the documentation, it is very important that the public keys are exported right away, using

gpg --armor --export <yourID> > key.asc

because they must be imported manually in every other computer on which you intend to use the Nitrokey. The pen drive is not capable of generating them on its own. If the computer on which you generated the keys is lost (which actually happened during my tests) and you have no copy of the public keys, the keys in the Nitrokey will be, for all intents and purposes, unusable, and you will need to generate new ones.

GNU Privacy Guard (GPG) or software that leverages GPG for encryption (e.g., Pass or Mutt) can then use the Nitrokey for decrypting sensitive data with an additional layer of protection. Because the private keys can never leave the Nitrokey, GPG sends any material that needs to be processed by the private key (e.g., an encrypted message) into the Nitrokey itself, which returns the processed data back to GPG (in my example, a stream of unencrypted data).

Therefore, for performing tasks like decrypting OpenPGP messages addressed to a given user, both the Nitrokey and the PIN used to unlock it must be under the control of the person performing the decryption. If the Nitrokey is not plugged in, it is impossible to decrypt any message addressed to the user. Should the Nitrokey be stolen, the keys within it will be useless to the thief because they can only be used by the person who knows the PIN. The Nitrokey provides a limited number of attempts for guessing the PIN: Once the limit is reached, the keys become unavailable.

The advantages of using a Nitrokey for storing OpenGPG keys are, thus, substantial.

Protected Computer Login

Nitrokeys may be used as access tokens for privileged access management (PAM)-enabled distributions. You may, for example, configure your operating system to allow only you to login if you plug in a Nitrokey that contains your set of keys. Once this is done, only a person controlling both the Nitrokey and its PIN may login, invoke sudo, or unlock the screensaver.

This method is a big upgrade from regular password protection because obtaining the password is no longer enough for the attacker.

The steps for using the Nitrokey in such a way are documented [6], but setting up the configuration involves messing with PAM configuration files and carries the possibility of breaking your operating system and rendering it unusable. Additionally, the documentation is not very helpful.

I used Ubuntu 21.04 to test the Nitrokey as a login token. The first step was to install poldi, which is a PAM component designed to work with OpenPGP tokens:

sudo apt-get install libpam-poldi

Next, you need to obtain the application ID of the Nitrokey. After plugging it in, issue the command

gpg --card-status | Application

to see the identifier (e.g., D00600012401020000000000xxxxxxxx).

Now, poldi must be informed that it is supposed to manage the authentication of the system user. For example, if your login name is linux , you would place the following line in /etc/poldi/localdb/users:

$application_identifier linux

and replace $application_identifier with the string you got in the previous step. This operation requires root privileges.

The last part is dangerous; mistakes may render your operating system unusable, so ensure you have a rescue CD around just in case you break something. You must modify PAM to accept the Nitrokey. The easiest way to do this in Ubuntu 21.04 is to open the file /etc/pam.d/common-auth and repace the line

auth [success=2 default=ignore] pam_unix.so nulloc.secure

with the line:

auth [success=2 default=ignore] pam_poldi.so

From now on, you will need to plug the Nitrokey into a USB port and enter the PIN for login into a graphical session, unlocking the screensaver or even invoking sudo. The bad news is that integration seems a bit rough around the edges. For example, the appearance of the Gnome display manager (GDM) is slightly mangled when asking for the Nitrokey PIN instead of a user-password combination.

One must wonder whether going through this hassle is worth the trouble. It certainly works as advertised, but the only threat this setup protects against is hardware keyloggers intended to steal your login password, because the person who planted the keylogger will need your Nitrokey to log in, even if your PIN is discovered. It is a neat concept but not extremely useful. Somebody capable of planting a keylogger to steal your password probably can boot the computer with a Live CD while nobody is watching to perform all sorts of horrible deeds without your credentials.