Hardware security key support in the OS?

torpedo · August 22, 2024, 1:20pm

I have 2 Nitrokeys 3Amini.

They can be used to securely store encryption keys, and also include a secure element.

They are FIDO2 certified so they support challenge responses etc (I am not too much into this).

They also include a secure element, which can be used for encryption key generation and more.

I imagine it would be a really good and affordable hardware upgrade to plug in a key, and to support it software-wise.

What do you think? Does it make sense?

vcunat · August 22, 2024, 2:37pm

IIRC there is some security chip in there already.

torpedo · August 26, 2024, 6:44pm

I would add that “some security chip” from 8 years ago is not comparable. There are different TPM standards that do some different things, afaik 1.x and 2.x are not compatible with another and everything below 1.2 is insecure.

And then the secure element in a nitrokey would be even more secure.