- Q: What are the default PINs?
- User PIN: "123456"
- Administrator PIN: "12345678"
We strongly recommend to change these PINs/password to user-chosen values before using the Nitrokey.
- Q: Why does my Nitrokey Pro hang when switching between nitrokey-app and GnuPG?
- GnuPG and nitrokey-app sometimes tend to hand each other. This is a known problem and it can be fixed by re-inserting the Nitrokey into the USB slot.
- Q: Which drivers/tools can be used?
GnuPG is required for many use cases. It is a command line tool but usually you don't need to invoke it directly but use another application with user interface.
Don't use GnuPG in parallel with OpenSC or another PKCS#11 driver because both may interfere and unexpected issues may result.
Install GPG4Win which contains Gnu Privacy Assistant (GPA) and GnuPG (GPG). Start Gnu Privacy Assistant (GPA) or another application such as your email client to use GnuPG. Advanced users could use GnuPG directly (command line). Please note: The Fellowship smart card is similar to the Nitrokey Pro so that this instructions work Nitrokey as well. In general the official documentation is recommended.
- Q: How fast is encryption and signing?
Encryption of 50kiB of data:
- 256 bit AES, 2048 bytes per command -> 880 bytes per second
- 128 bit AES, 2048 bytes per command -> 893 bytes per second
- 256 bit AES, 240 bytes per command -> 910 bytes per second
- 128 bit AES, 240 bytes per command -> 930 bytes per second
- Q: Does the Nitrokey Pro contain a secure chip or just a normal microcontroller?
- Nitrokey Pro contains a tamper resistant smart card.
- Q: Is the Nitrokey Pro Common Criteria or FIPS certified?
- The security controller (NXP Smart Card Controller P5CD081V1A and its major configurations P5CC081V1A, P5CN081V1A, P5CD041V1A, P5CD021V1A and P5CD016V1A each with IC dedicated Software) is Common Criteria EAL 5+ certified up to the OS level (Certification Report, Security Target, Maintenance Report, Maintenance ST).
- Q: How can I use the True Random Number Generator (TRNG) of the Nitrokey Pro for my applications?
- Both devices are compatible to the OpenPGP Card, so that `scdrand`_ should work. `This script`_ may be useful. The user comio `created a systemd file`_ to use scdrand and thus the TRNG more generally. He created an `ebuild for Gentoo`_, too.
- Q: How good is the Random Number Generator?
Nitrokey Pro and Nitrokey Storage use a True Random Number Generator (TRNG) for generating keys on the device. The entropy generated by the TRNG is used for the entire key length. Therefore the TRNG is compliant to `BSI TR-03116`_.
The TRNG provides about 40 kbit/s.
- Q: How large is the storage capacity?
- The Nitrokey Pro doesn't contain storage capability for ordinary data (it can only store cryptographic keys and certificates).