mirror of
				https://github.com/privacyguides/privacyguides.org.git
				synced 2025-10-26 09:12:10 +00:00 
			
		
		
		
	Compare commits
	
		
			1 Commits
		
	
	
		
			2025.09.25
			...
			jonaharago
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 9a8b4f2ea3 | 
| @@ -33,7 +33,7 @@ Email providers which allow you to use standard access protocols like IMAP and S | ||||
|  | ||||
| ### How Do I Protect My Private Keys? | ||||
|  | ||||
| A smartcard (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../multi-factor-authentication.md#nitrokey) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smartcard and the decrypted content is sent back to the device. | ||||
| A smartcard (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smartcard and the decrypted content is sent back to the device. | ||||
|  | ||||
| It is advantageous for the decryption to occur on the smartcard to avoid possibly exposing your private key to a compromised device. | ||||
|  | ||||
|   | ||||
| @@ -74,44 +74,6 @@ The firmware of YubiKey is not updatable. If you want features in newer firmware | ||||
|  | ||||
| </div> | ||||
|  | ||||
| ## Nitrokey | ||||
|  | ||||
| <div class="admonition recommendation" markdown> | ||||
|  | ||||
| <figure markdown="span"> | ||||
|   { width="300" } | ||||
| </figure> | ||||
|  | ||||
| **Nitrokey** has a security key capable of [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online) called the **Nitrokey FIDO2**. For PGP support, you need to purchase one of their other keys such as the **Nitrokey Start**, **Nitrokey Pro 2** or the **Nitrokey Storage 2**. | ||||
|  | ||||
| [:octicons-home-16: Homepage](https://nitrokey.com){ .md-button .md-button--primary } | ||||
| [:octicons-eye-16:](https://nitrokey.com/data-privacy-policy){ .card-link title="Privacy Policy" } | ||||
| [:octicons-info-16:](https://docs.nitrokey.com){ .card-link title=Documentation} | ||||
|  | ||||
| </details> | ||||
|  | ||||
| </div> | ||||
|  | ||||
| The [comparison table](https://nitrokey.com/#comparison) shows the features and how the Nitrokey models compare. The **Nitrokey 3** listed will have a combined feature set. | ||||
|  | ||||
| Nitrokey models can be configured using the [Nitrokey app](https://nitrokey.com/download). | ||||
|  | ||||
| For the models which support HOTP and TOTP, there are 3 slots for HOTP and 15 for TOTP. Some Nitrokeys can act as a password manager. They can store 16 different credentials and encrypt them using the same password as the OpenPGP interface. | ||||
|  | ||||
| <div class="admonition warning" markdown> | ||||
| <p class="admonition-title">Warning</p> | ||||
|  | ||||
| While Nitrokeys do not release the HOTP/TOTP secrets to the device they are plugged into, the HOTP and TOTP storage is **not** encrypted and is vulnerable to physical attacks. If you are looking to store HOTP or TOTP secrets, we highly recommend that you use a YubiKey instead. | ||||
|  | ||||
| </div> | ||||
|  | ||||
| <div class="admonition warning" markdown> | ||||
| <p class="admonition-title">Warning</p> | ||||
|  | ||||
| Resetting the OpenPGP interface on a Nitrokey will also make the password database [inaccessible](https://docs.nitrokey.com/pro/linux/factory-reset). | ||||
|  | ||||
| </div> | ||||
|  | ||||
| ## Criteria | ||||
|  | ||||
| **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. | ||||
|   | ||||
| @@ -431,7 +431,6 @@ For encrypting your operating system drive, we typically recommend using whichev | ||||
|  | ||||
| - { .twemoji loading=lazy } [Yubico Security Key](security-keys.md#yubico-security-key) | ||||
| - { .twemoji loading=lazy } [YubiKey](security-keys.md#yubikey) | ||||
| - { .twemoji loading=lazy } [Nitrokey](security-keys.md#nitrokey) | ||||
|  | ||||
| </div> | ||||
|  | ||||
|   | ||||
| @@ -1 +0,0 @@ | ||||
| <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 124 140"><g fill="#D0013B" fill-rule="nonzero"><path d="m72.37 84.938-28.68 16.6a4.1 4.1 0 0 1-5.58-1.5l-15.34-26.57a4.09 4.09 0 0 1 1.5-5.53L53 51.338l19.37 33.6ZM57.48 54.188 72 79.368l28.75-16.61-14.51-25.17-28.76 16.6Zm14.36-3a1 1 0 0 1 .35-1.34l2.81-1.66a1 1 0 0 1 1.34.35l2.41 4.14a1 1 0 0 1-.36 1.34l-2.84 1.65a1 1 0 0 1-1.34-.35l-2.41-4.14.04.01Zm14.22 15.93-2.84 1.66a1 1 0 0 1-1.34-.35l-2.41-4.14a1 1 0 0 1 .35-1.34l2.85-1.65a1 1 0 0 1 1.34.35l2.4 4.13a1 1 0 0 1-.35 1.34Z"/><path d="M61.66 139.798c-1.528 0-3.041-.292-4.46-.86-37.79-15.12-53.52-50.44-56.29-57.37a12.392 12.392 0 0 1-.91-4.71v-43.49a12.4 12.4 0 0 1 7.5-11.43l49.5-21a12 12 0 0 1 9.3 0l49.51 21a12.361 12.361 0 0 1 7.52 11.48v43.44a12.75 12.75 0 0 1-.91 4.69c-2.78 7-18.51 42.27-56.3 57.39-1.418.568-2.932.86-4.46.86Zm0-128.77a1 1 0 0 0-.37.08L11.8 32.018a1.472 1.472 0 0 0-.8 1.35v43.49c0 .198.036.395.11.58 2.49 6.25 16.55 37.83 50.18 51.29a1 1 0 0 0 .75 0c33.62-13.46 47.68-45 50.16-51.24.08-.201.125-.414.13-.63v-43.49a1.44 1.44 0 0 0-.78-1.34L62 11.108a.903.903 0 0 0-.37-.08h.03Z"/></g></svg> | ||||
| Before Width: | Height: | Size: 1.1 KiB | 
										
											Binary file not shown.
										
									
								
							| Before Width: | Height: | Size: 5.6 KiB | 
		Reference in New Issue
	
	Block a user