With normal GnuPG operations, private keys are stored in the main directory, where they can be stolen by malware or exposed through other means, such as poorly protected backups.
Furthermore, every time a GnuPG operation is performed, the keys are loaded into the system memory and can be stolen from there using sufficiently advanced techniques (such as Meltdown and Specter).
A digital smart card token like Nitrokey contains a cryptographic chip that is capable of storing private keys and performing cryptographic operations directly on the token.
About Nitrokey
Nitrokey is a USB Open source to enable encryption and secure signing of data. Secret keys are always stored inside Nitrokey, a device which protects against malware (such as computer viruses) and attackers.
A user-chosen PIN and a tamper-proof smart card protect Nitrokey in the event of loss and theft.
Nitrokey hardware and software are available as open source, free software, and open hardware that allow independent parties to verify device security.
Nitrokey is compatible with Microsoft Windows, Linux, and macOS.
Because the key content never leaves the device, the operating system of the computer the token is attached to cannot retrieve the private keys themselves, thus significantly limiting the ways in which the keys can be leaked or stolen. .
Among the main features of Nitrokey, the following can be highlighted:
- Nitrokey's secret keys are stored internally and securely.
- Nitrokey's tamper-proof design protects it from sophisticated physical attacks.
- RSA keys up to 4096 bits and AES-256 are supported.
- It is compatible with Microsoft Windows, macOS, and Linux.
- It is compatible with many popular programs such as Microsoft Outlook, Mozilla Thunderbird, and OpenSSH.
- Nitrokey's secure implementation is released as open source and open hardware to allow independent reviews of source code and hardware layout and to ensure the absence of back doors and other security flaws.
- Nitrokey's security does not depend on secret keys centrally stored with the device manufacturer.
- Nitrokey is released as open source software, free software, and open hardware.
Even Purism uses Nitrokey for their Librem laptops and that they also focus on the future use of their smartphone with Linux, Librem 5.
About Nitrokey-app
Nitrokey-app is an open source application, as its name suggests, the application allows you to manage your Nitrokey encryption USB tokens on Ubuntu and on several other Linux distributions where Snaps packages are supported.
Nitrokey-app has been written in Qt and provides an easily accessible graphical user interface at any time in the systray area of your desktop.
It allows you to quickly manage your Nitrokey device, whether you want to send encrypted emails, secure logins or simply store your most precious files and secret keys safely.
How to install Nitrokey-App on Linux?
If you want to install this application to manage your Nitrokey device in your favorite Linux distribution, you can do so by following the steps we share below.
As mentioned a few moments ago Nitrokey-App It is available through the Snap channels. Therefore, to install this application, they must have the support to install this type of application in their distribution.
The installation is going to be done by opening a terminal and in it we are going to type the following command:
sudo snap install nitrokey-app
Other types of application installation are also available which are the RC or the beta with which you can get the new features and help with the detection of errors.
You can install these with the following commands:
sudo snap install nitrokey-app --candidate
sudo snap install nitrokey-app --beta
And that's it, you can start using your device in your Linux distribution.