Hacker News new | past | comments | ask | show | jobs | submit login

The only true open hardware and open source key is the Nitrokey Start, running Gnuk firmware. Other nitrokeys are open hardware but run a smartcard (hsm or pgpcard) and those firmwares are not fully open. Yubikey is closed source and this posts bugger is closed as well. Go for a Nitrokey if you value true openness.

I've had a great experience with my NitroKey Starts. I'm just bummed that opensc doesn't yet support ed25519 since it seems gnuk does.

I am not sure I follow? I have been using NitroKey Starts with ed25519 and GnuPG for two years without problems?

The NitroKey Start is great! I have switched to YubiKeys, since they are more durable and also support U2F/Fido2 and PIV on the same token. But NitroKey's software being open source and upgradable are great features.

Note that gnuk also works on Blue Pills. So, if a NitroKey is too expensive for you, you can pick up a couple of Blue Pills for a few dollars and flash gnuk on them. [1]

[1] https://blog.dan.drown.org/gnuk-open-source-gpg-ssh-hardware...

FYI OnlyKey already supports ed25519 with their SSH agent https://docs.crp.to/onlykey-agent.html#supported-curves

It's indeed rather 'open'.. https://old.reddit.com/r/crypto/comments/bis3pf/extract_pgp_...

Kidding aside: I'm sure there are many more prodcuts having problems like this. Just goes to show there's no such thing as 100% secure I guess. At least this is open so can be fixed with some effort.

The Nitrokey HSM also has sort of a private key extraction, but that is by design: https://raymii.org/s/articles/Decrypt_NitroKey_HSM_or_SmartC...

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact