Nitrokey is a physical USB thumbdrive developed in Germany to encrypt email with OpenPGP, GnuPG or S/MIME, use One Time Passwords, encrypt your computer hard drive files, manage digital certificates and act as a double authentication token with websites that have adopted the Universal 2dn Factor U2F standard supported by Google services, OpenSSH and WordPress. The hardware design and software code of this encryption thumbdrive has been made open source to allow the review of their security and for developers to be able to integrate their own applications.
The thumbdrive keeps three RSA encryption keys of up to 4096 bits, they are all linked to the same identity but used for different purposes, authentication, signing and encryption, the keys are hardcoded in the device, this makes it impossible for viruses to extract them, the One Time Passwords are compatible with Google Authenticator and hardware encryption is using the AES256bit algorithm with plausible deniability using hidden volumes. The dongle comes with a default administrator PIN set to 12345678 that you should change.
A more expensive version, called “NitroKey Storage“, allows you to store up to 64GB of encrypted data in the device, everything is secured using AES256bit hardware encryption. The USB thumbdrive will work in all operating systems, including Linux, it can be used for authentication as well as encryption.
If you are worried about a trojan horse in your computer stealing your encryption keys, Nitrokey can stop just that. Carrying your encryptions keys with you in your pocket, instead of having them in your hard drive makes identity theft less likely, and NitroKey’s open source lets you check its firmware integrity, the developers advertise this as a way to thwart the NSA practise of intercepting hardware in the post to implant backdoors on them.
This is not a very cheap dongle but in line with what encryption thumbdrives normally cost, you can buy a Yubikey for half price but it does not have any encryption abilities other than U2F authentication, Nitrokey offers email and data encryption on top of secure U2F logins.
The best selling point of this thumbdrive comes in the form of being open source supporting standard security programs. The developers also mention that the key has a tamper-proof design and that you can set up a hidden encrypted container to avoid mandatory surrendering of your data when crossing the border or in countries where it is illegal not to reveal your password to law enforcement.