Two keys for all eventualities - Nitrokey (Part1)
1. increased safety requirements
The protection of digital identity is more important today than ever. Stolen online accounts can cause considerable damage if they are stolen and left in the wrong hands. At the same time, the number of data breaches is rising steadily - hardly a week goes by without at least one database of stolen accounts (user name and password) appearing somewhere on the Internet. In the worst case, the provider concerned did not protect the user passwords used or only inadequately protected them with a (cryptographic) hash function that was considered insecure.
Too often secret information falls into the wrong hands and the checking system cannot recognize whether Hildegard MΓΌller is actually Hildegard MΓΌller or whether her account data is being misused by a third party. A remedy against account misuse is to check additional properties or information via two-factor authentication (2FA), which is also controlled by so-called security tokens.
Security tokens or USB security sticks (Security Keys), however, offer other functions in addition to the 2FA that can contribute to increasing (personal) security. Among other things, the private key for e-mail or hard disk encryption can be securely stored on the stick. Such and other application scenarios are presented in the article series "Nitrokey" using the Nitrokey as an example.
2nd Nitrokey
Nitrokey is an open-source USB stick that enables secure encryption and signing of data, among other things. Depending on the Nitrokey version, such a USB stick supports different application scenarios:
ππΌ S/MIME email and disk encryption (X.509, PKCS#11)
ππΌ OpenPGP/GnuPG Email Encryption
ππΌ Login or authentication via two-factor authentication
ππΌ One-Time-Password (English)
ππΌ Universal Second Factor (U2F) via FIDO-Standard
ππΌ Integrated password manager
ππΌ Encrypted storage space on the USB stick (+Hidden Volumes)
ππΌ Possibility to update the firmware
The Nitrokey variants also differed in the supported cryptosystems, key lengths and Co..:
ππΌ RSA key lengths from 1024 - 4096 bits
ππΌ ECC key length from 192 - 521 bit
ππΌ Number of key pairs that can be stored on the stick 3 / 38
ππΌ Elliptical curve algorithms NIST P, Brainpool, Curve25519 and SECG/Koblitz
β οΈ Advice:
Only the Nitrokey Start controls the elliptical curve Curve25519, which is one of the SaveCurves - the only curve where the choice of curve is completely transparent and therefore back doors can practically be excluded.
English translation:
https://t.me/BlackBox_Archiv/404
Source and more info (german):
https://www.kuketz-blog.de/zwei-schluessel-fuer-alle-faelle-nitrokey-teil1/
#Nitrokey #SecurityKeys #usb #guide #kuketz #part1
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_ES
π‘@FLOSSb0xIN
1. increased safety requirements
The protection of digital identity is more important today than ever. Stolen online accounts can cause considerable damage if they are stolen and left in the wrong hands. At the same time, the number of data breaches is rising steadily - hardly a week goes by without at least one database of stolen accounts (user name and password) appearing somewhere on the Internet. In the worst case, the provider concerned did not protect the user passwords used or only inadequately protected them with a (cryptographic) hash function that was considered insecure.
Too often secret information falls into the wrong hands and the checking system cannot recognize whether Hildegard MΓΌller is actually Hildegard MΓΌller or whether her account data is being misused by a third party. A remedy against account misuse is to check additional properties or information via two-factor authentication (2FA), which is also controlled by so-called security tokens.
Security tokens or USB security sticks (Security Keys), however, offer other functions in addition to the 2FA that can contribute to increasing (personal) security. Among other things, the private key for e-mail or hard disk encryption can be securely stored on the stick. Such and other application scenarios are presented in the article series "Nitrokey" using the Nitrokey as an example.
2nd Nitrokey
Nitrokey is an open-source USB stick that enables secure encryption and signing of data, among other things. Depending on the Nitrokey version, such a USB stick supports different application scenarios:
ππΌ S/MIME email and disk encryption (X.509, PKCS#11)
ππΌ OpenPGP/GnuPG Email Encryption
ππΌ Login or authentication via two-factor authentication
ππΌ One-Time-Password (English)
ππΌ Universal Second Factor (U2F) via FIDO-Standard
ππΌ Integrated password manager
ππΌ Encrypted storage space on the USB stick (+Hidden Volumes)
ππΌ Possibility to update the firmware
The Nitrokey variants also differed in the supported cryptosystems, key lengths and Co..:
ππΌ RSA key lengths from 1024 - 4096 bits
ππΌ ECC key length from 192 - 521 bit
ππΌ Number of key pairs that can be stored on the stick 3 / 38
ππΌ Elliptical curve algorithms NIST P, Brainpool, Curve25519 and SECG/Koblitz
β οΈ Advice:
Only the Nitrokey Start controls the elliptical curve Curve25519, which is one of the SaveCurves - the only curve where the choice of curve is completely transparent and therefore back doors can practically be excluded.
English translation:
https://t.me/BlackBox_Archiv/404
Source and more info (german):
https://www.kuketz-blog.de/zwei-schluessel-fuer-alle-faelle-nitrokey-teil1/
#Nitrokey #SecurityKeys #usb #guide #kuketz #part1
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_ES
π‘@FLOSSb0xIN
GnuPG Key Generation and Smartcard Transfer - Nitrokey (Part 1 and 2)
1. key material
Depending on the version, a Nitrokey supports different application scenarios. In this article of the article series "Nitrokey" I describe the commissioning of a Nitrokey under GNU/Linux and the following GnuPG key generation. An (RSA) key pair is a basic requirement for the two application scenarios OpenPGP/GnuPG e-mail encryption and OpenSSH public key authentication.
The procedure described for creating a (RSA) key pair and then transferring it to the smart card of the Nitrokey should also be transferable to other security tokens such as the YubiKey.
Full English translation Nitrokey (part 1):
https://t.me/BlackBox_Archiv/404
Full English translation Nitrokey (part 2):
https://t.me/BlackBox_Archiv/415
Source and more info (German):
Part 1:
https://www.kuketz-blog.de/zwei-schluessel-fuer-alle-faelle-nitrokey-teil1/
Source and more info (German):
Part 2:
https://www.kuketz-blog.de/gnupg-schluesselerstellung-und-smartcard-transfer-nitrokey-teil2/
#Nitrokey #SecurityKeys #usb #guide #kuketz #part1 #part2
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_ES
1. key material
Depending on the version, a Nitrokey supports different application scenarios. In this article of the article series "Nitrokey" I describe the commissioning of a Nitrokey under GNU/Linux and the following GnuPG key generation. An (RSA) key pair is a basic requirement for the two application scenarios OpenPGP/GnuPG e-mail encryption and OpenSSH public key authentication.
The procedure described for creating a (RSA) key pair and then transferring it to the smart card of the Nitrokey should also be transferable to other security tokens such as the YubiKey.
Full English translation Nitrokey (part 1):
https://t.me/BlackBox_Archiv/404
Full English translation Nitrokey (part 2):
https://t.me/BlackBox_Archiv/415
Source and more info (German):
Part 1:
https://www.kuketz-blog.de/zwei-schluessel-fuer-alle-faelle-nitrokey-teil1/
Source and more info (German):
Part 2:
https://www.kuketz-blog.de/gnupg-schluesselerstellung-und-smartcard-transfer-nitrokey-teil2/
#Nitrokey #SecurityKeys #usb #guide #kuketz #part1 #part2
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_ES
Telegram
BlackBox (Security) Archiv
Two keys for all eventualities - Nitrokey (Part1)
1. increased safety requirements
The protection of digital identity is more important today than ever. Stolen online accounts can cause considerable damage if they are stolen and left in the wrong hands.β¦
1. increased safety requirements
The protection of digital identity is more important today than ever. Stolen online accounts can cause considerable damage if they are stolen and left in the wrong hands.β¦
Forwarded from Pegasus NSO & other spyware
Beyond the Horizon: Traveling the World on Camaro Dragonβs USB Flash Drives - Check Point Research β June 2023
#CamaroDragon #USB #Flashdrive #MustangPanda #LuminousMoth #espionage #malware #China #Asia
In early 2023, the Check Point Incident Response Team (CPIRT) team investigated a malware incident at a European healthcare institution involving a set of tools mentioned in the Avast report in late 2022. The incident was attributed to Camaro Dragon, a Chinese-based espionage threat actor whose activities overlap with activities tracked by different researchers as Mustang Panda and LuminousMoth, whose focus is primarily on Southeast Asian countries and their close peers.#CamaroDragon #USB #Flashdrive #MustangPanda #LuminousMoth #espionage #malware #China #Asia