Two keys for all eventualities - Nitrokey (Part1)

1. increased safety requirements

The protection of digital identity is more important today than ever. Stolen online accounts can cause considerable damage if they are stolen and left in the wrong hands. At the same time, the number of data breaches is rising steadily - hardly a week goes by without at least one database of stolen accounts (user name and password) appearing somewhere on the Internet. In the worst case, the provider concerned did not protect the user passwords used or only inadequately protected them with a (cryptographic) hash function that was considered insecure.

Too often secret information falls into the wrong hands and the checking system cannot recognize whether Hildegard Müller is actually Hildegard Müller or whether her account data is being misused by a third party. A remedy against account misuse is to check additional properties or information via two-factor authentication (2FA), which is also controlled by so-called security tokens.

Security tokens or USB security sticks (Security Keys), however, offer other functions in addition to the 2FA that can contribute to increasing (personal) security. Among other things, the private key for e-mail or hard disk encryption can be securely stored on the stick. Such and other application scenarios are presented in the article series "Nitrokey" using the Nitrokey as an example.

2nd Nitrokey

Nitrokey is an open-source USB stick that enables secure encryption and signing of data, among other things. Depending on the Nitrokey version, such a USB stick supports different application scenarios:

👉🏼 S/MIME email and disk encryption (X.509, PKCS#11)
👉🏼 OpenPGP/GnuPG Email Encryption
👉🏼 Login or authentication via two-factor authentication
👉🏼 One-Time-Password (English)
👉🏼 Universal Second Factor (U2F) via FIDO-Standard
👉🏼 Integrated password manager
👉🏼 Encrypted storage space on the USB stick (+Hidden Volumes)
👉🏼 Possibility to update the firmware

The Nitrokey variants also differed in the supported cryptosystems, key lengths and Co..:

👉🏼 RSA key lengths from 1024 - 4096 bits
👉🏼 ECC key length from 192 - 521 bit
👉🏼 Number of key pairs that can be stored on the stick 3 / 38
👉🏼 Elliptical curve algorithms NIST P, Brainpool, Curve25519 and SECG/Koblitz

⚠️ Advice:
Only the Nitrokey Start controls the elliptical curve Curve25519, which is one of the SaveCurves - the only curve where the choice of curve is completely transparent and therefore back doors can practically be excluded.

English translation:
https://t.me/BlackBox_Archiv/404

Source and more info (german):
https://www.kuketz-blog.de/zwei-schluessel-fuer-alle-faelle-nitrokey-teil1/

#Nitrokey #SecurityKeys #usb #guide #kuketz #part1
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

GnuPG Key Generation and Smartcard Transfer - Nitrokey (Part 1 and 2)

1. key material

Depending on the version, a Nitrokey supports different application scenarios. In this article of the article series "Nitrokey" I describe the commissioning of a Nitrokey under GNU/Linux and the following GnuPG key generation. An (RSA) key pair is a basic requirement for the two application scenarios OpenPGP/GnuPG e-mail encryption and OpenSSH public key authentication.

The procedure described for creating a (RSA) key pair and then transferring it to the smart card of the Nitrokey should also be transferable to other security tokens such as the YubiKey.

Full English translation Nitrokey (part 1):
https://t.me/BlackBox_Archiv/404

Full English translation Nitrokey (part 2):
https://t.me/BlackBox_Archiv/415

Source and more info (German):
Part 1:
https://www.kuketz-blog.de/zwei-schluessel-fuer-alle-faelle-nitrokey-teil1/

Source and more info (German):
Part 2:
https://www.kuketz-blog.de/gnupg-schluesselerstellung-und-smartcard-transfer-nitrokey-teil2/

#Nitrokey #SecurityKeys #usb #guide #kuketz #part1 #part2
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES

The confusing world of USB

https://fabiensanglard.net/nousb/index.html

#usb

Beyond the Horizon: Traveling the World on Camaro Dragon’s USB Flash Drives - Check Point Research – June 2023

In early 2023, the Check Point Incident Response Team (CPIRT) team investigated a malware incident at a European healthcare institution involving a set of tools mentioned in the Avast report in late 2022. The incident was attributed to Camaro Dragon, a Chinese-based espionage threat actor whose activities overlap with activities tracked by different researchers as Mustang Panda and LuminousMoth, whose focus is primarily on Southeast Asian countries and their close peers.


#CamaroDragon #USB #Flashdrive #MustangPanda #LuminousMoth #espionage #malware #China #Asia

#pc #ports #usb