Nitrokey 3A Mini


The New Nitrokey 3 With USB-A Mini, Rust, Common Criteria EAL 6+.
It merges the functionalities of earlier models, including FIDO2, one-time passwords, an OpenPGP smart card, Curve25519, a password manager, and a Common Criteria EAL 6+ certified secure element. These features collectively safeguard your accounts from phishing and password theft, while encrypting your communications and data. Built with robust hardware encryption and trusted open-source technology.

This Nitrokey 3A Mini is a required component for the proper functioning of Dasharo (coreboot+Heads) products.

This product is shipped directly from the manufacturer.

Go here to buy the Nitrokey or click the Buy Now button bellow.


Additional information

Weight 0,1 kg
Shipping time

up to 2 working days – order packed and transferred to courier

Delivery time

Poland – up to 2 working days
European Union – up to 6 working days
Worldwide – up to 8 working days



  • FIDO U2F, FIDO2 for passwordless login:
    FIDO sets new standards in easy usability and thus achieves high acceptance. FIDO reliably protects your accounts against password theft and phishing.
  • Disabled passwords to protect accounts against identity theft:
    Protect your accounts against identity theft. One-time passwords are generated in Nitrokey and serve as a second authentication factor for logins (in addition to your normal password). Thus, your accounts remain secure even if your password is stolen.
  • Secure cryptographic key storage:
    Store your private keys for encrypting emails, hard drives or individual files securely in Nitrokey. This way they are protected against loss, theft and computer viruses and are always with you. Key backups protect against loss.
  • Password Manager
    Store your passwords securely encrypted in the integrated password manager. This way you always have your passwords with you and they remain protected even if you lose your Nitrokey.
  • Integrity Check / Tamper Detection
    Verify the integrity from the computer BIOS using Verified Boot. The Nitrokey's colored LED indicates whether the BIOS has integrity (green) or tampering has been detected (red). Supported computers require a BIOS based on Coreboot and Heads such as the NitroPad.
  • Security Technology

    The Nitrokey 3 is based on a novel security architecture:

  • All firmware is developed in the memory-safe programming language Rust. This avoids potentially security-critical memory errors.
  • The firmware is based on the framework Trussed developed in Rust, which is designed for security-critical embedded systems and developed in cooperation with our partner SoloKeys. Among other things, Trussed implements cryptographic operations. Of course, the code is published as open source.
  • The hardware is based on the LPC55S6x or nRF52 microprocessor, which has numerous security features, such as Secure Boot, ARM TrustZone, Physical Unclonable Functions (PUF).
  • Additionally, a Secure Element (SE050), quasi a smart card, is used for the cryptographic memory. This has been security-certified up to the operating system level according to Common Criteria EAL 6+ and thus also meets high security requirements.
  • As with all Nitrokey developments, Nitrokey 3 is open source, so the secure implementation can be reviewed by anyone.
  • Supported Systems and Interfaces

  • Operating Systems: Windows, macOS, Linux, BSD, Android, iOS
  • Interfaces: Microsoft CSP, OpenPGP, S/MIME, X.509, PKCS#11, OpenSC, FIDO2, FIDO U2F
  • Overview of some websites with two-factor authentication on
  • Technical Details

  • Authentication standards: WebAuthentication (WebAuthn), CTAP2/FIDO2, CTAP1/FIDO U2F 1.2, HMAC-Based One-Time Password (RFC 4226), Time-Based One-Time Password (RFC 6238)
  • Two-factor authentication and passwordless login for unlimited number of accounts (FIDO U2F, FIDO2)
  • Signed firmware updates
  • With touch button
  • Certification of the tamper-proof secure element according to CC EAL6+
  • Secure key storage: RSA 2048-4096 bit or ECC 256-521 bit, AES-128 or AES-256
  • Elliptic curves: NIST P-256, P-384, P-521 (secp256r1/prime256v1, secp384r1/prime384v1, secp521r1/prime521v1), Ed25519/Curve25519, Koblitz (192-256 bit), brainpoolP256r1, brainpoolP384r1, brainpoolP512r1
  • External hash algorithms: SHA-256, SHA-384, SHA-512
  • One-time passwords: HOTP (RFC 4226), TOTP (RFC 6238), HOTP checking
  • Physical random number generator (TRNG)
  • Activity indicator: four-color LED
  • Hardware interfaces: USB 1.1, type A
  • Compliance: FCC, CE, RoHS, WEEE, OSHwA
  • You may also like…