Trussed developed in Rust, which is designed for security-critical embedded systems and developed in cooperation with our partner SoloKeys. Among other things, Trussed implements cryptographic operations. Of course, the code is published as open source.
The hardware is based on the LPC55S6x microprocessor, which has numerous security features, such as Secure Boot, ARM TrustZone, Physical Unclonable Functions (PUF).
Additionally, a Secure Element, quasi a smart card, is used for the cryptographic memory. This has been security-certified up to the operating system level according to Common Criteria EAL 6+ and thus also meets high security requirements. Due to the power requirement, the secure element can only be used via USB but not via NFC.
As with all Nitrokey developments, Nitrokey 3 is open source, so the secure implementation can be reviewed by anyone.
Operating Systems: Windows, macOS, Linux, BSD
Interfaces: Microsoft CSP, OpenPGP, S/MIME, X.509, PKCS#11, OpenSC, FIDO2, FIDO U2F
Overview of some websites with two-factor authentication on www.dongleauth.info
Authentication standards: WebAuthentication (WebAuthn), CTAP2/FIDO2, CTAP1/FIDO U2F 1.2, HMAC-Based One-Time Password (RFC 4226), Time-Based One-Time Password (RFC 6238)
Two-factor authentication and passwordless login for unlimited number of accounts (FIDO U2F, FIDO2)
Signed firmware updates
With touch button
Certification of the tamper-proof secure element according to CC EAL6+
Secure key storage: RSA 2048-4096 bit or ECC 256-521 bit, AES-128 or AES-256
Elliptic curves: NIST P-256, P-384, P-521 (secp256r1/prime256v1, secp384r1/prime384v1, secp521r1/prime521v1), Ed25519/Curve25519, Koblitz (192-256 bit), brainpoolP256r1, brainpoolP384r1, brainpoolP512r1
External hash algorithms: SHA-256, SHA-384, SHA-512
One-time passwords: HOTP (RFC 4226), TOTP (RFC 6238), HOTP checking
Physical random number generator (TRNG)
Activity indicator: four-color LED
Hardware interfaces: USB 1.1, type A or type C, NFC
Compliance: FCC, CE, RoHS, WEEE, OSHwA