Tag Archives: encryption

Nitrokey Pro

Nitrokey is an open source usb smart card that has multiple uses including one time passwords, email encryption, file encryption and computer authentication.  The creators decided to create it when they needed a solution to securing their encryption keys on insecure computer systems.  In 2009 they released their first product and now in 2016 they have four different products and are on their way to creating another one.  I found Nitrokey when I was looking to get another Yubikey and found out that Yubikey went closed source.  Since then I have been testing the Nitrokey out, I’ve found that I like it a lot and will  definitely be using the them in the future.  So far it has been a bit of a challenge to configure as the GUI is far from perfect, mainly in the aspect that its hard to figure out if you are a newcomer.  But I haven’t given up and have been able to use the majority of the features that the Nitrokey Pro has (which is a pretty long list).  And eventually I got the hang of it, and realized how very simple issues were proving to be more challenging then they should have been.

GPG

I found GPG to be the easiest to of the Nitrokey abilities.  The simplest way to begin is to use the GPA Assistant.  The GPA Assistant lets you edit the user data on the card and easily/quickly generate encryption keys for the smart card.  The other option is to use the terminal which is not that much harder to learn.  The one problem that really stumped me was getting everything to work on multiple computers, for example if I setup the Nitrokey on one pc GPG would not be able to decrypt/sign anything on another pc.  I am hoping to resolve this issue in the future as it would greatly improve the functionality as it limits me to one computer (When I figure this out I will update the post).  Besides this one little hitch the Nitrokey worked great, the hardest part was getting familiar with using GPG commands as I have always prefered using the GUI.  You can use GPA with it but I found using the command line was preferable when setting up the Nitrokey.

Email Encryption

If you were able to get the Nitrokey working with GPG and all that, then using it for email encryption is only takes a few more steps.  Assuming you are going to use Thunderbird, you just need to install the Enigmamail extension.  Once you install the plugin you can encrypt and decrypt mail in the same way that you would encrypt/decrypt anything with your Nitrokey.  Email encryption with Nitrokey is one of the easier functions of the Nitrokey to set up.

Encryption

This section was a simple challenge for me to set up.  I ended up overlooking the setup process only to realize where I was going wrong.  All you really need to do is download the PKCS#11 library  that lets Veracrypt talk with Nitrokey.  Once you do that you can add the Nitrokey as a keyfile and add an extra layer of security to your encrypted volumes.

Password Manager

This is the one function of the Nitrokey that I struggled to set up.  I’ve setup Keepass with OTP before although I never ended up using it.  If anyone knows how to set up Keepass with Nitrokey please comment or send me a message as I would love to set this up as it is one of the most important features of Nitrokey.

In the end

I definitely am a fan of the Nitrokey Pro, after getting through the challenging learning curve at least.  Nitrokey has a pretty long list of features, there are more than what I mentioned in this post.  The features that I listed in this post are the ones that I have tried and successfully set up.  I’m going to give the other features a go when I get access to my other machine but I wanted to get this post out as I have had the Nitrokey for a while now (stuck on windows ultrabook currently).  If you are not afraid of fairly advanced (but open source) but feature rich usb key then give Nitrokey a go.  And even if you are not the most advanced user with a bit of problem solving its easy to set everything up, its just a bit harder.  Overall I’m a fan of the Nitrokey Pro, its well designed (there are a few things I would like to see though) and has lots of features.  Be sure to check the website in the future as I will be creating tutorials for the Nitrokey Pro (feel free to ask questions if you have any).

I grabbed this image from the Nitrokey website as it was higher quality than anything I can make currently
The Nitrokey Pro

A Truecrypt vulnerability

For many users who love security, the shutdown of Truecrypt was a big surprise.  One of the major reasons that users of Truecrypt were so surprised  was because the developers left the users in the dark.  No one knew what happened, why they shutdown, all we were told was that it is no longer recommended to use Truecrypt by the developers.  The shutdown of Truecrypt occurred during a crowdfunded audit to make sure it is safe to use.  The audit did not find anything, but in more recent times a security issue has been discovered.  The issue that the audit missed was that anyone with a user account could get access to higher level privileges in the system.  This issue has been fixed in the forks of Truecrypt such as Veracrypt, so you are safe to all current knowledge if you use Veracrypt.


Could this be the reason that the Truecrypt developers decided to shut down the project?  There are countless rumors and ideas that are floating around the web, each one getting us no where.  But this recent discovery is another clue in why they shutdown.

 

 

Facebook adds PGP support

Facebook not lets you receive encrypted email messages, just add your PGP key to your Facebook profile.  This is a good step in the right direction for making the internet a more secure place.  But my main concern is not many people use PGP, so I doubt that a lot of people will make use of this feature.  Of all the people I have met, one or two people have given PGP a go and they do not use apart from the occasional encrypted message.

https://www.facebook.com/notes/protectingthegraph/securingemailcommunicationsfromfacebook/1611941762379302“>Link to Facebook Post

VeraCrypt

A while back Truecrypt shutdown for no apparent reason, there are several theories on why it did.  You can still download a limited copy of Truecrypt, to prevent people from becoming locked out.  You can still use the TrueCrypt 7.1a copy, but there are no updates being made to it and it is somewhat strange that they shutdown out of the blue (TrueCrypt did undergo an audit and passed without any major problems).  For these who are looking to use an encryption program that offers similar features as Truecrypt and has no back doors (that haven’t been discovered), VeraCrypt is a great alternative.  VeraCrypt is a fork of Truecrypt, and it is based of the same code.  VeraCrypt has taken the TrueCrypt code, and fixed several problems and added more features.  Essentially VeraCrypt is the same software, but different developers and more support (as it is still under development).  Note that VeraCrypt has not undergone an audit and for all we know it could be some government agency plot to weaken security standards.  Overall I like VeraCrypt and look forward to using it to keep classified files safe and secure.  (For these still interested in using Truecrypt, you can download the fully functional file here, make sure to verify what you download with the hashes).