Nitrokey is an USB key to enable highly secure encryption and signing of emails and data, as well as login to the Web, networks and computers.

In 2015, Cure53 conducted penetration tests and code audits of Nitrokey’s firmware and storage hardware. The tests were part of a larger series of security assessments, in which security-focused assignments included tests against both the firmware and the hardware itself, alongside a detailed look into other models of the Nitrokey and its accompanying applications and tools.

The two complete audits and summaries of findings can be found below.

Nitrokey Penetration Test (Firmware 2015)

Nitrokey Penetration Test (Hardware 2015)