jans23

We (Nitrokey) are continuously performing code reviews and code analysis but not a formal audit. We consider a formal audit at a later stage, when the code is more stable.

Is there any documentation describing how to initialize a Nitrokey to use it for both GPG and S/MIME? I believe this should be created before closing this ticket.

We are considering to move to a master-password scheme which would have the benefits: - No synchronization to other systems is necessary, once the master password has been setup once....

@jonathancross See [this article](https://en.wikipedia.org/wiki/Master_Password), which covers a specific implementation too but also explains the general scheme.

It depends on how you define "original issue". If it's defined as "securely store login credential" for instance, it would be addressed. I agree, it may require thinking outside of...

I recall a mechanism which prevents the time in Nitrokey Pro from being reversed. I'm not sure if it's a hard mechanism in the firmware which can't be reset or...

Currently a firmware update of Nitrokey Pro requires physical access to the PCB (electronics). We plan to release a revision next year which will allow signed firmware updates and potentially...

That's right. -- Sent from a mobile device.

Nitrokey Pro's firmware can be updated via software but not verified. I think the firmware builds mostly reproducible.

There is no 100% protection against such scenarios. However, you could configure the PIN to be required for each signature operation. All other protection measures would likely significantly reduce the...