Vegas event batchHacker Summer Camp drop — reserve by July 24 for Vegas pickup Aug 5–6 or US ship +$25Build my stack →

securitygadgets.shop / Nitrokey US / Security keys & HSMs / Nitrokey 3A Mini

Nitrokey 3A Mini

Nitrokey · Security key

Nitrokey 3A Mini

Compact USB-A hardware security key with an NXP SE050 EAL 6+ secure element and Rust open-source firmware, delivering phishing-resistant FIDO2/WebAuthn MFA plus OpenPGP, OTP, and X.509 key storage.

$65

EU equivalent: €54 incl. VAT · nitrokey.com

Reserve in the one-time Vegas batch — order by July 24, 2026 · 6 PM EDT

Vegas event batch — order by July 24 for Aug 5–6 Wynn pickup or US ship (+$25)

Shipping to
Build a stack
2-day US shipping Net-30 with W-9 US English support US-side RMA

Why the Nitrokey 3A Mini

What this security key does that alternatives don't.

Phishing-resistant MFA

FIDO2/WebAuthn and U2F provide origin-bound authentication that defeats credential phishing and replay attacks.

EAL 6+ secure element

The NXP SE050 generates and stores private keys in a tamper-resistant chip certified to Common Criteria EAL 6+, so key material never leaves hardware.

Auditable Rust firmware

Fully open-source firmware in memory-safe Rust plus open hardware enables independent review and supports OpenPGP, S/MIME, and OTP beyond pure MFA.

Specifications

Full technical details.

Secure element
NXP SE050, Common Criteria EAL 6+ certified, tamper-resistant
Microcontroller
LPC55S6x / nRF52
Protocols
FIDO2/WebAuthn (CTAP2), FIDO U2F (CTAP1), HOTP (RFC 4226), TOTP (RFC 6238), OpenPGP, S/MIME, X.509, PKCS#11
Algorithms
RSA 2048-4096, NIST P-256/P-384/P-521, Ed25519/Curve25519, AES-128/256
Connector
USB 1.1 Type-A (mini/nano format, no NFC)
Indicator
Four-color LED with touch button
Firmware
Open source, written in memory-safe Rust, field-updatable
Hardware design
Open source

Compliance framework mapping

Controls this product satisfies across 7 frameworks.

Full controls library

Multi-factor authentication — hardware-bound

Phishing-resistant MFA using hardware security keys. Software TOTP and SMS are explicitly excluded from "phishing-resistant" in NIST 800-63B and most modern framework guidance.

Cryptographic key management

Hardware-bound key generation and storage. Private keys generated and stored inside a certified secure element (EAL 6+) and are non-exportable by design — for login credentials (Nitrokey) and crypto-asset custody (Ledger) alike.

Supply chain risk — hardware and firmware

Open-source firmware is publicly auditable and reproducibly built. EU jurisdiction hardware is not subject to US National Security Letters. Directly addresses hardware supply chain risk in CMMC and NIS2.

Compared to

Honest comparisons against the most likely alternatives.

vs Nitrokey 3A NFC

The 3A Mini drops NFC for a smaller leave-in-port nano form factor; pick the 3A NFC if you need tap-to-authenticate on mobile devices.

vs YubiKey 5 Series

The 3A Mini matches FIDO2/OpenPGP/OTP coverage with fully open-source firmware and hardware for auditability, where YubiKey firmware remains closed.

Shipping & returns

What to expect after you order.

Shipping

Ships from our Tennessee 3PL. 2-day FedEx to most US addresses, expedited options at checkout. Signature required. Business day processing — orders placed before 2pm ET ship same day.

Returns & RMA

30-day return window for unopened units. Defective units handled under Nitrokey's 2-year warranty — we manage the US-side RMA so you don't ship to Berlin.

Purchase orders

Net-30 terms available for approved organizations. W-9 on file. Generate a quote from the stack builder or email sales@securitygadgets.shop with your PO requirements.

Authorized reseller

We are an official Nitrokey authorized reseller. Full manufacturer warranty applies. Identical hardware and firmware to buying direct from nitrokey.com — with US inventory and support.