Nitrokey · Security key
EAL 6+ certified secure element, open-source firmware. FIDO2/WebAuthn, OpenPGP, OTP, PIV smart card. USB-C + NFC. The open-source alternative to YubiKey — with a higher security certification.
$75
EU equivalent: €51 incl. VAT · nitrokey.comIn stock · ships in 1 business day
QUANTITY
Why the Nitrokey 3C NFC
What this security key does that alternatives don't.
EAL 6+ certified secure element
The Nitrokey 3 uses a certified secure element at EAL 6+ — the same level as government smart cards. YubiKey 5 series is EAL 5.
Fully open-source firmware
All firmware source code is public. No hidden backdoors, no closed attestation keys. The security community can and does audit it.
EU jurisdiction
German company, German law. For principals who prefer hardware not subject to US National Security Letters or FISA court gag orders.
Specifications
Full technical details.
Compliance framework mapping
Controls this product satisfies across 7 frameworks.
Multi-factor authentication — hardware-bound
Phishing-resistant MFA using hardware security keys. Software TOTP and SMS are explicitly excluded from "phishing-resistant" in NIST 800-63B and most modern framework guidance.
Cryptographic key management
Hardware-bound key generation and storage. Private keys generated and stored inside a certified secure element (EAL 6+) and are non-exportable by design.
Supply chain risk — hardware and firmware
Open-source firmware is publicly auditable and reproducibly built. EU jurisdiction hardware is not subject to US National Security Letters. Directly addresses hardware supply chain risk in CMMC and NIS2.
Compared to
Honest comparisons against the most likely alternatives.
vs YubiKey 5C NFC ($55)
YubiKey 5 is EAL 5; Nitrokey 3 is EAL 6+. YubiKey firmware is closed source; Nitrokey is fully open. Nitrokey adds OpenPGP 3.4 and a password manager.
vs Google Titan Security Key
Titan is FIDO2-only. Nitrokey 3 adds OpenPGP, PIV smart card, OTP, and a password manager. Titan firmware is closed.
vs software 2FA (TOTP apps)
TOTP apps live on a phone that can be compromised. Hardware keys are phishing-resistant by design — the secret never leaves the device.
Shipping & returns
What to expect after you order.
Shipping
Ships from our Tennessee 3PL. 2-day FedEx to most US addresses, expedited options at checkout. Signature required. Business day processing — orders placed before 2pm ET ship same day.
Returns & RMA
30-day return window for unopened units. Defective units handled under Nitrokey's 2-year warranty — we manage the US-side RMA so you don't ship to Berlin.
Purchase orders
Net-30 terms available for approved organizations. W-9 on file. Generate a quote from the stack builder or email sales@securitygadgets.shop with your PO requirements.
Authorized reseller
We are an official Nitrokey authorized reseller. Full manufacturer warranty applies. Identical hardware and firmware to buying direct from nitrokey.com — with US inventory and support.
Related products