
Nitrokey · Security key
USB-C hardware security key built on an EAL 6+ certified SE050 secure element and Rust firmware. Delivers FIDO2, U2F, OpenPGP and OTP for phishing-resistant authentication and key protection.
$65
EU equivalent: €52 incl. VAT · nitrokey.comReserve in the one-time Vegas batch — order by July 24, 2026 · 6 PM EDT
Vegas event batch — order by July 24 for Aug 5–6 Wynn pickup or US ship (+$25)
Why the Nitrokey 3C (No NFC)
What this security key does that alternatives don't.
Phishing-resistant MFA
FIDO2 and U2F provide hardware-bound, phishing-resistant authentication that defeats credential theft and replay attacks.
EAL 6+ secure element
The SE050 smart-card secure element is certified to Common Criteria EAL 6+, protecting keys against extraction and physical attack.
Memory-safe and open
Rust firmware on the open-source Trussed framework, with open hardware and field updates, supports supply-chain auditability and longevity.
Specifications
Full technical details.
Compliance framework mapping
Controls this product satisfies across 7 frameworks.
Multi-factor authentication — hardware-bound
Phishing-resistant MFA using hardware security keys. Software TOTP and SMS are explicitly excluded from "phishing-resistant" in NIST 800-63B and most modern framework guidance.
Cryptographic key management
Hardware-bound key generation and storage. Private keys generated and stored inside a certified secure element (EAL 6+) and are non-exportable by design — for login credentials (Nitrokey) and crypto-asset custody (Ledger) alike.
Supply chain risk — hardware and firmware
Open-source firmware is publicly auditable and reproducibly built. EU jurisdiction hardware is not subject to US National Security Letters. Directly addresses hardware supply chain risk in CMMC and NIS2.
Compared to
Honest comparisons against the most likely alternatives.
vs Nitrokey 3C NFC
Same SE050 secure element and protocol stack but with weak or no NFC; choose the NFC model if tap-to-authenticate on mobile is required.
vs YubiKey 5C
Comparable FIDO2/PIV/OpenPGP coverage, but Nitrokey ships open-source hardware and Rust firmware made in Germany for stronger auditability.
Shipping & returns
What to expect after you order.
Shipping
Ships from our Tennessee 3PL. 2-day FedEx to most US addresses, expedited options at checkout. Signature required. Business day processing — orders placed before 2pm ET ship same day.
Returns & RMA
30-day return window for unopened units. Defective units handled under Nitrokey's 2-year warranty — we manage the US-side RMA so you don't ship to Berlin.
Purchase orders
Net-30 terms available for approved organizations. W-9 on file. Generate a quote from the stack builder or email sales@securitygadgets.shop with your PO requirements.
Authorized reseller
We are an official Nitrokey authorized reseller. Full manufacturer warranty applies. Identical hardware and firmware to buying direct from nitrokey.com — with US inventory and support.
Related products