Open-source hardware security key line from Berlin-based Nitrokey, with models ranging from the FIDO2-only Nitrokey Passkey to the Nitrokey 3, which adds PIV smart card, OpenPGP, and TOTP support.
Nitrokey
Official website nitrokey.com
Our take
Nitrokey’s key differentiator over Yubico is transparency: the firmware is open source and auditable, the hardware designs are published, and the company is based in Germany with no US jurisdiction concerns. The Nitrokey 3 covers the same protocol breadth as the YubiKey 5. The practical catch is ecosystem polish - the companion app and documentation are less refined than Yubico’s, and some enterprise integrations assume a YubiKey. A strong pick for privacy-conscious users who want to verify what runs on their security hardware.
GitHub at a glance
Nitrokey/nitrokey-3-firmware
Stars
371
+ 0 this week
Last commit
1d ago
healthy
License
Apache-2.0
Latest release
v1.8.3
8mo ago
Stars, last 10d
Listed in
Nitrokey alternatives
YubiKey 5 Series Full-featured hardware security key from Yubico supporting FIDO2/WebAuthn, TOTP/HOTP, smart card (PIV), and OpenPGP across multiple form factors including USB-A, USB-C, and NFC variants.
Yubico Security Key Yubico's entry-level hardware security key offering FIDO2/WebAuthn support at a lower price point, available in USB-A and USB-C variants, with NFC on select models.
Nitrokey license, in plain English
Apache-2.0 Permissive
Permissive like MIT, with an explicit patent grant and a requirement to flag any changes you make.
Permits
- Commercial use
- Modification
- Distribution
- Patent use
- Private use
Requires
- License and copyright notice
- State changes
Does not provide
- Trademark use
- Liability cover
- Warranty
Why it matters: Permissive licensing lets anyone reuse this, including inside closed products. That is freedom to build on, but no guarantee that downstream copies stay open.
Plain-language summary of the project's license, not legal advice. Read the full text for the exact terms.