skip to Main Content
IGEL Ready Showcase Logo

Filter by:


Kobra Stick VS

Kobra Stick VS

The KOBRA VS Stick is a bootable encrypted USB-C flash drive, fully developed and manufactured inside Germany, with patented 2-Factor-Authentication (Smartcard + PIN) that enables the secure booting of IGEL OS, data protection compliant storage and the secure transport of sensitive business and private data. It is easy to use and offers secure protection of all stored data. IGEL OS supports the Kobra VS Stick from Digittrade, a BSI (German Federal Office for Information Security)-certified USB-C  flash drive with approval for applications up to the classification levels VS-NfD (German Public Sector), NATO Restricted, and EU Restricted. The Kobra Stick VS can also be connected to an existing PKI based smartcard system (example: The German military troop ID has already been connected and can be used for authentication onto the device). Also, partitions can be created, where on partitions boots IGEL OS and another is used to store encrypted critical data.

Contact Us

Product Details

About the Kobra VS storage devices: Kobra Drive VS

and Kobra Stick VS

The external encrypted data storage devices Kobra Drive VS as well as Kobra Stick VS

(1FF) and Kobra Stick VS (2FF) are an external USB-C storage device (HDD/SSD) and

USB-C memory stick with hardware-based encryption in stable, elegant metal housings

with integrated keyboard. The storage devices provide the same security features and

differ only in their form-factor, design and storage capacities. For this reason, they are

all referred to as Kobra VS in this Administrator’s Guide.

The Kobra VS storage devices enable the GDPR/EU-DSGVO data protection compliant

storage and safekeeping as well as secure transport of sensitive, personal and

confidential information up to the classification level NATO Restricted, EU Restricted

and VS-NfD (classified information – for official use only). These data carriers were

developed in accordance with the “Technical Guidelines” of the German Federal Office

for Information Security (BSI) and bear the quality mark “IT-Security made in Germany”.

They correspond to the current “state of technology” (German: Stand der Technik) and,

due to their security functions, are currently one of the safest ways to store and transport

data on mobile devices.

The data stored on the Kobra VS data carrier is protected against unauthorized access

with regard to the confidentiality of the information, for example if the Kobra VS storage

device is lost, misplaced or stolen. In doing so, it resists logical and physical attacks.

Thanks to the built-in storage in 2.5” format, the Kobra Drive VS is already small and

handy as an HDD. The optional SSD version offers additional protection against shocks

and vibrations. The data transfer and power supply are provided via the USB-C port. The

Kobra Stick VS (1FF) and Kobra Stick VS (2FF) offer the same security features as the

Kobra Drive VS, only in an even more compact format.

Kobra VS devices can be delivered in a PKI-based or stand-alone environment. There

are two basic application scenarios. In the PKI-based variant, only Kobra VS devices

are provided. These are set up by the user’s administrators. Therefore, the PKI-related

properties of the Kobra VS are also regulated by the administrator’s IT security concepts.



This mainly concerns the generation and storage of the key pair (consisting of a public

and a private key), the User-PIN and SO-PIN specifications (length and number of failed

attempts) and other organizational measures. For this reason, the properties of the

Kobra VS storage device are described in detail below, mainly regarding the stand-alone


The stand-alone scenario, on the other hand, involves the delivery of the Kobra VS

together with two Digittrade smart cards (Atos Card OS 5.3, CC EAL 4+) in the completely

preset state. This Kobra VS can basically be used immediately in case of urgent need.

In the VS-NfD approved configuration, however, the user may only put the Kobra VS

into operation after changing the User-PIN and SO-PIN and generating a new DEK (Data

Encryption Key) on the Kobra VS device itself.

In order to use the security features of the Kobra VS storage devices to the full extent

and within the scope of the VS-NfD approval, the following steps are required:

– Ensure that your host system has adequate protection for all data accessed

from the protected area of the Kobra VS

– After receiving the Kobra VS, check the completeness and correctness of the

delivery (Chapter 10)

– Check via the host system that the USB properties of the device match the

model name and serial number on the back of the Kobra VS (chapter 1.12)

– Change the User-PIN and SO-PIN on both Digittrade smartcards

(chapter 4.3, 4.5)

– Change the Admin-PIN if you have administrator rights (Chapter 4.6)

– When selecting the Admin-PIN, User-PIN and SO-PIN, trivial PINs should not be

considered and standard PINs should be excluded

– Create a new DEK (Data Encryption Key) on the Kobra VS storage device

(Chapter 4.7)

– Check if the registration is possible with all activated Digittrade smartcards

(or your PKI card)

– Protect your authentication features (smartcard and PIN), they must remain


For a detailed description of the above steps, refer to the appropriate chapters in this

Administrator’s Guide. The model name and serial number can be found on the back

of each Kobra VS. This information can be obtained using the supplied Kobra Client VS

software and the USB device information on the host system.


– KOBRA VS storage devices: Security mechanisms
– Encryption – 256 Bit AES in XTS Mode
– Access Control – Patented 2-Factor-Authentication by Smartcard and PIN
– Management of Encryption Key – Creation, modification and destruction by user, 
– User-Management – By Administrator

– Mobile access to EU Restricted / NATO Restricted / VS-NfD data – Users cannot bypass encryption

– Use as encrypted boot device launching pre-installed IGEL OS out of the box
– Integrated power supply enables
pre-boot authentication
– Encrypted installation of
operating systems on Kobra VS
storage devices 
– Flexible change of purpose from
– pSLC memory to
ensure longest possible lifespan
– When the storage device is
disconnected from the PC, the
data remains encrypted and is
stored only on the Kobra VS
storage device.

– Advantages of using the Kobra Stick VS with IGEL OS
– Two-factor Pre-Boot authentication
• Protects Igel OS from manipulation and prevents
attackers from starting the operating system
• Protects configuration information
– Passwortless Single Sign On
– The user only has to remember his PIN, all further
authentication can be done by the smartcard
– Kobra VS driver is already fully integrated into
Igel OS
– The internal Smartcard reader of Kobra VS can be used for
PKI-based authentication of the VPN connection
– Smartcard reader can be forwarded to target VM
and used for further authentication procedures
– Smartcard can be Employee ID Card or vice versa (Employee ID used for authentication)
– The combination of Kobra Stick VS and IGEL OS has been well tested and
works out of the box

– Additional Use of the multi-purpose Kobra Stick VS
– Secure backup storage
– Server system migration (with Kobra Drive VS – up to 16TB)
– Simplified transport of critical sensitive data
– Airgap Bypass
– Data Diode (1 Smartcard with Read and Write, 1 Smartcard with Read Only)
– Use on smartphones as a data storage device
– 2-Factor-Authentication for E-Mail Encryption, VPN Access, Cloud Access, Windows or Linux Login, digital signatures

Additional Resources

Back To Top