OpenSK
This repository contains a Rust implementation of a
FIDO2 authenticator.
We developed OpenSK as a Tock OS application.
We intend to bring a full open source experience to security keys, from
application to operating system. You can even 3D print your own open source
enclosure!
You can see OpenSK in action in this
video on YouTube!
FIDO2
The stable branch implements the
CTAP2.0 specification
and is FIDO certified. OpenSK supports U2F, and non-discoverable credentials
created with either protocol are compatible with the other.
If you want to use features of the newer FIDO 2.1, you can try our
develop branch. This version is
NOT certified and less thoroughly tested though. If you plan to add features to
OpenSK, you should switch to develop.
:warning: Disclaimer
This project is proof-of-concept and a research platform. It is NOT
meant for a daily usage. The cryptography implementations are not resistent
against side-channel attacks.
We're still in the process of integrating the
ARM® CryptoCell-310
embedded in the
Nordic nRF52840 chip
to enable hardware-accelerated cryptography. Our placeholder implementations of required
cryptography algorithms (ECDSA, ECC secp256r1, HMAC-SHA256 and AES256) in Rust are research-quality
code. They haven't been reviewed and don't provide constant-time guarantees.
Hardware
You will need one the following supported boards:
- Nordic nRF52840-DK
development kit. This board is more convenient for development and debug
scenarios as the JTAG probe is already on the board. - Nordic nRF52840 Dongle
to have a more practical form factor. - Makerdiary nRF52840-MDK USB dongle.
- Feitian OpenSK dongle.
Installation
To install OpenSK,
- follow the general setup steps,
- then continue with the instructions for your specific hardware:
To test whether the installation was successful, visit a
demo website and try to register and login.
Please check our Troubleshooting and Debugging section if you
have problems with the installation process or during development. To find out what
else you can do with your OpenSK, see Customization.
Research
We implemented post-quantum cryptography on OpenSK. The code is released under
the hybrid-pqc tag.
Our paper was published in the ACNS
Secure Cryptographic Implementation workshop 2023.
Contributing
See Contributing.md.
Reporting a Vulnerability
See SECURITY.md.