/OpenSK

OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.

Primary LanguageRustApache License 2.0Apache-2.0

OpenSK logo

markdownlint pylint Cargo check Cargo format Coverage Status

OpenSK

This repository contains a Rust implementation of a FIDO2 authenticator. We developed OpenSK as a Tock OS application.

We intend to bring a full open source experience to security keys, from application to operating system. You can even 3D print your own open source enclosure! You can see OpenSK in action in this video on YouTube!

FIDO2

The stable branch implements the CTAP2.0 specification and is FIDO certified. OpenSK supports U2F, and non-discoverable credentials created with either protocol are compatible with the other.

If you want to use features of the newer FIDO 2.1, you can try our develop branch. This version is NOT certified and less thoroughly tested though. If you plan to add features to OpenSK, you should switch to develop.

⚠️ Disclaimer

This project is proof-of-concept and a research platform. It is NOT meant for a daily usage. The cryptography implementations are not resistent against side-channel attacks.

We're still in the process of integrating the ARM® CryptoCell-310 embedded in the Nordic nRF52840 chip to enable hardware-accelerated cryptography. Our placeholder implementations of required cryptography algorithms (ECDSA, ECC secp256r1, HMAC-SHA256 and AES256) in Rust are research-quality code. They haven't been reviewed and don't provide constant-time guarantees.

Hardware

You will need one the following supported boards:

Installation

To install OpenSK,

  1. follow the general setup steps,
  2. then continue with the instructions for your specific hardware:

To test whether the installation was successful, visit a demo website and try to register and login. Please check our Troubleshooting and Debugging section if you have problems with the installation process or during development. To find out what else you can do with your OpenSK, see Customization.

Contributing

See Contributing.md.

Reporting a Vulnerability

See SECURITY.md.