Google Online Security Blog: Say hello to OpenSK: a fully open-source security key implementation

Security Blog

The latest news and insights from Google on security and safety on the Internet

Say hello to OpenSK: a fully open-source security key implementation

January 30, 2020

Posted by Elie Bursztein, Security & Anti-abuse Research Lead, and Jean-Michel Picod, Software Engineer, Google
FIDOOpenSKRust

Photo of OpenSK developer edition: a Nordic Dongle running the OpenSK firmware on DIY case
Nordic chip dongleFIDO2custom, 3D-printable case

While you can make your own fully functional FIDO authenticator today, as showcased in the video above, this release should be considered as an experimental research project to be used for testing and research purposes.RustTockOSTockOS, with its sandboxed architectureflash-friendly storage systempatches

How to get involved and contribute to OpenSK

To learn more about OpenSK and how to experiment with making your own security key, you can check out our GitHub repository today. With the help of the research and developer communities, we hope OpenSK over time will bring innovative features, stronger embedded crypto, and encourage widespread adoption of trusted phishing-resistant tokens and a passwordless web.

Acknowledgements

We also want to thank our OpenSK collaborators: Adam Langley, Alexei Czeskis, Arnar Birgisson, Borbala Benko, Christiaan Brand, Dirk Balfanz, Dominic Rizzo, Fabian Kaczmarczyck, Guillaume Endignoux, Jeff Hodges, Julien Cretin, Mark Risher, Oxana Comanescu, Tadek Pietraszek