Google Open Sources Code for Security Key Devices

Google on Thursday announced that it has released the source code for a project named OpenSK in an effort to allow users to create their own security key devices.

OpenSK is written in Rust and it supports both FIDO U2F and FIDO2. Google says that by releasing OpenSK it will “help advance and improve access to FIDO authenticator implementations.”

Google on Thursday announced that it has released the source code for a project named OpenSK in an effort to allow users to create their own security key devices.

OpenSK is written in Rust and it supports both FIDO U2F and FIDO2. Google says that by releasing OpenSK it will “help advance and improve access to FIDO authenticator implementations.”

Specifically, the company hopes that researchers, manufacturers of security keys and even enthusiasts will help develop new features and accelerate the adoption of these authentication devices.OpenSK source code released

The OpenSK firmware can be used with a Nordic chip, which supports a dedicated hardware crypto core, along with all major transport protocols, including Bluetooth, NFC and USB.

Google has also made available the design for a security key enclosure that can be created using 3D printers.

However, the company has warned that the project is still under development and it should be used mainly for testing and research purposes.

“Under the hood, OpenSK is written in Rust and runs on TockOS to provide better isolation and cleaner OS abstractions in support of security. Rust’s strong memory safety and zero-cost abstractions makes the code less vulnerable to logical attacks. TockOS, with its sandboxed architecture, offers the isolation between the security key applet, the drivers, and kernel that is needed to build defense-in-depth,” Google explained.

The source code for OpenSK is available on GitHub and the enclosure design can be downloaded from Thingiverse.

Google announced earlier this month that it has simplified the enrollment process for its Advanced Protection Program, which is designed to help high-risk users add an extra layer of protection to their account through the use of security keys. The company also recently started allowing users to activate a security key on their iPhone.

Related: Google's USB-C Titan Security Key Arrives in the U.S.

Related: New YubiKey 5Ci Has Both USB-C and Lightning Connectors

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Original Link