Make your own security key with Google’s OpenSK

Google has open-sourced OpenSK, firmware that, combined with an affordable chip dongle, allows you to make your own security key to use for authentication purposes.

About OpenSK

OpenSK isan open-source implementation for security keys that supports both FIDO U2F and FIDO2 standards.

“Under the hood, OpenSK is written in Rust and runs on TockOS to provide better isolation and cleaner OS abstractions in support of security,” Elie Bursztein, Google’s Security & Anti-abuse Research Lead, and Jean-Michel Picod, Software Engineer, Google, explained.

“Rust’s strong memory safety and zero-cost abstractions makes the code less vulnerable to logical attacks. TockOS, with its sandboxed architecture, offers the isolation between the security key applet, the drivers, and kernel that is needed to build defense-in-depth. Our TockOS contributions, including our flash-friendly storage system and patches, have all been upstreamed to the TockOS repository. We’ve done this to encourage everyone to build upon the work.”

Google successfully tested OpenSK on a board and USB dongle by Nordic Semiconductor, chosen because they support all major transport protocols mentioned by the FIDO2 specification. Still, they made sure to note that their implementation was not officially tested and isn’t FIDO Certified.

“By opening up OpenSK as a research platform, our hope is that it will be used by researchers, security key manufacturers, and enthusiasts to help develop innovative features and accelerate security key adoption,” they said.

More information and instructions on how to make a personal security key with OpenSK are available on the project’s GitHub repository.

Google has also worked with a designer to provide a custom enclosure for this security key, which is made to fit a Nordic nRF52840 dongle.

All the necessary files for printing it with a 3D printer are available here, and they can be additionally customized.