Google announces OpenSK, fully open-source security key implementation

Nowadays, FIDO security keys are protecting accounts by providing a simple and two-factor authentication (2FA) that prevents phishing, a form that is becoming more and more widely used. However, not everyone can access and use them. To facilitate and improve access to the FIDO Authenticator implementation, Google announced the release of OpenSK, an open-source implementation of a security key written in Rust that supports both the FIDO U2F and FIDO2 standards.

This project will help hobbyists, hardware vendors, and researchers to develop and innovate. By flashing the OpenSK firmware on the Nordic chip dongle, people can make their own security keys.

In addition to its low cost, Google explained that the Nordic chip dongle was chosen as the initial reference hardware because it supports all the major transmission protocols mentioned in FIDO2, including NFC, Bluetooth Low Energy, USB, and dedicated hardware encryption cores. In addition, Google offers a customizable 3D-printable case that can be used on a variety of printers.

According to Google, OpenSK is written in Rust and runs on TockOS to provide better isolation and a more concise OS abstraction to support security. Rust has strong memory security and zero-cost abstraction, making the code less vulnerable to logic attacks. With its sandbox architecture, TockOS provides isolation between security key applets, drivers, and the kernel, which is required to build defense-in-depth. Google’s contributions to TockOS, including flash-friendly storage systems and patches, have been uploaded upstream to the TockOS repository.

Google also stated that it hopes to extend OpenSK to other types of chips and bring more innovation and new features, as well as more powerful embedded encryption technology.

The OpenSK source code is available on Github.