Skip to content

OpenSK logoFIDO logo

Welcome to Feitian OpenSK USB Dongle

OpenSK was announced by Google on January 30, 2020. It is a fully open-source FIDO security key implementation, include hardware and software.

In that announcement, Google said

    By opening up OpenSK as a research platform, our hope is that 
    it will be used by researchers, security key manufacturers, 
    and enthusiasts to help develop innovative features and 
    accelerate security key adoption.
The firmware of OpenSK is developed in Rust and it implements both FIDO U2F and FIDO2 specifications. These specifications are released by FIDO Alliance, which is an open industry association with a focused mission: authentication standards to help reduce the world’s over-reliance on passwords. FEITIAN is the Board Member.

To help and accelerate FIDO security key adoption, FEITIAN improves the housing and makes new designs of OpenSK USB Dongle, removes unused PCB components, public the design. Users can build firmware from the source code of Google OpenSK Github repository without changing anything, provision it to this OpenSK hardware, to experience and try FIDO authentications.

Before you try to program firmware to OpenSK, please read the original OpenSK guide at first. The following documents are most like additional remarks.

attention

Before you try or buy Feitian OpenSK Dongle, please be sure that you have read the important caution message.

OpenSK Model

We have two models of OpenSK USB Dongle, V1 and V2. They are designed according to the nRF52840 USB dongle, which is used by Google OpenSK firmware. The difference between V1 and V2 is the method to enter bootloader mode.

To OpenSK V1, user should insert a paper clip or a SIM-eject tool to the RESET button hole to enter bootloader mode. This is similar to user push the RESET button on the nRF52840 USB dongle.

To OpenSK V2, after user connects the device to a computer, he should push and hold on to the user button for more than 10 seconds, then OpenSK will be in bootloader mode.

For detailed information, please refer to the hardware description page.

Programming firmware

1. Pre-requisite

  • The OpenSK USB Dongle V1 or V2.
    Before you program the firmware to OpenSK USB Dongle, you should switch it to bootloader mode. Please refer to the Hardware Page to learn how to switch OpenSK to bootloader mode. You can check to make sure it is in bootloader according to this section .
  • Read the Original OpenSK guide.
    Before you perform the following operations, please read OpenSK and its installation guide to learn how to customize your security key, for example, to change the signature counter mechanism and Attestation Certificate.
  • Install nrfutil tool. (sudo pip3 install nrfutil or sudo pip3 install nrfutil --user)
    This tool allows you to directly flash firmware to OpenSK over USB without additional hardware.
    Please find right version nrfutil and python. Make sure you have noted that nrfutil 6.x requires: Python >=3.6, <3.9 .
  • Apply udev rule (Linux only).
    If you are using Linux, you should add a udev rule to make OpenSK work well with FIDO applications and browsers.
    sudo cp rules.d/55-opensk.rules /etc/udev/rules.d/
    sudo udevadm control --reload
    
    Then unplug and replug the key for the rule to trigger.

2. Development Environment and configuration

  • Prepare a Development environment.
    You should prepare a Development environment by yourself according to this section. The scripts provided in this project have been tested under Linux and macOS. We haven't tested them on Windows and other platforms.
  • Clone Google OpenSK Github repository.

    $ git clone --recursive https://github.com/google/OpenSK.git
    

  • Initial setup.
    If you just cloned this repository, you need to run the following script:

$ ./setup.sh
For more information, please refer to the Initial setup.

  • Configure the OpenSK security parameter.
    Please follow the description to change the Attestation Certificate as you want. If you are not familiar with OpenSK and FIDO, we recommend you do not change anything.

3. Flashing the firmware

Although you can download the firmware to our OpenSK V1 and V2 by using J-LINK as described in OpenSK installation guide, we recommend you program the firmware through the USB interface, it is more convenient.

  • Switch OpenSK to bootloader mode.
    Please refer to OpenSK Model or hardware page to learn how to switch OpenSK to bootloader mode.
    The LEDs show different behavior in different mode. Please refer to the hardware page to see LED status of OpenSK V1 and V2.
  • Program the OpenSK USB dongle.

NOTE

If your USB dongle can not work well, you can erase the storage at first.

./deploy.py --board=nrf52840_dongle_dfu --programmer=nordicdfu --erase_storage
After this command, you should switch your OpenSK to bootloader mode again to perform following operations.

$ ./deploy.py --board=nrf52840_dongle_dfu --programmer=nordicdfu --opensk
When prompt
Press [ENTER] when ready.  
Just press Enter, the firmware will be flashed to your OpenSK USB Dongle.
When the progress bar reaches 100%, OpenSK USB Dongle will be in working mode automatically.

Linux

If deploy.py returns error "Permission denied: /dev/ttyxxxx",
please change access permission of this device sudo chmod 666 /dev/ttyxxxx

Please provision Attestation Certificate and Private Key before you test your OpenSK.

4. Configure Attestation Certificate and Private Key

You need to inject the cryptographic material if you enabled batch attestation or CTAP1/U2F compatibility (which is the case by default), otherwise, it can not work well.

./tools/configure.py \
    --certificate=crypto_data/opensk_cert.pem \
    --private-key=crypto_data/opensk.key

Now you can test your OpenSK.

Test FIDO functions

Please refer to Test Page.