[JoachimS]

If you are looking for a tiny, Swedish company working in a similar area as Yubico, there is Tillits AB. Tillitis is a spin off from the Swedish VPN provider Mullvad. In contrast to Yubikeys, The Tillitis TKey as well as tools, device verification etc is 100% open source.

https://tillitis.se/

https://github.com/tillitis

https://mullvad.net/en

(Full disclosure: I work for Tillitis.)

[jtvjan]

The key costs 880 SEK. That's about 78 euros or 85 dollars. It's designed to be future proof, with applications being uploaded to the device by the host.

The website feels a bit cramped with all the large text on desktop, like it was only tested on phones

[adql]

the background makes it badly readable on phones too

[neilalexander]

Good grief, the text on tillitis.se is obnoxiously large and the information density extremely low.

[noman-land]

Interesting product, thanks for sharing.

Can it hold gpg keys and interface with gpg-agent? I couldn't find that information.

[JoachimS]

No and yes. ;-)

The TKey does not have any persistent memory available for applications to store things. The idea is that we measure (calculate a keyed digest using BLAKE2s) the application during loading. The keyed digest (called CDI) is used as a base secret, random value by the application to derive the secrets the application needs. The Ed25519 signer for example derive its keypair based on the CDI.

A PGP application could use this to determinstically derive a keypair.

The FW application loader will also accept a User Supplied Secret (USS), which is also used during the calculation of the CDI. This means that the keypair derived will be based on the specific TKey device, the integrity to the device application and the USS. One way to use the USS is to control which keypair to derive. For example for SSH, different USS can derive keys used for different servers.

Also, a device application may use the CDI to derive wrapping keys, and then use authenticated encryption to protect a cookie that can be stored on the TKey client machine between usage.

We are working on providing libraries and examples for app developers to do this.

And to the yes part of the answer: Yes, a TKey could talk to a PGP agent and be called upon when needed. This is similar to how a SSH agent can talk to TKey today.

[FeistySkink]

Is the TKey tamper-proof?

[JoachimS]

No, not yet. Physical attacks are out of scope for the TKey1, even if we have some mechanisms in play which try to extend the time and effort required to perform a successful evil maid-attack extracting the Unique Device Secret (UDS). See the threat model for the release:

https://github.com/tillitis/tillitis-key1/blob/main/doc/thre...

The current casing is fairly tamper evident (it will break), but we do not yet use real, tamper evident sealing. We are looking at tamper sealing for future versions. And ways to further protect against physical attacks.

[belter]

When you do, please think about a special price for existing customers ;-)