Build a homemade USB security key for FIDO2 passwordless and two-factor logins.
Use the device with GPG to sign and encrypt files via OpenPGP card support.
Generate time-based one-time codes compatible with authenticator apps.
Experiment with post-quantum signing algorithms in a research setting.
| themaxmur/rs-key | codeaashu/agents-are-thinking | forgeailab/forge | |
|---|---|---|---|
| Stars | 15 | 15 | 15 |
| Language | Rust | Rust | Rust |
| Setup difficulty | hard | easy | moderate |
| Complexity | 4/5 | 2/5 | 3/5 |
| Audience | developer | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
Requires an RP2350 board, firmware flashing, and is not a certified secure element.
RS-Key is open-source firmware that turns a Raspberry Pi RP2350 microcontroller board into a USB security key. A security key is a small physical device you plug into your computer to prove your identity when logging in to websites or services, as an alternative to typing a one-time code from your phone. This project lets you build one yourself using an inexpensive RP2350 board and freely available firmware. The firmware supports several different authentication standards. FIDO2 and WebAuthn cover modern passwordless logins and two-factor authentication for websites, including passkeys. OpenPGP card support lets you use the device with GPG for signing and encrypting files. PIV is a smart-card standard used in some enterprise environments. OATH handles time-based one-time codes compatible with apps like Yubico Authenticator. The firmware also supports an older format called Yubico OTP, and includes an experimental mode for post-quantum cryptography that uses a newer signing algorithm not yet widely adopted. The project is honest about its limitations. The RP2350 chip is not a dedicated secure element the way a commercial hardware key is. It does not protect against physical lab attacks, decapping, or side-channel analysis. The README and linked documentation strongly advise against using it to protect credentials where loss or theft would be catastrophic. It is intended for development, research, and learning, not as a replacement for a certified commercial key. The firmware is written in Rust and runs on bare metal without an operating system. It connects to your computer as a composite USB device, meaning the computer sees it as several things at once: an authenticator, a smart card, and sometimes a keyboard for typing one-time codes. Host command-line tools named rsk and rsk-tui let you manage the device, back up the seed phrase, check status, and configure settings. An optional production hardening path lets you burn encryption keys into the chip's one-time-programmable memory and enable secure boot, making a stolen board's contents unreadable. The README warns clearly that this step is irreversible and can brick the board if done incorrectly.
Open-source Rust firmware that turns a Raspberry Pi RP2350 board into a DIY USB security key for FIDO2, PGP, PIV, and OTP logins.
Mainly Rust. The stack also includes Rust, RP2350.
Setup difficulty is rated hard, with roughly 1h+ to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.