whatisgithub

What is rs-key?

themaxmur/rs-key — explained in plain English

Analysis updated 2026-05-18

15RustAudience · developerComplexity · 4/5Setup · hard

In one sentence

Open-source Rust firmware that turns a Raspberry Pi RP2350 board into a DIY USB security key for FIDO2, PGP, PIV, and OTP logins.

Mindmap

mindmap
  root((rs-key))
    What it does
      DIY USB security key
      FIDO2 and WebAuthn
      OpenPGP and PIV
      OATH one-time codes
    Tech stack
      Rust
      RP2350 microcontroller
      Bare metal firmware
      USB composite device
    Use cases
      Passwordless login testing
      GPG signing and encryption
      Learning hardware security
    Audience
      Developers
      Researchers
      Hardware tinkerers

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Build a homemade USB security key for FIDO2 passwordless and two-factor logins.

USE CASE 2

Use the device with GPG to sign and encrypt files via OpenPGP card support.

USE CASE 3

Generate time-based one-time codes compatible with authenticator apps.

USE CASE 4

Experiment with post-quantum signing algorithms in a research setting.

What is it built with?

RustRP2350

How does it compare?

themaxmur/rs-keycodeaashu/agents-are-thinkingforgeailab/forge
Stars151515
LanguageRustRustRust
Setup difficultyhardeasymoderate
Complexity4/52/53/5
Audiencedeveloperdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · hard Time to first run · 1h+

Requires an RP2350 board, firmware flashing, and is not a certified secure element.

So what is it?

RS-Key is open-source firmware that turns a Raspberry Pi RP2350 microcontroller board into a USB security key. A security key is a small physical device you plug into your computer to prove your identity when logging in to websites or services, as an alternative to typing a one-time code from your phone. This project lets you build one yourself using an inexpensive RP2350 board and freely available firmware. The firmware supports several different authentication standards. FIDO2 and WebAuthn cover modern passwordless logins and two-factor authentication for websites, including passkeys. OpenPGP card support lets you use the device with GPG for signing and encrypting files. PIV is a smart-card standard used in some enterprise environments. OATH handles time-based one-time codes compatible with apps like Yubico Authenticator. The firmware also supports an older format called Yubico OTP, and includes an experimental mode for post-quantum cryptography that uses a newer signing algorithm not yet widely adopted. The project is honest about its limitations. The RP2350 chip is not a dedicated secure element the way a commercial hardware key is. It does not protect against physical lab attacks, decapping, or side-channel analysis. The README and linked documentation strongly advise against using it to protect credentials where loss or theft would be catastrophic. It is intended for development, research, and learning, not as a replacement for a certified commercial key. The firmware is written in Rust and runs on bare metal without an operating system. It connects to your computer as a composite USB device, meaning the computer sees it as several things at once: an authenticator, a smart card, and sometimes a keyboard for typing one-time codes. Host command-line tools named rsk and rsk-tui let you manage the device, back up the seed phrase, check status, and configure settings. An optional production hardening path lets you burn encryption keys into the chip's one-time-programmable memory and enable secure boot, making a stolen board's contents unreadable. The README warns clearly that this step is irreversible and can brick the board if done incorrectly.

Copy-paste prompts

Prompt 1
Explain how to flash RS-Key firmware onto an RP2350 board.
Prompt 2
Walk me through using the rsk command-line tool to back up my seed phrase.
Prompt 3
What authentication standards does RS-Key support and how do I enable FIDO2?
Prompt 4
Explain the risks of the production hardening step before I try it.

Frequently asked questions

What is rs-key?

Open-source Rust firmware that turns a Raspberry Pi RP2350 board into a DIY USB security key for FIDO2, PGP, PIV, and OTP logins.

What language is rs-key written in?

Mainly Rust. The stack also includes Rust, RP2350.

How hard is rs-key to set up?

Setup difficulty is rated hard, with roughly 1h+ to a first successful run.

Who is rs-key for?

Mainly developer.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.