kmwebnet/OpenSK
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Reworks the README (#659)

Browse Source 
* Reworks the README

Takes over content from the archived 2.0 branch. Some of it will need
another update after forking off 2.1.

Fixes #391 and replaces #652.

* Rewording README
This commit is contained in:
kaczmarczyck
2023-11-08 16:59:49 +01:00
committed by GitHub
parent 09a6b3ce1a
commit 3a5adfc5af
2 changed files with 82 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
CITATION.cff Normal file
View File

@@ -0,0 +1,27 @@
cff-version: 1.2.0
message: "If you use this software, please cite it as below."
repository-code: "https://github.com/google/OpenSK"
license: "Apache-2.0"
preferred-citation:
type: article
authors:
- family-names: "Ghinea"
given-names: "Diana"
- family-names: "Kaczmarczyck"
given-names: "Fabian"
- family-names: "Pullman"
given-names: "Jennifer"
- family-names: "Cretin"
given-names: "Julien"
- family-names: "Kölbl"
given-names: "Stefan"
- family-names: "Invernizzi"
given-names: "Luca"
- family-names: "Bursztein"
given-names: "Elie"
- family-names: "Picod"
given-names: "Jean-Michel"
title: "Hybrid Post-Quantum Signatures in Hardware Security Keys"
journal: "4th ACNS Workshop on Secure Cryptographic Implementation"
year: 2023
month: 6

76
README.md
View File

@@ -6,47 +6,59 @@
![Cargo format](https://github.com/google/OpenSK/workflows/Cargo%20format/badge.svg?branch=develop) ![Cargo format](https://github.com/google/OpenSK/workflows/Cargo%20format/badge.svg?branch=develop)
[![Coverage Status](https://coveralls.io/repos/github/google/OpenSK/badge.svg?branch=develop)](https://coveralls.io/github/google/OpenSK?branch=develop) [![Coverage Status](https://coveralls.io/repos/github/google/OpenSK/badge.svg?branch=develop)](https://coveralls.io/github/google/OpenSK?branch=develop)
*News:*
- 2023-08-24: [PQC paper reference](#Research)
## OpenSK ## OpenSK
This repository contains a Rust implementation of a This repository contains a Rust implementation of a
[FIDO2](https://fidoalliance.org/fido2/) authenticator. [FIDO2](https://fidoalliance.org/fido2/) security key.
We developed OpenSK as a [Tock OS](https://tockos.org) application. Security keys are external devices that can be used for signing in on websites.
You can see OpenSK in action in this
[video on YouTube](https://www.youtube.com/watch?v=klEozvpw0xg)!
We intend to bring a full open source experience to security keys, from We intend to bring a full open source experience to security keys, from
application to operating system. You can even 3D print your own open source application to operating system. You can even 3D print your own open source
enclosure! enclosure!
You can see OpenSK in action in this
[video on YouTube](https://www.youtube.com/watch?v=klEozvpw0xg)!
You are viewing the branch for developers. New features are developed here <img src="docs/img/enclosure.jpg" alt="OpenSK Enclosure" width="200"/>
before they are stabilized. If you instead want to use the FIDO certified
firmware, please go back to the You can run OpenSK as a [Tock OS](https://tockos.org) application, or use the
[stable branch](https://github.com/google/OpenSK). library to bring OpenSK to your own hardware.
You are viewing the branch for developers. New features are developed here.
Go to the default branch for a more stable version of OpenSK.
### FIDO2 ### FIDO2
The develop branch implements the OpenSK's version that implemented CTAP 2.0 was certified by the FIDO Alliance.
[CTAP2.1 specification](https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html).
This branch is not FIDO certified. The implementation is backwards compatible The develop branch tracks the latest release version of the
to CTAP2.0. Additionally, OpenSK supports U2F, and non-discoverable credentials [CTAP specification](https://fidoalliance.org/specs/fido-v2.2-rd-20230321/fido-client-to-authenticator-protocol-v2.2-rd-20230321.html).
created with either protocol are compatible with the other. This branch is not FIDO certified.
OpenSK supports U2F, and non-discoverable credentials created with either
protocol are compatible with the other.
### :warning: Disclaimer ### :warning: Disclaimer
This project is **proof-of-concept and a research platform**. It is **NOT** This project is **proof-of-concept and a research platform**. It is **NOT**
meant for a daily usage. It comes with a few limitations: meant for a daily usage. This branch is under development, and therefore less
rigorously tested than the numbered branches.
* This branch is under development, and therefore less rigorously tested than the stable branch.
* The cryptography implementations are not resistent against side-channel attacks.
We're still in the process of integrating the We're still in the process of integrating the
[ARM&reg; CryptoCell-310](https://developer.arm.com/ip-products/security-ip/cryptocell-300-family) [ARM&reg; CryptoCell-310](https://developer.arm.com/ip-products/security-ip/cryptocell-300-family)
embedded in the embedded in the
[Nordic nRF52840 chip](https://infocenter.nordicsemi.com/index.jsp?topic=%2Fps_nrf52840%2Fcryptocell.html) [Nordic nRF52840 chip](https://infocenter.nordicsemi.com/index.jsp?topic=%2Fps_nrf52840%2Fcryptocell.html)
to enable hardware-accelerated cryptography. Our placeholder implementations of required to enable hardware-accelerated cryptography.
cryptography algorithms (ECDSA, ECC secp256r1, HMAC-SHA256 and AES256) in Rust are research-quality In the meantime, there are 2 options for cryptography implementations:
code. They haven't been reviewed and don't provide constant-time guarantees.
* Our own placeholder implementation. The code is research quality and doesn't
provide constant-time guarantees.
* The [RustCrypto](https://github.com/RustCrypto) interface. Deploy with
`--rust-crypto`. Note that our own ECC implementation is faster and has
smaller binary size, so not all boards support RustCrypto yet.
## Hardware ## Hardware
You will need one the following supported boards: You will need one the following supported boards:
@@ -75,6 +87,28 @@ Please check our [Troubleshooting and Debugging](docs/debugging.md) section if y
have problems with the installation process or during development. To find out what have problems with the installation process or during development. To find out what
else you can do with your OpenSK, see [Customization](docs/customization.md). else you can do with your OpenSK, see [Customization](docs/customization.md).
## Research
We implemented post-quantum cryptography on OpenSK. The code is released under
the [hybrid-pqc tag](https://github.com/google/OpenSK/releases/tag/hybrid-pqc).
Our [paper](https://eprint.iacr.org/2022/1225) was published in the ACNS
Secure Cryptographic Implementation workshop 2023 and won the best paper award.
<details>
<summary>Bibtex reference</summary>
```
@InProceedings{Ghinea2023hybrid,
author= {Diana Ghinea and Fabian Kaczmarczyck and Jennifer Pullman and Julien Cretin and Rafael Misoczki and Stefan Kölbl and Luca Invernizzi and Elie Bursztein and Jean-Michel Picod},
title= {{Hybrid Post-Quantum Signatures in Hardware Security Keys}},
booktitle= {{4th ACNS Workshop on Secure Cryptographic Implementation, Kyoto, Japan}},
month= {June},
year= {2023},
}
```
</details>
## Contributing ## Contributing
See [Contributing.md](docs/contributing.md). See [Contributing.md](docs/contributing.md).