Buy

TKey
– security
for the new
world

TKey
– a new kind
of security
key

The TKey is a small computer in a USB-C device form factor, that can run small applications which are loaded onto it. The purpose of TKey is to be a secure environment for applications that provide a security function. Some examples of such security functions are:
– Time-based one-time password (TOTP)
– Signing oracles
– Secure random numbers
– Encryption

There is no way of storing a device application (or any other data) on the TKey. A device app has to be loaded onto the TKey every time you plug it in.

Frequently asked questions

TKey

How do I develop apps for TKey?

All information on developing your own apps for TKey can be found in the Developers Handbook.

What information about the TKey devices is stored at Tillitis?

We don’t keep the generated UDS, but you have to trust us on this. If you don’t, but still want to use the actual hardware, we suggest buying TKey Unlocked and a TKey Programmer Board and choosing your own UDS when generating the bitstream.

We store a running serial number (UDI)  for generating new bitstreams.

We also store, per TKey, a file containing:
– timestamp: RFC3339 UTC timestamp when the vendor signature was done.
– apptag: The Git tag of the verisigner program used on the device under verification,
– apphash: The hash of the verisigner program binary used on the device under verification.
– signature: Vendor signature of the message.

We don’t store all of the actual message we sign for every Tkey. The message is composed of UDI, firmware hash, verisigner public key. The public key for the specific TKey isn’t stored by Tillitis.

This per TKey file is reachable by the Unique Device Identifer (UDI), which is also stored, on https://tkey.tillitis.se/verify/$UDI

With TKey Verification, a user can verify that their TKey is produced by Tillitis and not altered during it’s life time.

How do I adapt TKey to fit my use case?

The way TKey is designed makes it possible for anybody (well, anybody with programming knowledge) to adapt their TKey for their specific use case or own purposes. The way to do that is by developing an own app. From scratch or start with an already existing app and make own adjustments. Read all about developing apps in the Developer Handbook.

What is TKey Unlocked?

TKey Unlocked is a non-programmed TKey.

TKey Unlocked can be used for a customer to program a TKey by themselves and by that have full control of what the TKey contains. This will essentially make such a TKey  a user owned USB security key.

Another use case for TKey Unlocked is for developers to experiment with the hardware and/or firmware. The heart of the TKey is a Lattice iCE40UP5K FPGA. TKey Unlocked can be used for experimenting with the FPGA.

All information on how to program TKey Unlocked can be found in the Developers Handbook.

NB 1: A TKey Programmer is needed for programming the TKey Unlocked.

NB 2: App development does not require TKey Unlocked, the TKey is sufficient.

What is TKey Programmer?

TKey Programmer is needed for programming TKey Unlocked.

What licensing options do you offer?

Unless otherwise noted, the project sources are licensed under the terms and conditions of the “GNU General Public License v2.0 only” and hardware boards under “CERN Open Hardware Licence Version 2 – Strongly Reciprocal”.

We can offer dual licensing, contact Tillitis at hello@tillitis.se for more information if you need another type of license for your project.

What is TKey?

The TKey is a small computer in a USB-C form factor that can run small device applications which are loaded onto it. The purpose of TKey is to be a secure environment for applications that provide some kind of security function. Some examples of such security functions are:

  • Time-based one-time password (TOTP) token generators
  • Signing oracles
  • Secure random numbers
  • Encryption
  • 2FA

There is no way of storing a device application (or any other data) on the TKey. A device app has to be loaded onto the TKey every time you plug it in.

Where can I find the Developer Certificate of Origin (DCO)?

The DCO is published on GitHub.

How can I contribute?

The project is on GitHub. Please engage with us there.

I am CISO at an organization/company and would like to hear more about your enterprise offering.

Great to hear, drop an email to hello@tillitis.se and we’ll get back to you immediately.

I want to resell your products, how do I get in touch with you?

Send an email to hello@tillitis.se

Tillitis

How do I get in contact with you?

The easiest way to contact us is to send an email to hello@tillitis.se
We usually respond to emails during office hours 9-17, CET.
You can also follow us on LinkedIn, Twitter and GitHub as well as sign up for our mailing lists.

Where is Tillitis located?

Tillitis has it’s head office at Ekelundsgatan in central Gothenburg, Sweden.

What is Tillitis?

Tillitis AB is a Swedish company developing hardware based authentication and security solutions. Tillitis is wholly owned by Amagicom AB and is a spin-off from the sister company Mullvad VPN.