TKey
– security
for the new
world

All information on developing your own apps for TKey can be found in the Developers Handbook.

We don’t keep the generated UDS, but you have to trust us on this. If you don’t, but still want to use the actual hardware, we suggest buying TKey Unlocked and a TKey Programmer Board and choosing your own UDS when generating the bitstream.

We store a running serial number (UDI)  for generating new bitstreams.

We also store, per TKey, a file containing:
– timestamp: RFC3339 UTC timestamp when the vendor signature was done.
– apptag: The Git tag of the verisigner program used on the device under verification,
– apphash: The hash of the verisigner program binary used on the device under verification.
– signature: Vendor signature of the message.

We don’t store all of the actual message we sign for every Tkey. The message is composed of UDI, firmware hash, verisigner public key. The public key for the specific TKey isn’t stored by Tillitis.

This per TKey file is reachable by the Unique Device Identifer (UDI), which is also stored, on https://tkey.tillitis.se/verify/$UDI

With TKey Verification, a user can verify that their TKey is produced by Tillitis and not altered during it’s life time.

The way TKey is designed makes it possible for anybody (well, anybody with programming knowledge) to adapt their TKey for their specific use case or own purposes. The way to do that is by developing an own app. From scratch or start with an already existing app and make own adjustments. Read all about developing apps in the Developer Handbook.

TKey Unlocked is a non-programmed TKey.

TKey Unlocked can be used for a customer to program a TKey by themselves and by that have full control of what the TKey contains. This will essentially make such a TKey  a user owned USB security key.

Another use case for TKey Unlocked is for developers to experiment with the hardware and/or firmware. The heart of the TKey is a Lattice iCE40UP5K FPGA. TKey Unlocked can be used for experimenting with the FPGA.

All information on how to program TKey Unlocked can be found in the Developers Handbook.

NB 1: A TKey Programmer is needed for programming the TKey Unlocked.

NB 2: App development does not require TKey Unlocked, the TKey is sufficient.

TKey Programmer is needed for programming TKey Unlocked.

Unless otherwise noted, the project sources are licensed under the terms and conditions of the “GNU General Public License v2.0 only” and hardware boards under “CERN Open Hardware Licence Version 2 – Strongly Reciprocal”.

We can offer dual licensing, contact Tillitis at hello@tillitis.se for more information if you need another type of license for your project.

The TKey is a small computer in a USB-C form factor that can run small device applications which are loaded onto it. The purpose of TKey is to be a secure environment for applications that provide some kind of security function. Some examples of such security functions are:

• Time-based one-time password (TOTP) token generators
• Signing oracles
• Secure random numbers
• Encryption
• 2FA

There is no way of storing a device application (or any other data) on the TKey. A device app has to be loaded onto the TKey every time you plug it in.

The DCO is published on GitHub.

The project is on GitHub. Please engage with us there.

Great to hear, drop an email to hello@tillitis.se and we’ll get back to you immediately.

Send an email to hello@tillitis.se