US Online Reseller

We’re proud to announce our first US online reseller, Blinkinlabs.

With a reseller in US we simplify order handling and deliveries for customers all over North America.

Read about all our reseller’s here.

Reseller News

We can now present two resellers of the TKey.

Proxystore are based in Leipzig, Germany. They have both a local store and online shop.

iPhonebutiken is a Sweden based online store.

Read about our resellers and how to become a reseller on the reseller page.

Clarification on what we sell

It has come to our attention that some customers are surprised that the TKey we are currently selling in our web shop, is a TKey for end users and consequently has the program memory locked-down.

We apologise if this has not been clear in our communication.

So to be clear: On TKey’s sold via our web shop, since April 3rd, a user can’t change the bitstream or even read out the bitstream (or the UDS) from the TKey, even if the case is broken and the PCBA inserted into a programmer board.

Read more about memory handling in the end user TKey in our tech post here.

Also, read here about how you can verify that the TKey you have is genuine and that the unique identity (UDS) and firmware has not been altered during e.g. shipment from Tillitis to you.

If you want to contact us, you can do so by email to

Tillitis Shop Open!

The wait is finally over. Today we open Tillitis Shop and deliveries will start immediately. We ship from our office all working days (adhering Swedish bank holidays).

TKey is open source hardware and software USB security key. The unique design, enables functionality upgrade during the life time of the device simply by downloading new application software and thus upgrade your TKey with e.g. new cryptographic features. Buy hardware once and upgrade forever.

On top of all this a user can verify that the TKey is from Tillitis, and that it has not be modified during shipping. This verification is so easy to do that it can be done at will. Not just once when the TKey has been received, but over and over again. Supply chain security and device integrity combined, more important than ever.

We hope you will enjoy using the TKey as much as we have enjoyed developing it! We are committed to continued development. Welcome to engage with us at GitHub or send us a mail with your feedback.

On Flexibility and Future Proof

What makes TKey flexible?

The function of a TKey is defined by software, the TKey Device App, that is uploaded to the TKey from the client, the computer or mobile phone the TKey is attached to, and usually a piece of software running on the client that is loading and then communicating with the TKey device app.

This means the TKey is very flexible. Since the security function, cryptographic operation, or whatever it is, is just a piece of uploaded software it is possible to add any type of function needed. Together with the client app it can do anything while keeping the secure elements and any private keys in a more secure environment.

The software can be adapted to legacy systems or add the latest and greatest cryptographic function (hello post quantum crypto!) without the need to buy new hardware.

Read also about key generation.

On TKey Key Generation

Digital keys is how information and communication on the Internet is protected. We all use them every day. Hence, generating those keys is crucial aspect of security. This is how it’s done on TKey.

Three factors for key generation

When TKey generates keys, three factors are needed:
UDS, Unique Device Secret. This is unique for each TKey produced and part of the hardware design.
USS, User Supplied Secret. This is a secret the user chose (know) for every application loaded.
– The TKey device app (that is loaded to the TKey via USB-C) is hashed at reception by the TKey. We write it like this:
hash(TKey device app).

All three factors are hashed again, i.e.;
hash(UDS, hash(TKey device app), USS).

The result of this hash is called CDI, Compound Device Id and is a unique identity. If you change any of the three factors, you will get a new CDI, i.e. new identity.

CDI is stored so it’s accessible for the TKey device app.

The hardware guarantees that the UDS is only read-once per power cycle. It lives for a very brief time and is then not available in the memory map anymore, not even for the firmware.

Read more about TKey memory here.

About TKey Memory

One important aspect, when it comes to security in devices, is how data stored in memory, is protected.

Program Storage

On the end user TKey, the entire FPGA design together with the firmware ROM is kept in the locked-down configuration memory (NVCM – Non Volatile Configuration Memory) within the FPGA chip. It’s not externally readable and only readable by the FPGA when configuring itself. This means the device secret (UDS) can’t be read, not even with the TKey programming board we provide.

Data Memory

There is no persistent data memory. Meaning that there is no way to store anything (e.g. passwords, keys) on the TKey between uses.

Since the TKey does not have persistent data memory, key material is generated at each use. This also means private keys can’t leak between TKey apps and that there are an unlimited number of key pairs, since they are generated each time.

Memory Modes

The TKey hardware offers two memory modes: firmware mode and app mode. The app mode has a constrained view of the memory map where some things are read-only and other things not even readable. The firmware switches to the constrained app mode just before jumping to the loaded device app.

Memory Protection

The entire firmware stack is kept in a special firmware stack that is 1) marked as non-executable, 2) only memory mapped while in firmware mode, and, 3) cleared just in case before switching to the constrained app mode.

We provide the memory execution protection to apps as well, so they for example can set up their stack to be non-executable.

Memory Scrambling

The TKey has a hardware-assisted RAM address and RAM content scramble function which the firmware sets up. This means addresses used are placed on random places in RAM and the content in the RAM is also scrambled. This is set up with new random keys from a true random number generator every power cycle and is transparent for the device apps – they see only linear RAM and the ordinary contents.

TKey Interaction points

TKey has two LED’s indicating status and one touch area.

Power LED illuminates blue, when TKey is powered.

Status LED indicates different statuses. There are two basic indications:
When TKey has booted up status LED illuminates in white.
Red blink means something is wrong, restart TKey by removing it from USB port and re-insert.
Green blink means user has to assert presence. This behaviour depends on the TKey device app.

Touch sensor area is where user places a finger to assert presence.
User should gently place a finger on the area for a second or two.
For security reasons, the touch sensor is designed to avoid registering positive false, i.e. a touch is registered when no finger has been placed on the touch area. The downside is that user sometimes have to touch the area two-three times for the TKey to correctly register a touch.


Update April 3, 2023: All is finalised and web shop is open!

An update on our release and what’s remaining.

Plan was to release and open our web shop by the end of last week. During final work, we found that USB communication with the TKey didn’t work on MacBook in all use cases. This is now corrected and we are currently double checking everything on the firmware.

Also remaining, is to finalise implementation of TKey verification tool in the provisioning flow in production. TKey verification tool is used for signing a TKey identity in production and used by user to verify that it still has the same identity. This is an important tool that implements supply chain security and assures you as user the TKey has not been tampered with during shipment. Needless to say, it has to be perfect.
More information on the tool and how to use it will follow.

Tillitis presents TKey at Netnod Meeting 2023

The Netnod Meeting 2023 took place 14 – 15 of March at the Courtyard Stockholm Kungsholmen Hotel. It was a great event and we’d like to thank the Netnod organization for giving us the opportunity to present!

Recording. Slides.

Link to the event page here.