How do I develop apps for TKey?

All information on developing your own apps for TKey can be found in the Developers Handbook.

What information about the TKey devices is stored at Tillitis?

We don’t keep the generated UDS, but you have to trust us on this. If you don’t, but still want to use the actual hardware, we suggest buying TKey Unlocked and a TKey Programmer Board and choosing your own UDS when generating the bitstream.

We store a running serial number (UDI)  for generating new bitstreams.

We also store, per TKey, a file containing:
– timestamp: RFC3339 UTC timestamp when the vendor signature was done.
– apptag: The Git tag of the verisigner program used on the device under verification,
– apphash: The hash of the verisigner program binary used on the device under verification.
– signature: Vendor signature of the message.

We don’t store all of the actual message we sign for every Tkey. The message is composed of UDI, firmware hash, verisigner public key. The public key for the specific TKey isn’t stored by Tillitis.

This per TKey file is reachable by the Unique Device Identifer (UDI), which is also stored, on$UDI

With TKey Verification, a user can verify that their TKey is produced by Tillitis and not altered during it’s life time.

How do I adapt TKey to fit my use case?

The way TKey is designed makes it possible for anybody (well, anybody with programming knowledge) to adapt their TKey for their specific use case or own purposes. The way to do that is by developing an own app. From scratch or start with an already existing app and make own adjustments. Read all about developing apps in the Developer Handbook.

What is TKey Unlocked?

TKey Unlocked is a non-programmed TKey.

TKey Unlocked can be used for a customer to program a TKey by themselves and by that have full control of what the TKey contains. This will essentially make such a TKey  a user owned USB security key.

Another use case for TKey Unlocked is for developers to experiment with the hardware and/or firmware. The heart of the TKey is a Lattice iCE40UP5K FPGA. TKey Unlocked can be used for experimenting with the FPGA.

All information on how to program TKey Unlocked can be found in the Developers Handbook.

NB 1: A TKey Programmer is needed for programming the TKey Unlocked.

NB 2: App development does not require TKey Unlocked, the TKey is sufficient.

What is TKey Programmer?

TKey Programmer is needed for programming TKey Unlocked.

What licensing options do you offer?

Unless otherwise noted, the project sources are licensed under the terms and conditions of the “GNU General Public License v2.0 only” and hardware boards under “CERN Open Hardware Licence Version 2 – Strongly Reciprocal”.

We can offer dual licensing, contact Tillitis at for more information if you need another type of license for your project.

What is TKey?

The TKey is a small computer in a USB-C form factor that can run small device applications which are loaded onto it. The purpose of TKey is to be a secure environment for applications that provide some kind of security function. Some examples of such security functions are:

  • Time-based one-time password (TOTP) token generators
  • Signing oracles
  • Secure random numbers
  • Encryption
  • 2FA

There is no way of storing a device application (or any other data) on the TKey. A device app has to be loaded onto the TKey every time you plug it in.

Where can I find the Developer Certificate of Origin (DCO)?

The DCO is published on GitHub.

How can I contribute?

The project is on GitHub. Please engage with us there.

I am CISO at an organization/company and would like to hear more about your enterprise offering.

Great to hear, drop an email to and we’ll get back to you immediately.

I want to resell your products, how do I get in touch with you?

Send an email to


Help! How do I change my order??

If you for some reason want to change your order, please send an email to asap (don’t forget to reference your order number). If we haven’t already shipped, we will update the order.

Under what international commercial terms (incoterms) do you ship?

We ship goods with incoterms EX Works (EXW).

Where can I buy your products?

You can but TKey on our web shop, and at selected resellers around the world, see the reseller page for more information.

To where do you ship?

Currently we ship to EU/EEA countries, Norway, Switzerland, UK, USA and Canada, Australia and New Zealand.

We continuously work with expanding our geographical coverage, either with shipping directly from Tillitis or via resellers. Exact solution depends on how we can solve compliance with legal requirements in respective country.

What is your return policy?

We accept returns of products, if the original package has not been opened. Due to security reasons we will not accept returns where the product has been removed from its original package. Send a mail to to start the return process.

How do I claim warranty?

If you bought you product from a reseller, you should turn to the reseller and claim warranty.
You should claim warranty for products bought on Tillitis web shop by sending a mail to

What is Tillitis’ warranty policy?

Tillitis products are covered by a one year warranty (from the date of delivery) against production and/or material defects.


How do I get in contact with you?

The easiest way to contact us is to send an email to
We usually respond to emails during office hours 9-17, CET.
You can also follow us on LinkedIn, Twitter and GitHub as well as sign up for our mailing lists.

Where is Tillitis located?

Tillitis has it’s head office at Ekelundsgatan in central Gothenburg, Sweden.

What is Tillitis?

Tillitis AB is a Swedish company developing hardware based authentication and security solutions. Tillitis is wholly owned by Amagicom AB and is a spin-off from the sister company Mullvad VPN.