OpenSK

OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards. (by google)

OpenSK Alternatives

Similar projects and alternatives to OpenSK

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better OpenSK alternative or higher similarity.

OpenSK discussion

Log in or Post with

OpenSK reviews and mentions

Posts with mentions or reviews of OpenSK. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-04-19.
  • OpenSK – open-source implementation for security keys written in Rust
    1 project | news.ycombinator.com | 25 Aug 2023
  • Yubico is merging with ACQ Bure and intends to go public
    6 projects | news.ycombinator.com | 19 Apr 2023
    https://github.com/google/OpenSK works, it runs on something like this $15 board. Could do with a case though.

    https://www.nordicsemi.com/About-us/BuyOnline?search_token=n...

  • How to Yubikey: A Configuration Cheatsheet
    13 projects | news.ycombinator.com | 10 Mar 2023
  • Make Custom Yubikey
    2 projects | /r/yubikey | 23 Jun 2022
  • WebAuthn, and Only WebAuthn
    2 projects | news.ycombinator.com | 24 May 2022
    There are a huge number of other vendors supporting Webauthn apart from Yubikey. (From the top of my head Nitrokey, Solo, Tomu, Mooltipass, Ledger, Trezor, Google Titan, OnlyKey, Token2).

    You could also use the system TPM (https://github.com/psanford/tpm-fido).

    A brief search didn't yield any FIDO2 software-only solutions for Linux, but I see no reason why in principle you couldn't implement it (perhaps interfacing https://github.com/google/OpenSK through hidg - similar projects do exist for U2F).

  • Apple, Google, and Microsoft commit to expanded support for FIDO standard
    6 projects | news.ycombinator.com | 10 May 2022
    Cloudflare does, using a security key not found in the FIDO Metadata Service will unfortunately not work. This precludes the use of any hacker-friendly solution (making your own).

    > Supported: All security keys found in the FIDO Metadata Service 3.0, unless they have been revoked for security reasons.

    https://support.cloudflare.com/hc/en-us/articles/44068890480...

    Attestation keys, as they're currently used, aren't very "privacy friendly" and it's much worse for those who wish to create their own key.

    > Usually, the attestation private key is shared between a batch of at least 100,000 security keys of the same model. If you build your own OpenSK, your private key is unique to you. This makes you identifiable across registrations: Two websites could collaborate to track if registrations were attested with the same key material. If you use OpenSK beyond experimentation, please consider carefully if you want to take this privacy risk.

    https://github.com/google/OpenSK/blob/f2496a8e6d71a4e8388849...

  • Phone May Soon Replace Many of Your Passwords
    4 projects | news.ycombinator.com | 7 May 2022
    There are a number of FOSS solutions.

    - https://github.com/google/OpenSK <- DIY solution

    - https://solokeys.com/

    - https://www.nitrokey.com/

    The issue with any FOSS solution is that FIDO requires an attestation private key which is shared between a batch of at least 100,000 security keys. Using a DIY or cli app (application running on the host) solution will likely mean you'll be generating that private key yourself, this makes you identifiable across registrations.

  • Apple/Google/Microsoft to accelerate rollout of passwordless sign‑in standard
    9 projects | news.ycombinator.com | 5 May 2022
  • Login with a Public Ed25519 Key
    5 projects | news.ycombinator.com | 26 Feb 2022
    I'm not sure what you're replying to--this scheme is much closer to self-signed X509 client certs, not FIDO. But regarding FIDO, it does not prevent user-controlled hardware; it's up to RPs to choose if they require specific device manufacturers or not.

    In my experience, the vast majority of (consumer) RPs do not require specific batch attestation, which is why you can make your own FIDO key: https://github.com/google/OpenSK.

    I am under the impression support for attestation was controversial in FIDO--it's clearly useful for enterprise scenarios (e.g. where an enterprise requires some silly certification like FIPS: https://support.yubico.com/hc/en-us/articles/360016614760-Ac...), but there's always the risk that consumer-facing RPs require it for no good reason.

    My employer requires FIPS certification due to FedRAMP; I'd be interested in how you would propose to change FIDO such that--as now--I can use a single key for work and for all my consumer needs while eliminating attestation.

  • I read the federal government’s Zero-Trust Memo so you don’t have to
    3 projects | news.ycombinator.com | 27 Jan 2022
  • A note from our sponsor - SaaSHub
    www.saashub.com | 15 Oct 2024
    SaaSHub helps you find the best software and product alternatives Learn more →

Stats

Basic OpenSK repo stats
12
2,984
5.4
14 days ago

google/OpenSK is an open source project licensed under Apache License 2.0 which is an OSI approved license.

The primary programming language of OpenSK is Rust.


Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com

Did you konow that Rust is
the 5th most popular programming language
based on number of metions?