Getting started with Google OpenSK

Introduction

OpenSK released by Google is a fully open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.

OpenSK is based on the FIDO2 specifications, which combine the World Wide Web Consortium’s (W3C) Web Authentication (WebAuthn) specification and FIDO Alliance’s corresponding Client-to-Authenticator Protocol (CTAP).

The nRF52840 MDK USB Dongle works well with OpenSK. Taking advantage of the UF2 Bootloader, you can easily program the OpenSK by just copying the .uf2-format image to the flash drive.

This guide details how to get started with the OpenSK using the nRF52840 MDK USB Dongle without going through the complete toolchain installation.

What you'll need

Upgrade to UF2 Bootloader

The nRF52840 MDK USB Dongle was previously shipped with Open Bootloader with Device Firmware Update (DFU) functionality.

Currently, the prebuilt OpenSK firmware only works with the UF2 Bootloader. If your dongle is using UF2 Bootloader, just skip this step.

As Open Bootloader update must come from signed packages, the new UF2 Bootloader must be signed. The signed package is located in: firmware/open_bootloader/uf2_bootloader-0.2.13-44-gb2b4284-nosd_signed.zip

Enter DFU mode by holding the dongle's RESET/USR button during connecting to your PC. Use the following command to update firmware:

nrfutil dfu usb-serial -pkg uf2_bootloader-0.2.13-44-gb2b4284-nosd_signed.zip -p <your-serial-port-name>

Flash prebuilt OpenSK via UF2 Bootloader

The prebuilt OpenSK firmware is located in firmware/OpenSK with the .uf2-format.

Enter DFU mode by holding the dongle's RESET/USR button during connecting to your PC. A flash drive with the name MDK-DONGLE will appear.

Copy opensk_nrf52840_mdk_usb_dongle_gece14d7.uf2 image to MDK-DONGLE.

When programming is completed, the OpenSK will run automatically. The device named OpenSK will detected by the computer.

Test OpenSK

Now you can test the OpenSK via WebAuthn.io:

Explore More

The two-factor authentication (2FA) has been successfully deployed by a growing number of websites, including Google, social networks, cloud providers, and many others. Happy trying!

Reference


Leave a comment