Welcome
ZeroKeyUSB is a standalone, hardware-based password manager designed to keep your credentials completely offline.It behaves like a USB keyboard — typing your encrypted usernames, passwords, and optional TOTP codes wherever you need them.
No apps. No cloud. No subscriptions. Everything you need to assemble the hardware, understand the firmware, and keep your device secure is organized below.
Get started
Learn how to flash the firmware, set your Master PIN, and start using ZeroKeyUSB safely.
Main Features
Offline Encryption
Protects your data using AES-128 CBC encryption with a TRNG-generated master key.
The PIN is verified via SHA-256 and a hardware monotonic counter. No Internet connection ever required.
The PIN is verified via SHA-256 and a hardware monotonic counter. No Internet connection ever required.
Hardware Secure Element
An ATECC608A secure element provides hardware-grade true random numbers, a tamper-resistant monotonic counter for PIN rate-limiting, and a chip-unique serial used as a PIN salt.
Hardware Simplicity
Built around a SAMD21E18A microcontroller and M24C64-WMN6TP EEPROM, fully powered by USB-C.
No batteries, no wireless chips — truly air-gapped.
No batteries, no wireless chips — truly air-gapped.
Universal Keyboard Output
Acts as a standard USB HID keyboard supporting 9 language layouts (EN-US, DE, FR, ES, IT, PT, SV, DA, HU) to type credentials into any focused field.
Works across all major operating systems.
Works across all major operating systems.
Integrated OLED Display
Navigate stored credentials and 2FA codes on a 128×32-pixel SSD1306 OLED screen with auto-scroll for long text.
Time-Based One-Time Passwords (TOTP)
Generate 6-digit 2FA codes locally and offline.
Requires a one-time time sync from the host via USB — never through the Internet.
Requires a one-time time sync from the host via USB — never through the Internet.
Open Source & Transparent
Every line of firmware and hardware schematic is public.
Audit, verify, and contribute to improve the device.
Audit, verify, and contribute to improve the device.
62 Credential Slots
Stores up to 62 site/user/password entries plus optional TOTP secrets, all AES-128 CBC encrypted at rest in the external EEPROM.
Security at a Glance
| Layer | Technology | Location |
|---|---|---|
| Encryption | AES-128 CBC (software, AESLib) | SAMD21 MCU |
| Encryption key | 16 B random (ATECC608A TRNG) | EEPROM 0x0028 |
| IV | 16 B random (ATECC608A TRNG) | EEPROM 0x0010 |
| PIN hashing | SHA-256(PIN ∥ chip_serial) | MCU (software) |
| PIN salt | 9-byte chip serial | ATECC608A Config Zone |
| PIN rate-limit | Monotonic Counter0 (hardware) | ATECC608A |
| PIN budget | 50 attempts before wipe | Threshold at EEPROM 0x0020 |
| Boot integrity | ECDSA P-256 signature verification | Bootloader |
| Physical protection | Epoxy encapsulation + BOOTPROT fuse | PCB / SAMD21 fuses |
Documentation Overview
Quickstart
Step-by-step guide to flash the firmware, create your Master PIN, and store your first credentials.
Hardware
Electrical schematics, component list, and EEPROM memory map for the M24C64-WMN6TP.
Firmware
Explore how modules interact: display, menu navigation, EEPROM storage, keyboard output, and TOTP generation.
Security
Understand how AES-128 CBC encryption, ATECC608A-assisted PIN verification, IV generation, and hardware rate-limiting secure your data.
Compliance & Open Source
Certifications, licensing, and community contribution guidelines.
Support
FAQs, troubleshooting steps, and how to reach the ZeroKeyUSB community or request professional help.
Need help?
Visit zerokeyusb.com
Find user guides, updates, and community resources for ZeroKeyUSB.