What ZeroKeyUSB is
A hand-held, offline credential device based on an ATSAMD21 microcontroller and an ATECC608A secure element, encapsulated in epoxy resin. It stores logins, TOTP secrets and short notes, and types them to a host over USB HID on a physical press. It has no Wi-Fi, Bluetooth, NFC, battery or cloud account.Security architecture
| Layer | Mechanism |
|---|---|
| Secure boot | The bootloader verifies an ECDSA P-256 signature over the application firmware (via the ATECC608A) before running it. The bootloader region is hardware write-protected (BOOTPROT). |
| Credential encryption | Credentials are stored AES-128-CBC encrypted in an external EEPROM. The AES key is generated by the ATECC608A’s hardware TRNG and stored inside the chip (IsSecret=1) — it never crosses the I²C bus or reaches host software. |
| PIN | A 1–16 digit Master PIN is verified as SHA-256(PIN ‖ chip-serial) with a constant-time compare, and rate-limited by a persistent exponential backoff re-applied on every boot (see PIN verification). |
| Randomness | All key material, IVs and generated passwords come from the ATECC608A hardware TRNG. |
| Physical | The PCB is epoxy-encapsulated; there is no debug path to the application after provisioning, and the config/data zones of the secure element are permanently locked. |
| Airgap | Credentials are entered/exported only over USB, on user action. No network stack exists. |
Security properties
- No cloud, no account, no telemetry. Nothing is transmitted to any server.
- Secrets stay off the host. The host receives keystrokes, never the vault.
- Tamper-resistant key custody. The AES key and the device are bound; ciphertext from one unit cannot be decrypted by another.
- Verifiable firmware. Only ECDSA-signed images run; the source is open for audit.
Scope and limitations
A credible security statement names its boundaries. ZeroKeyUSB does not claim to protect against:- A trusted-host compromise during use. When you type a credential, it lands on the host; if that machine is already compromised, it can capture what is typed. The device reduces storage exposure, not in-use exposure.
- Plaintext backup on an untrusted host. The USB backup exports credentials in clear text to the connected computer; do it only on a trusted, offline host.
- A determined physical/lab attacker. The PIN hash is readable over the I²C bus, so an attacker who defeats the epoxy encapsulation and reaches the bus can attempt an offline PIN crack. The epoxy and a long PIN are the mitigations; there is no destructive self-wipe.