Documentation Index
Fetch the complete documentation index at: https://docs.zerokeyusb.com/llms.txt
Use this file to discover all available pages before exploring further.
General
𧩠What is ZeroKeyUSB?
ZeroKeyUSB is a hardware password manager that stores your credentials completely offline.It behaves like a regular USB keyboard: when you select a saved account, it simply types your login details automatically β no software or internet connection required.
π Does it need an app or subscription?
No.ZeroKeyUSB does not depend on any software, extensions, or subscriptions.
It works instantly when plugged into any computer, phone, or tablet that accepts a USB keyboard.
π» What devices is it compatible with?
ZeroKeyUSB works universally with:- Windows
- macOS
- Linux
- Android (via USB-C or adapter)
- iPadOS (USB-C models)
π Does it have a battery?
No.ZeroKeyUSB draws minimal power (around 20 mA) directly from the USB port.
This makes it maintenance-free and ensures your credentials are always available β even years later.
π§βπ» How many credentials can it store?
Up to 62 encrypted credentials, each containing:- Website or service name (up to 16 characters)
- Username or email (up to 16 characters)
- Password (up to 16 characters)
- (Optional) TOTP 2FA secret
Security
π How are my passwords protected?
Your credentials are protected by three layers:- AES-128 CBC encryption β every credential is encrypted with a 128-bit key generated by the ATECC608A hardware random number generator. This key is unique to your device.
- PIN verification β your Master PIN is hashed with SHA-256 using the chipβs unique serial number as salt. The hash is compared in constant-time to prevent timing attacks.
- Hardware rate-limiting β a monotonic counter in the ATECC608A secure element tracks every PIN attempt. After 50 consecutive wrong attempts, all data is permanently wiped.
π§ What happens if I forget my PIN?
For security reasons, there is no PIN recovery.The only option is a Factory Reset, which wipes all encrypted data and lets you create a new PIN.
This ensures that no one β not even the manufacturer β can access your information.
π‘ Tip: Choose a memorable PIN and keep an encrypted backup of your credentials.
π Does it connect to the Internet?
Never.ZeroKeyUSB is a fully offline system.
It has no Wi-Fi, Bluetooth, or NFC modules, and it never exchanges data with external servers.
You are the only one who can access the stored information.
πΎ Can someone clone my device?
No.Each ZeroKeyUSB contains an ATECC608A secure element with a factory-programmed, unique 9-byte serial number. This serial is used as a salt in the PIN hash, meaning the same PIN on two different devices produces completely different cryptographic keys.
The 128-bit AES master key is also device-unique (generated by the on-chip TRNG at provisioning).
π« What happens after too many wrong PIN attempts?
Two levels of protection: Soft backoff (UX layer):| Failed attempts | Waiting time |
|---|---|
| 1 | 5 seconds |
| 2 | 10 seconds |
| 3 | 20 seconds |
| 4 | 40 seconds |
| β¦ | Doubles up to 43 minutes |
π§° Can the firmware be updated?
Yes, but only with physical access.From the menu (Danger Zone β Bootloader Mode), the device reboots into a USB DFU bootloader.
New firmware must be cryptographically signed β the bootloader checks both a CRC32 and a BLAKE2s MAC before accepting any image. Unsigned firmware triggers a 15-second penalty delay. There is no remote or over-the-air update mechanism.
π Is it really open source?
Yes β for transparency and auditability.Publishing the code lets anyone verify that:
- There are no backdoors or data collection mechanisms.
- Encryption follows established standards (AES-128, SHA-256, HMAC-SHA1).
- All functions operate exactly as described.
Usage
π The keyboard types wrong symbols β what can I do?
Go to Menu β Settings β Keyboard and cycle through the 9 supported layouts:EN-US, DA-DK, DE-DE, ES-ES, FR-FR, HU-HU, IT-IT, PT-PT, SV-SE.
You can also set this during the initial setup wizard.
π§Ύ Can I back up my data?
Yes.Use Menu β Backup β Export to send all credentials over USB serial in plaintext CSV format.
You can later Import the same backup.
β οΈ Backup files are plaintext. Encrypt them with GPG, age, or a password-protected ZIP, and store offline.
β±οΈ How does the 2FA (TOTP) feature work?
ZeroKeyUSB can generate time-based one-time passwords (TOTP) offline.It supports SHA-1, SHA-256, and SHA-512 algorithms.
Once you import a TOTP secret and sync the time, the device displays a 6-digit code with a 30-second countdown β without needing your phone or Internet.
π§Ό Is it waterproof?
Yes.Each ZeroKeyUSB unit is fully resin-encapsulated, making it resistant to water, dust, and everyday wear.
It is not designed for submersion, but it will survive accidental spills or rain exposure.
𧱠What if the screen breaks?
Your data remains safe β itβs still encrypted inside the EEPROM.However, youβll need to contact support for a replacement, as the device cannot be disassembled without breaking the resin seal.
You can still export your credentials via the USB serial interface (the CDC channel works without the display).
π‘οΈ How long will it last?
ZeroKeyUSB has no moving parts or batteries.The EEPROM is rated for >1 million write cycles per page, and all other components are solid-state.
With normal use, it should last well over a decade.
π¬ How can I contact support?
For any questions, reach out directly atπ§ support@zerokeyusb.com
or visit zerokeyusb.com/support
ZeroKeyUSB is designed to give you peace of mind β you own your passwords, and your data never leaves your hands.