Thanks for all of the interest in OnlyKey! Full disclosure, I work for CryptoTrust and am on the team that makes OnlyKey. I wanted to try to address the questions/concerns in this thread in one place and provide some useful links for more information. OnlyKey started from a successful kickstarter launch in 2016 and has grown to become a popular product for businesses and individuals.
- OPEN SOURCE - If you are looking for OnlyKey source you will find it here https://github.com/trustcrypto all of our apps and firmware is open source. OnlyKey is not open hardware, however the hardware design is very transparent, literally. The device has a clear protective coating on the hardware which in addition to adding durability allows visually verifying everything.
- ABOUT SECURITY - Security documentation is here https://docs.crp.to/security.html and provides information on how OnlyKey random number generator works, supply chain, side-channel attacks etc. One thing that you will notice about OnlyKey that differentiates it from other security keys is the on key PIN entry. While no device is immune to hacking, this feature mitigates many traditional threat models. We are always open to discussing specific threat models openly on our support forum.
One of the nice things about OnlyKey is you have options.
- You can use OnlyKey to store a password up to 56 characters long for Windows login. You don't remember this password OnlyKey types it for you.
- You can use OnlyKey as a FIDO2 security key to login to Windows with Azure AD.
Yes, OnlyKey appears to the computer/mobile device as a keyboard. That is why it works on all computers and even iPhone/Android with an adapter available in our store - https://onlykey.io/collections/accessories-1
Yes, it would type the password to unlock your Windows PC.
You assign password/login info to a button, you press that button. I.e. Button number 1 is my Windows login so I would press the 1 button to login. After the OnlyKey is unlocked that is, a PIN is required to be entered on the same buttons providing physical security.
Feitian advertises one here https://www.ftsafe.com/Products/FIDO/NFC and they say you can request a dev version so you can install your own applets, but I can't vouch for it yet personally.
Apparently K9 Dev version is basically like eJavaToken, without applets installed, so no U2F, only CCID. Unless you specifically want that don't order.
- OPEN SOURCE - If you are looking for OnlyKey source you will find it here https://github.com/trustcrypto all of our apps and firmware is open source. OnlyKey is not open hardware, however the hardware design is very transparent, literally. The device has a clear protective coating on the hardware which in addition to adding durability allows visually verifying everything.
- ABOUT SECURITY - Security documentation is here https://docs.crp.to/security.html and provides information on how OnlyKey random number generator works, supply chain, side-channel attacks etc. One thing that you will notice about OnlyKey that differentiates it from other security keys is the on key PIN entry. While no device is immune to hacking, this feature mitigates many traditional threat models. We are always open to discussing specific threat models openly on our support forum.
- WHERE TO GO FOR MORE INFO Get started - https://onlykey.io/start General documentation - https://docs.crp.to/ FAQs - https://docs.crp.to/faq.html Compare to Yubikey - https://crp.to/p/ Setup and User's Guide - https://docs.crp.to/usersguide.html Features - https://docs.crp.to/features.html Support - https://forum.onlykey.io/ List of supported services - https://onlykey.io/pages/works-with-onlykey