As we announced in February we are releasing a new hardware design of OnlyKey, the OnlyKey Color™. OnlyKey Color will start shipping tomorrow to pre-order customers. With this release we are also releasing new features, see the new features in action here:
For existing OnlyKey users install the new firmware by following the instructions in the “Loading OnlyKey Firmware” section of the user’s guide – www.crp.to/okstart
For new OnlyKey customers you can order one through our website – www.crp.to/p
New features include:
Enhancements in this release
- Increased max length of passwords to 56 characters.
- Increased max length of usernames to 56 characters.
- Increased max length of labels to 16 characters.
- Increased ECC key storage from 1 to 32 private keys.
- Option to choose RETURN after a password or NONE.
New Features introduced in this release
- URL field (length 56) – Now in addition to storing a username, password, and 2FA in each slot you can store the URL of the login page. This allows a true one touch login. With this feature the OnlyKey now can type out the URL for the login page into your browser, then type out your username, password, and 2FA.
- Key Storage – We introduced an experimental feature in the last OnlyKey release that allows you to use OnlyKey to store a private key that can be used for SSH authentication. We are expanding this so that you can store 32 ECC private keys and 4 RSA private keys. Each key also has a label assigned to it so just like with slots, an identifier can be assigned to each key. Under the hood –
- Up to 32 ECC keys are supported of type curve25519, P256 (NIST), and secp256k1 (Used for Bitcoin)
- Up to 4 RSA keys are supported with key sizes 1024, 2048, 3072, and 4096 bit keys.
- Key Functionality – In addition to using private keys for SSH authentication we are building a framework that will permit use for signing (OpenPGP email/file signing), decryption (OpenPGP email/file decryption), and our new backup feature.
- SSH Authentication – Currently only ECC keys are supported for SSH authentication. Using the OnlyKey agent ssh authentication can be accomplished by storing a key on the OnlyKey and setting it as an authentication key. The benefit this provides is that your private key is never exposed on a computer where it can be compromised by hacker.
- Email/File Decryption – Using the OnlyKey PGP Message Tool, the OnlyKey supports decryption of email and files using OpenPGP (PGP/GPG compatible). This feature is currently released as experimental, to try it out we recommend encrypting emails with Mailvelope (Using RSA 4096 Key) and decrypting with the OnlyKey PGP Messege Tool. The benefit this provides is that your private key is never exposed on a computer where it can be compromised by hacker. Decryption feature is demonstrated in the video at the beginning of this post.
- Email/File Signing – Using the OnlyKey PGP Message Tool, the OnlyKey supports signing of email and files using OpenPGP (PGP/GPG compatible). This feature is currently released as proof of concept, additional work is needed to properly generate signatures that can be validated. Signing feature is demonstrated in the video at the beginning of this post.
- Secure Backup/Restore – Encrypted backup is now a built-in feature. Just like many other features on the OnlyKey, backups are possible on any computer. It essentially works like this:
- Step 1. Load a key and select it as backup key.
- Step 2. Hold the #1 button down for over 5 seconds.
- Step 3. The OnlyKey types out (keyboard) a backup text file that is encrypted using the backup key.
To restore from backup – Just load the same backup key on this or another OnlyKey and load the backup text file to the OnlyKey using the OnlyKey App. When complete the OnlyKey will contain the same data as the backup. Backup feature is demonstrated in the video at the beginning of this post.
Here are the release notes with additional information:
OnlyKey Firmware – https://github.com/trustcrypto/OnlyKey-Firmware/releases/tag/v0.2-beta.4
OnlyKey Firmware Libraries – https://github.com/trustcrypto/libraries/releases/tag/v0.2-beta.4
OnlyKey Chrome App – https://github.com/trustcrypto/OnlyKey-Chrome-App/releases/tag/v0.4-beta.0