Signet High-Capacity Thumb-drive, Your Libre Personal Information Security Multi-tool
Signet HC is a secure USB drive built with open-hardware and free open-source software. It is an encrypted flash drive, a two-factor authentication (2FA) device and a hardware password and personal information manager, making it a portable solution to a variety of data security problems.
Signet HC is physically secured, it requires a user taking physical action (press a button on the device) to enable sensitive commands to be executed, the button flashes blue when any sensitive command is sent to the device. Physical security blocks malicious software from executing commands on the device. Signet HC’s encrypted data is password protected and can be unlocked through its cross-platform client application (available on Windows, macOS, GNU/Linux, and Android). The client software is stored on the device in a read-only partition, enabling the user to use it without downloading software.
Signet HC’s Two-factor authentication requires a secure device present in order to log in to a website or complete a key transaction. Two-factor authentication also compensates for weak or compromised passwords. Signet HC implements the FIDO U2F and FIDO2 two-factor authentication protocols utilized by a number of popular websites. Once Signet HC has been paired with a compatible website, a users can complete their login or transaction by pressing the device button when its light flashes. Signet HC can also be configured to disable two-factor authentication features until the device is unlocked. This provides additional security for the device.
Signet HC can contain several types of storage volumes in its embedded 32 GB flash memory, with each suited to different purposes. They include :
- Read-only volumes,
- Read-only volumes, One-time-use volumes,
- Physically-secured volumes, and
- Unencrypted volumes.
Signet HC implements password management features. This is done by storing a password database in an encrypted format inside its microcontroller’s internal flash memory. Once the device is unlocked you can view the data directly in the client and copy to the clipboard. The client supports browser plugins for Firefox and Chrome that can fill in data such as login and password information on text forms. The client can also forward the data to the device’s USB keyboard interface to type data directly into another application.
Signet HC’s function is not limited to storing information about account passwords. It also has a flexible database structure that enables a user to create new data types and to add fields to individual entries for notes and associated data. This enables you to safely store any data you wish to keep off the cloud.
Signet HC can be configured to regularly back up your data when connected to your primary computer. It can be backed up to either your computer’s hard disk or a designated removable media device. The Signet client can then read the backups when you provide the master password, offering users immediate access to their data and the option to upload the data to a replacement device, if you misplace your former device.
Signet HC enables the creation of multiple profiles, each with its own unlock password. Each profile can be configured to display only some database entries or storage volumes stored on the device. This enables a user to create different profiles with different settings to prevent sensitive information from being seen by others.
The source code and CAD files for Signet HC will be released before the devices are delivered. The software will be released under the GPLv3 license and the hardware specifications under the CERN Open Hardware License v1.2.
- Microcontroller: STM32F733 Cortex M7 @ 216 MHz
- USB interface: 2.0 High-speed
- Dimensions: 52 mm x 19 mm x 8.5 mm (longer than original Signet, but thinner)
- Mass storage capacity: 32 GB
- Mass storage medium: eMMC chip
- Circuit design license: CERN OHL v1.2
- Enclosure: Injection molded ABS plastic with snap-together design
- Database Capacity: 384 KB – enough space for thousands of entries
- Database Storage Type: On-chip flash memory
- GPIO: Three GPIO pins, or one UART port and one GPIO
- Firmware code size: 128 KB
- Maximum unencrypted transfer speed: 35 MB/s
- Maximum encrypted transfer speed: 15 MB/s
- Physical interface: illuminated tactile switch
- Compatibility: Windows, Linux, MacOS, Android
- Client software license: GPLv3
- Firmware software license: GPLv3
- Encryption Method: AES-128 or AES-256 with cipher block chaining (CBC)
- Encryption Key Derivation: SCrypt hash function with per-device randomized salt
- Two-factor authentication protocols: FIDO U2F and FIDO2
- Volume encryption
- One-time use volumes: Created to transfer files; deleted automatically after use
- Physically secured volumes: Copying files to OS requires a Signet button press
- Password and personal information manager: Can be accessed by the client and/or browser plugin
- Cryptographic features: File signing, file signature verification, file, and email encryption, SSH-authentication, etc
- Client software on a read-only volume
- Compatible with the original Signet device
Visit the crowdfunding page for more information on the Signet HC, and/or to pledge $80 for the 32GB USB drive. The Github page is accessible, but currently only contains resources for the first Signet USB security key and PCB files. The firmware is not ready to be released yet but will be published before the devices are shipped.