Appearance and function match the final product, but is made with different manufacturing methods.

Looks like the final product, but is not functional.

Demonstrates the functionality of the final product, but looks different.

A prototype is a preliminary model of something. Projects that offer physical products need to show backers documentation of a working prototype. This gallery features photos, videos, and other visual documentation that will give backers a sense of what’s been accomplished so far and what’s left to do. Though the development process can vary for each project, these are the stages we typically see:

To bring future ready encryption everywhere, for everything, and for everyone.

It all started with a successful 2016 Kickstarter where we made OnlyKey, the perfect combination of security and convenience for managing secure passwords and two-factor authentication. We exceeded our goal 3x over and, one year later, OnlyKey Color is shipping worldwide.

OnlyKey Color

Now, we are at it again and ready to take on the next challenge: Secure Encrypted Communication.

Current solutions for secure encrypted communication typically fall into one of three categories.

1) Web-based with *private key stored in the cloud or browser.

Examples: Protonmail, keybase.io, Mailvelope

2) App-based with *private key stored on the device.

Examples: Signal, WhatsApp, Telegram, Keybase App

3) Software-based with *private key stored offline (smart card or token).

Examples: GnuPG, Thunderbird, Apple Mail / GPGTools

*A private key is essentially what is needed to view encrypted messages sent to you and to sign messages saying they are from you. If this key is compromised a hacker can send messages that appear to be from you and view all of your encrypted messages (Game over).

How secure are current solutions?

Security definitions:

High – If your device gets hacked the key is inaccessible in offline storage.

Low – Key is accessible in your browser or the cloud. A simple password phishing attack or browser vulnerability could allow an attacker to get your key. Example hack of private key in browser. Example for cloud credential phishing that even works if you use 2 factor authentication.

OnlyKey Quantum creates a new category - Web-based, App-based, or Software-based with High security.

Why a new category?

TL;DR – OnlyKey is a high security device, that does not require complicated software install (like all other high security devices do) making it available for non-technical users as well being powerful enough for technical users.

If you have ever tried to communicate securely online you would probably not describe the experience as convenient. So far, no other solution works practically everywhere or with everything. If it’s convenient, you are probably using an app and it may not be as secure as you think (see Medium and Low security). If it’s really secure you are probably using a smart card or token and it’s a hassle to set up or use on-the-go.

How OnlyKey is different from other smart cards/tokens?

Unlike other smart cards and tokens OnlyKey utilizes the U2F protocol to allow support on any browser that supports U2F. This provides the same security benefits of a smart card or token without the hassle.

In addition to not being complicated like smart cards and tokens, Onlykey also has additional security benefits.

Instead of unlocking the device by typing a pin code on the keyboard where it can be intercepted, the OnlyKey pin code is entered on the device itself, offline.

Enter correct pin to unlock

Enter incorrect pin device flashes red

For messages, OnlyKey requires a confirmation code to be entered on the device. So unlike smart cards and tokens, if OnlyKey is left plugged into a compromised computer, the messages are secure.

This user presence prevents hackers, intelligence agencies or malware from accessing encrypted messages or impersonating a user.

Encryption Everywhere On-the-Go

It works practically everywhere and with everything.

ALL YOU NEED IS AN ONLYKEY AND A BROWSER TO COMMUNICATE SECURELY ON THE GO

See OnlyKey WebCrypt in action

Securely encrypt messages anywhere with OnlyKey WebCrypt

Securely decrypt messages anywhere with OnlyKey WebCrypt

All that's required is a browser that supports Universal 2nd Factor: Google Chrome, Firefox, or Opera. That's it for requirements! Pretty simple.

We are even building an Android app to support encryption in Chrome or Firefox for Android.

Encryption for Everyone

We are making the world's first universal encryption device that is future ready and works practically anywhere, with no typing commands or difficult set-up required. Plug it in and it works. It’s designed with the perfect balance of convenience and security in mind.

Encryption for Everything In-the-Browser

IT WORKS SEAMLESSLY - JUST HIGHLIGHT TEXT TO ENCRYPT

Sometimes you just need to send a secure message to a friend or coworker quickly and easily, or read an encrypted PGP message they sent you. With other secure devices that keep your key safe offline you will need to install a lot of complicated software, which may not even be an option if you are using a work computer where you are not allowed to do that. Using our OnlyKey Chrome extension, you can encrypt text in the browser simply by adding an extension to your browser.

Then just highlight text to encrypt. To make this even easier you can add a list of friends (using Keybase) to whom you'd like to send encrypted messages. The message is encrypted and signed by your OnlyKey, and the encrypted text is sent over the chat or email of your choice. When your friend receives the message, they use their OnlyKey to decrypt or a different OpenPGP compatible solution.

See OnlyKey BrowserCrypt in action using the popular messenger Slack we can encrypt and decrypt messages right in the browser.

Highlight message to encrypt/sign and confirm on OnlyKey

Confirm on OnlyKey to decrypt message

SEND ENCRYPTED MESSAGES BY FACEBOOK OR TWITTER HANDLE

Keybase provides an open source API that allows looking up your friends by Facebook, Twitter, or email address. This allows us to make sending an encrypted message easier than ever. It also helps prevent accidentally sending an encrypted message to someone you think is your friend but is an imposter. Identity is a hard thing to prove online. Keybase provides proof that the person you are communicating with owns a certain Twitter handle, Facebook account, etc. One of the most important parts of secure communication is verifying the identity of the person with whom you are communicating, and Keybase has created a secure and easy way to do just that.

Now to communicate securely your friend can just look you up by your Facebook or Twitter username to send you a secure message through our apps.

ONLY YOU CAN DECRYPT YOUR MESSAGES WITH ONLYKEY

OnlyKey is PIN protected so only you can unlock your OnlyKey to read decrypted messages. OnlyKey also requires user physical touch (a 3-digit challenge code) to decrypt each message, so it takes a person (user presence) to decrypt messages with OnlyKey. This is notably different than secure messaging apps, tokens, or smartcards. With secure messaging apps, a hacker or intelligence agency that installs malware on a phone or laptop can read all of your messages without requiring user presence. With tokens and smartcards, a PIN is entered from software on the computer where malware can grab intercept the PIN. It does not require user presence. OnlyKey requires user presence to decrypt every message.

Expandable, Future-Ready Framework

You want a security device that works practically everywhere, with everything, now and in the future. Integration and adaptation are two areas where other security devices fall short and we want to fill the gap.

EASY INTEGRATION

We want to make it easy to integrate existing solutions with OnlyKey.

We are already considering many popular encryption apps and software that would be great to integrate with OnlyKey. Most of these products have one thing in common: they store your secret (private) key on the device/browser you are using, or in the cloud. If that location is hacked, then malware can steal your key and decrypt your secure messages.

Some possible integrations we're pursuing are:

OpenPGP browser extensions like Mailvelope - Popular extension for adding OpenPGP to Webmail.

Keybase - As shown in the demo, we can already store the private key from Keybase on OnlyKey. However, Keybase has other apps with device keys that do things like encrypt local file storage, encrypted chat, and even encrypted Github repos. It's pretty amazing! If integrated, OnlyKey could store these device keys safely offline.

MyEtherWallet - A free, open-source, client-side interface for generating Ethereum wallets. - https://www.myetherwallet.com.

Protonmail - Popular open source encrypted email.

GPG - We are already working on a GPG agent that would integrate with GPG to support multiple apps.

ADAPT

The future is not certain, but unlike other security solutions where users have to replace their devices when something new comes along, OnlyKey can adapt by allowing users to update its firmware.

THE CRYPTOPOCALYPSE IS COMING!

Current public-key algorithms, like RSA and ECC -- which means pretty much all secure communication online -- can be efficiently broken by a sufficiently large quantum computer. There are already quantum computers out there that we know about and probably more that we don’t. This is not just a theoretical threat. Here is a quote from the NSA:

“For those partners and vendors that have not yet made the transition to Suite B elliptic curve algorithms, we recommend not making a significant expenditure to do so at this point but instead to prepare for the upcoming quantum-resistant algorithm transition.” [emphasis added]

Our plan is to implement NewHope now and possibly SIDH. Once NIST makes their selection of the algorithm that will become the next standard we will implement this into OnlyKey.

WHAT’S THIS FUNDING FOR?

First and foremost, we want to hire out an independent 3rd party security review of OnlyKey to verify what we already know: OnlyKey hardware and software are secure.

Additionally, we will continue to develop, test, and release the following:

OnlyKey Desktop App - Standalone OnlyKey app for Windows, macOS, and Linux. This will replace the current Chrome app as Google announced that Chrome apps will no longer be supported.

- Standalone OnlyKey app for Windows, macOS, and Linux. This will replace the current Chrome app as Google announced that Chrome apps will no longer be supported. OnlyKey WebCrypt - OnlyKey web app supporting on-the-go encryption.



- OnlyKey web app supporting on-the-go encryption. OnlyKey BrowserCrypt - OnlyKey Chrome extension supporting in-the-browser encryption.



- OnlyKey Chrome extension supporting in-the-browser encryption. OnlyKey Android App - Supporting Google Authenticator OTPs and U2F. Supporting U2F will also allow use of the OnlyKey web app.



- Supporting Google Authenticator OTPs and U2F. Supporting U2F will also allow use of the OnlyKey web app. OnlyKey SSH/GPG Agent

OnlyKey Python App (command-line).



(command-line). Post-quantum crypto functionality (Stretch Goal $50,000+).

functionality (Stretch Goal $50,000+). Ethereum and Bitcoin functionality (Stretch Goal $120,000+ ).

WHAT DOES ONLYKEY ALREADY DO?

As a two-factor token OnlyKey is the most universally supported on the market.



If you lose your OnlyKey, your data is safe as it is PIN protected and can't be used without the PIN. If anyone enters the wrong PIN too many times the data will self destruct. Secure backups of your data are easy to make and protected with the strongest encryption available.

OnlyKey has a long list of features on the product page here. It is already available for sale via Amazon or PayPal worldwide.

As a Password Manager, OnlyKey is better than storing passwords in browser or password apps.

NOT LIMITED TO BROWSER

If you can type the password, OnlyKey can type the password for you. Browser, app, computer, it's all the same to OnlyKey. Unlike software password managers, OnlyKey works anywhere a keyboard works, and can be used to enter the password to unlock your computer or pretty much any software or website that has a password.

SECURE OFFLINE STORAGE

What happens if you have really strong passwords all stored in a really secure password manager or app on your phone or computer and it gets hacked? It's simple: the hacker now has access to all of your passwords. The hacker may not even need control of your physical device if they hack a cloud based service like this.

OnlyKey is different because it stores passwords offline. The only way for you to access your passwords is to physically press a button on OnlyKey. Physical touch is something that malware or a hacker cannot do remotely.

When?

The project timeline is as follows:

Project Timeline

Included Accessories

Choose the case color that fits your style.

Case Color Choices

A new case color will also be released as part of this Kickstarter - Quantum White (white case with black text).

Additionally, OnlyKey comes with a quick disconnect keychain and a quick reference card.