Skip to content

DiceKeys Seeding WebAuthN Authenticator Credentials

Latest
Compare
Choose a tag to compare
@conorpp conorpp released this 05 Nov 17:37
5.0.0

This is a modified build of Solo that implements Seeding WebAuthN Authenticator Credentials.

This build is programmed into Solo devices distributed by the DiceKeys campaign, but you can program it onto any Hacker device.

Normally to program Solo, a normal update process is followed using the Solo bootloader. But to program with this modified build, you must use our "DFU" process. It's recommended to run this on Linux or MacOS. On Windows, you will need to install libusb driver for the device in DFU which can be problematic.

Install libusb on MacOs:

brew install libusb libusb-compat 

Install libusb on debian:

sudo apt-get install libusb-1.0-0 

Updating a Solo Hacker to a DiceKeys enabled build

First, you must install solo-python, which is our command line tool that will enable an update to be applied to a Solo. Then, run the following commands

  1. Put the device into Solo bootloader first. The device will have a fast flashing yellow/orange LED in this mode.
solo program aux enter-bootloader
  1. Then put the deivce into DFU mode. In this mode, the LED will be completely off. Don't worry, the device is still working.
solo program aux enter-dfu
  1. Now let's apply the firmware update.
solo program dfu bundle-hacker-5.0.0.hex
  1. Then reboot the key.
solo program aux leave-dfu

That's it! Now you can use the device with DiceKeys software to write your DiceKey seed.

Securing the device

If you would like to secure the device further, you may program the bundle-secure-non-solokeys-5.0.0.hex firmware instead. The firmware is the same, except it will prevent further any updates from being applied. This is permanent. This prevents a bad actor from programming your Solo with custom code to read out your secret seed.

solo program bundle-secure-non-solokeys-5.0.0.hex

Notes

This device supports FIDO2 resident keys (RK), but please be aware that credentials created as resident keys cannot be backed up and won't be restore by your DiceKeys seed. If you're only using your Solo as a 2FA option, then you don't need to worry about this.