Share this project

Done

Share this project

Done
Encryption everywhere, for everything, and for everyone. ALL YOU NEED IS AN ONLYKEY AND A BROWSER TO COMMUNICATE SECURELY!
Encryption everywhere, for everything, and for everyone. ALL YOU NEED IS AN ONLYKEY AND A BROWSER TO COMMUNICATE SECURELY!
236 backers pledged $13,687 to help bring this project to life.

About

OnlyKey Quantum - Future Ready Encryption for Everyone project video thumbnail
Replay with sound
Play with
sound

OnlyKey Quantum - Future Ready Encryption for Everyone

$13,687

236

What is a prototype?

A prototype is a preliminary model of something. Projects that offer physical products need to show backers documentation of a working prototype. This gallery features photos, videos, and other visual documentation that will give backers a sense of what’s been accomplished so far and what’s left to do. Though the development process can vary for each project, these are the stages we typically see:

Proof of Concept

Explorations that test ideas and functionality.

Functional Prototype

Demonstrates the functionality of the final product, but looks different.

Appearance Prototype

Looks like the final product, but is not functional.

Design Prototype

Appearance and function match the final product, but is made with different manufacturing methods.

Production Prototype

Appearance, function, and manufacturing methods match the final product.

91be57818bacf59d2c88d012598dcf0d original.jpg?ixlib=rb 1.1

Prototype Gallery

These photos and videos provide a detailed look at this project’s development.

To bring future ready encryption everywhere, for everything, and for everyone.

It all started with a successful 2016 Kickstarter where we made OnlyKey, the perfect combination of security and convenience for managing secure passwords and two-factor authentication. We exceeded our goal 3x over and, one year later, OnlyKey Color is shipping worldwide.

OnlyKey Color
OnlyKey Color

Now, we are at it again and ready to take on the next challenge: Secure Encrypted Communication.

Current solutions for secure encrypted communication typically fall into one of three categories. 

1) Web-based with *private key stored in the cloud or browser.

Examples: Protonmail, keybase.io, Mailvelope

2) App-based with *private key stored on the device.

Examples: Signal, WhatsApp, Telegram, Keybase App

3) Software-based with *private key stored offline (smart card or token).

Examples: GnuPG, Thunderbird, Apple Mail / GPGTools

*A private key is essentially what is needed to view encrypted messages sent to you and to sign messages saying they are from you. If this key is compromised a hacker can send messages that appear to be from you and view all of your encrypted messages (Game over).

How secure are current solutions?

Security definitions: 

  • High – If your device gets hacked the key is inaccessible in offline storage. 

OnlyKey Quantum creates a new category - Web-based, App-based, or Software-based with High security.

Why a new category?

TL;DROnlyKey is a high security device, that does not require complicated software install (like all other high security devices do) making it available for non-technical users as well being powerful enough for technical users.

If you have ever tried to communicate securely online you would probably not describe the experience as convenient. So far, no other solution works practically everywhere or with everything. If it’s convenient, you are probably using an app and it may not be as secure as you think (see Medium and Low security). If it’s really secure you are probably using a smart card or token and it’s a hassle to set up or use on-the-go.

How OnlyKey is different from other smart cards/tokens?

Unlike other smart cards and tokens OnlyKey utilizes the U2F protocol to allow support on any browser that supports U2F. This provides the same security benefits of a smart card or token without the hassle.

In addition to not being complicated like smart cards and tokens, Onlykey also has additional security benefits.

  • Instead of unlocking the device by typing a pin code on the keyboard where it can be intercepted, the OnlyKey pin code is entered on the device itself, offline. 
Enter correct pin to unlock
Enter correct pin to unlock
Enter incorrect pin device flashes red
Enter incorrect pin device flashes red
  • For messages, OnlyKey requires a confirmation code to be entered on the device. So unlike smart cards and tokens, if OnlyKey is left plugged into a compromised computer, the messages are secure. 

This user presence prevents hackers, intelligence agencies or malware from accessing encrypted messages or impersonating a user.

Encryption Everywhere On-the-Go

It works practically everywhere and with everything. 

ALL YOU NEED IS AN ONLYKEY AND A BROWSER TO COMMUNICATE SECURELY ON THE GO

See OnlyKey WebCrypt in action

Securely encrypt messages anywhere with OnlyKey WebCrypt
Securely encrypt messages anywhere with OnlyKey WebCrypt
Securely decrypt messages anywhere with OnlyKey WebCrypt
Securely decrypt messages anywhere with OnlyKey WebCrypt

All that's required is a browser that supports Universal 2nd Factor: Google Chrome, Firefox, or Opera. That's it for requirements! Pretty simple. 

We are even building an Android app to support encryption in Chrome or Firefox for Android.

Encryption for Everyone

We are making the world's first universal encryption device that is future ready and works practically anywhere, with no typing commands or difficult set-up required. Plug it in and it works. It’s designed with the perfect balance of convenience and security in mind.

Encryption for Everything In-the-Browser

IT WORKS SEAMLESSLY - JUST HIGHLIGHT TEXT TO ENCRYPT

Sometimes you just need to send a secure message to a friend or coworker quickly and easily, or read an encrypted PGP message they sent you. With other secure devices that keep your key safe offline you will need to install a lot of complicated software, which may not even be an option if you are using a work computer where you are not allowed to do that. Using our OnlyKey Chrome extension, you can encrypt text in the browser simply by adding an extension to your browser. 

Then just highlight text to encrypt. To make this even easier you can add a list of friends (using Keybase) to whom you'd like to send encrypted messages. The message is encrypted and signed by your OnlyKey, and the encrypted text is sent over the chat or email of your choice. When your friend receives the message, they use their OnlyKey to decrypt or a different OpenPGP compatible solution.

See OnlyKey BrowserCrypt in action using the popular messenger Slack we can encrypt and decrypt messages right in the browser.

Highlight message to encrypt/sign and confirm on OnlyKey
Highlight message to encrypt/sign and confirm on OnlyKey
Confirm on OnlyKey to decrypt message
Confirm on OnlyKey to decrypt message

SEND ENCRYPTED MESSAGES BY FACEBOOK OR TWITTER HANDLE  

Keybase provides an open source API that allows looking up your friends by Facebook, Twitter, or email address. This allows us to make sending an encrypted message easier than ever. It also helps prevent accidentally sending an encrypted message to someone you think is your friend but is an imposter. Identity is a hard thing to prove online. Keybase provides proof that the person you are communicating with owns a certain Twitter handle, Facebook account, etc. One of the most important parts of secure communication is verifying the identity of the person with whom you are communicating, and Keybase has created a secure and easy way to do just that.

Now to communicate securely your friend can just look you up by your Facebook or Twitter username to send you a secure message through our apps.

ONLY YOU CAN DECRYPT YOUR MESSAGES WITH ONLYKEY

OnlyKey is PIN protected so only you can unlock your OnlyKey to read decrypted messages. OnlyKey also requires user physical touch (a 3-digit challenge code) to decrypt each message, so it takes a person (user presence) to decrypt messages with OnlyKey. This is notably different than secure messaging apps, tokens, or smartcards. With secure messaging apps, a hacker or intelligence agency that installs malware on a phone or laptop can read all of your messages without requiring user presence. With tokens and smartcards, a PIN is entered from software on the computer where malware can grab intercept the PIN. It does not require user presence. OnlyKey requires user presence to decrypt every message.

Expandable, Future-Ready Framework

You want a security device that works practically everywhere, with everything, now and in the future. Integration and adaptation are two areas where other security devices fall short and we want to fill the gap.

EASY INTEGRATION

We want to make it easy to integrate existing solutions with OnlyKey.

We are already considering many popular encryption apps and software that would be great to integrate with OnlyKey. Most of these products have one thing in common: they store your secret (private) key on the device/browser you are using, or in the cloud. If that location is hacked, then malware can steal your key and decrypt your secure messages.

Some possible integrations we're pursuing are:

  • OpenPGP browser extensions like Mailvelope - Popular extension for adding OpenPGP to Webmail. 
  • Keybase - As shown in the demo, we can already store the private key from Keybase on OnlyKey. However, Keybase has other apps with device keys that do things like encrypt local file storage, encrypted chat, and even encrypted Github repos. It's pretty amazing! If integrated, OnlyKey could store these device keys safely offline.
  • MyEtherWallet - A free, open-source, client-side interface for generating Ethereum wallets. - https://www.myetherwallet.com.
  • Protonmail - Popular open source encrypted email. 
  • GPG - We are already working on a GPG agent that would integrate with GPG to support multiple apps.

ADAPT

The future is not certain, but unlike other security solutions where users have to replace their devices when something new comes along, OnlyKey can adapt by allowing users to update its firmware.

THE CRYPTOPOCALYPSE IS COMING!

Current public-key algorithms, like RSA and ECC -- which means pretty much all secure communication online -- can be efficiently broken by a sufficiently large quantum computer. There are already quantum computers out there that we know about and probably more that we don’t. This is not just a theoretical threat. Here is a quote from the NSA:

“For those partners and vendors that have not yet made the transition to Suite B elliptic curve algorithms, we recommend not making a significant expenditure to do so at this point but instead to prepare for the upcoming quantum-resistant algorithm transition.” [emphasis added]

Our plan is to implement NewHope now and possibly SIDH. Once NIST makes their selection of the algorithm that will become the next standard we will implement this into OnlyKey.

WHAT’S THIS FUNDING FOR?

First and foremost, we want to hire out an independent 3rd party security review of OnlyKey to verify what we already know: OnlyKey hardware and software are secure.

Additionally, we will continue to develop, test, and release the following:

  • OnlyKey Desktop App - Standalone OnlyKey app for Windows, macOS, and Linux. This will replace the current Chrome app as Google announced that Chrome apps will no longer be supported. 
  • OnlyKey WebCrypt - OnlyKey web app supporting on-the-go encryption. 
  • OnlyKey BrowserCrypt - OnlyKey Chrome extension supporting in-the-browser encryption. 
  • OnlyKey Android App - Supporting Google Authenticator OTPs and U2F. Supporting U2F will also allow use of the OnlyKey web app. 
  • OnlyKey SSH/GPG Agent
  • OnlyKey Python App (command-line). 
  • Post-quantum crypto functionality (Stretch Goal $50,000+). 
  • Ethereum and Bitcoin functionality (Stretch Goal $120,000+ ). 

WHAT DOES ONLYKEY ALREADY DO?

As a two-factor token OnlyKey is the most universally supported on the market.

If you lose your OnlyKey, your data is safe as it is PIN protected and can't be used without the PIN. If anyone enters the wrong PIN too many times the data will self destruct. Secure backups of your data are easy to make and protected with the strongest encryption available.

OnlyKey has a long list of features on the product page here. It is already available for sale via Amazon or PayPal worldwide.

As a Password Manager, OnlyKey is better than storing passwords in browser or password apps.
NOT LIMITED TO BROWSER

If you can type the password, OnlyKey can type the password for you. Browser, app, computer, it's all the same to OnlyKey. Unlike software password managers, OnlyKey works anywhere a keyboard works, and can be used to enter the password to unlock your computer or pretty much any software or website that has a password.

SECURE OFFLINE STORAGE

What happens if you have really strong passwords all stored in a really secure password manager or app on your phone or computer and it gets hacked? It's simple: the hacker now has access to all of your passwords. The hacker may not even need control of your physical device if they hack a cloud based service like this.

OnlyKey is different because it stores passwords offline. The only way for you to access your passwords is to physically press a button on OnlyKey. Physical touch is something that malware or a hacker cannot do remotely.

When?

The project timeline is as follows:

Project Timeline
Project Timeline

Included Accessories 

Choose the case color that fits your style.

Case Color Choices
Case Color Choices

A new case color will also be released as part of this Kickstarter - Quantum White (white case with black text). 

Additionally, OnlyKey comes with a quick disconnect keychain and a quick reference card.

Risks and challenges

We do have a proven track record of delivering what we promise. In our last Kickstarter, we delivered the expected product AND exceeded expectations by designing custom OnlyKey hardware that is waterproof and durable.

After the Kickstarter, we continued to build new OnlyKey features and accessories like the colorful OnlyKey cases. This time around we do not have the challenge of developing hardware as the OnlyKey Color hardware is already complete. Our biggest challenge is building and testing the features/functionality. This is a big job with two primary goals. #1 Implement security controls to ensure confidentiality, integrity, and availability of user data. #2 Ensuring that features/functionality provide the best possible user experience.

To mitigate this risk, we have already built and continue to build security features that prevent common attack vectors. Sometimes this does require a tradeoff of usability. For example, OnlyKey allows you to write passwords/keys to the device but not read them back out. Being able to read the passwords from a device would be great in many instances for usability, but this would be really bad for security. A general rule of thumb is that if you can access some information on your computer then so can a hacker that hacks your computer. Its a simple concept that guides the design of OnlyKey features.

Additionally, to mitigate this risk we are currently open for proposals and looking for vendors with experience conducting security reviews on open source products.

Learn about accountability on Kickstarter

Questions about this project? Check out the FAQ

Support

  1. Select this reward

    Pledge US$ 1 or more About US$ 1.00

    All Access Pass

    You'll have access to all backer updates.

    Less
    Estimated delivery
    8 backers
    $
    Kickstarter is not a store.

    It's a way to bring creative projects to life.

    Learn more about accountability.
  2. Select this reward

    Pledge US$ 5 or more About US$ 5

    All Access Pass+

    We will send you a thank you email for your support. You'll also have access to all backer updates.

    Less
    Estimated delivery
    1 backer
    $
    Kickstarter is not a store.

    It's a way to bring creative projects to life.

    Learn more about accountability.
  3. Select this reward

    Pledge $9 or more About $9

    One OnlyKey Case

    Choose your style if you already have an OnlyKey. Available colors:

    - Stealth Black
    - Guardian Blue
    - Hacker Green
    - Resistance Red
    - Quantum White (NEW)

    Includes:
    • Choice of color case
    Less
    Estimated delivery
    Ships to Anywhere in the world
    3 backers
    $
    Kickstarter is not a store.

    It's a way to bring creative projects to life.

    Learn more about accountability.
  4. Select this reward

    Pledge $38 or more About $38

    EARLY BIRD SPECIAL: One OnlyKey Quantum

    First come first serve!

    Includes:
    • OnlyKey Quantum
    • Choice of color case
    • Quick reference guide
    • Quick disconnect keychain
    Less
    Estimated delivery
    Ships to Anywhere in the world
    Limited 47 backers
    $
    Kickstarter is not a store.

    It's a way to bring creative projects to life.

    Learn more about accountability.
  5. Select this reward

    Pledge $40 or more About $40

    One OnlyKey Quantum

    Solve your password management problems and communicate securely online.

    Includes:
    • OnlyKey Quantum
    • Choice of color case
    • Quick reference guide
    • Quick disconnect keychain
    Less
    Estimated delivery
    Ships to Anywhere in the world
    108 backers
    $
    Kickstarter is not a store.

    It's a way to bring creative projects to life.

    Learn more about accountability.
  6. Select this reward

    Pledge $42 or more About $42

    GIFT IDEA: One OnlyKey Quantum

    Need a gift for that guy or gal that has everything and loves cool technology. Guaranteed delivery by December 15th.

    Includes:
    • OnlyKey Quantum
    • Choice of color case
    • Quick reference guide
    • Quick disconnect keychain
    Less
    Estimated delivery
    Ships to Only United States
    Limited 27 backers
    $
    Kickstarter is not a store.

    It's a way to bring creative projects to life.

    Learn more about accountability.
  7. Select this reward

    Pledge $80 or more About $80

    Two OnlyKey Quantums

    Using OnlyKey's secure backup feature you can keep a primary OnlyKey and a backup.

    Less
    Estimated delivery
    Ships to Anywhere in the world
    31 backers
    $
    Kickstarter is not a store.

    It's a way to bring creative projects to life.

    Learn more about accountability.
  8. Select this reward

    Pledge $195 or more About $195

    FAMILY PACK: x5

    Keep the whole family secure online and securely communicate with this package.

    Includes:
    • OnlyKey Quantum
    • Choice of color case
    • Quick reference guide
    • Quick disconnect keychain
    Less
    Estimated delivery
    Ships to Anywhere in the world
    11 backers
    $
    Kickstarter is not a store.

    It's a way to bring creative projects to life.

    Learn more about accountability.
  9. Select this reward

    Pledge $570 or more About $570

    TEAM PACK: x15

    Time to take password management and two factor authentication off of the To Do list and onto the Done list with a convenience your team will love.

    Includes:
    • 15× OnlyKey Quantum
    • 15× Choice of color case
    • 15× Quick reference guide
    • Quick disconnect keychain
    Less
    Estimated delivery
    Ships to Anywhere in the world
    0 backers
    $
    Kickstarter is not a store.

    It's a way to bring creative projects to life.

    Learn more about accountability.
  10. Select this reward

    Pledge $1,520 or more About $1,520

    BUSINESS PACK: x40 OnlyKey Quantum

    Solve your business password management problems with a convenience your employees will love. A secure password policy is easy when users don’t have to remember any passwords. Make 2FA roll out a breeze.

    Includes:
    • 40× OnlyKey Quantum
    • 40× Choice of color case
    • 40× Quick reference guide
    • Quick disconnect keychain
    Less
    Estimated delivery
    Ships to Anywhere in the world
    0 backers
    $
    Kickstarter is not a store.

    It's a way to bring creative projects to life.

    Learn more about accountability.

Funding period

- (30 days)