| Standard | FIPS 140-3 |
|---|---|
| Overall level | 1 |
| Module type | Hardware |
| Embodiment | Single Chip |
| Status | Active |
| Sunset date | 10/22/2030 |
| Caveat | None |
| Vendor | Google, LLC. |
| Algorithm | ACVP Cert |
|---|---|
| AES-CBC | A5101 |
| AES-ECB | A5101 |
| ECDSA KeyGen (FIPS186-4) | A5101 |
| ECDSA KeyVer (FIPS186-4) | A5101 |
| ECDSA SigGen (FIPS186-4) | A5101 |
| ECDSA SigVer (FIPS186-4) | A5101 |
| HMAC DRBG | A5101 |
| HMAC-SHA2-256 | A2352 |
| KAS-ECC-SSC Sp800-56Ar3 | A5101 |
| KDA HKDF SP800-56Cr2 | A5101 |
| SHA2-256 | A2352 |
| Requirement area | Level |
|---|---|
| Cryptographic Module Specification | 2 |
| Cryptographic Module Interfaces | 3 |
| Roles, Services, and Authentication | 4 |
| Software/Firmware Security | 5 |
| Operational Environment | 6 |
| Physical Security | 7 |
| Self-Tests | 1 |
| Life-Cycle Assurance | 1 |
flowchart LR
%% Deterministic review-risk graph for OpenSK Cryptographic Module
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>Vendor_Upgrade</i>"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Data Encryption/Decryptio n<br/>Wink Command<br/>FIDO U2F: U2F_Register</i>"]
C4["[high] Physical/logical<br/>interfaces (some 'blocked<br/>in firmware')<br/><i>USB pins (D+ and D-)</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>IPSEC<br/>no library/version identified</i>"]
end
subgraph Inference["Derived inference"]
I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I4["Interface reachability may<br/>vary by boot stage and<br/>lifecycle state."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R4["Are interfaces blocked<br/>before the bootloader<br/>runs, or only after<br/>approved mode starts?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
end
subgraph Evidence["Evidence needed to close"]
E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E4["lifecycle reachability<br/>matrix · boot-stage<br/>interface timing ·<br/>factory/recovery/error-state<br/>access controls"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C4 --> I4 --> R4 --> E4
C5 --> I5 --> R5 --> E5
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C4,C5 clue;
class I2,I3,I4,I5 infer;
class R2,R3,R4,R5 risk;
class E2,E3,E4,E5 evidence;flowchart LR
%% Deterministic clue tier for OpenSK Cryptographic Module
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[high] Firmware update / recovery / rollback services<br/><i>Vendor_Upgrade</i><br/>src: securityPolicy.services"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>Data Encryption/Decryptio n<br/>Wink Command<br/>FIDO U2F: U2F_Register</i><br/>src: securityPolicy.services"]
C4["[high] Physical/logical interfaces (some 'blocked in firmware')<br/><i>USB pins (D+ and D-)</i><br/>src: securityPolicy.portsAndInterfaces"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>IPSEC<br/>no library/version identified</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C3,C4 clueHigh;
class C5 clueLow;Google, LLC. OpenSK Cryptographic Module Document Version 1.0 October 15th, 2025 Prepared by: www.lightshipsec.com Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
OpenSK Cryptographic Module Table of Contents Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
OpenSK Cryptographic Module Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
OpenSK Cryptographic Module List of Tables List of Figures Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
| Name | ISO Section | Requirement | Level |
|---|---|---|---|
| 1 | 1 | General | 1 |
| 2 | 2 | Cryptographic module specification | 1 |
| 3 | 3 | Cryptographic module interfaces | 1 |
| 4 | 4 | Roles, services, and authentication | 1 |
| 5 | 5 | Software/Firmware security | 1 |
| 6 | 6 | Operational environment | 1 |
| 7 | 7 | Physical security | 3 |
| 8 | 8 | Non-invasive security | N/A |
| 9 | 9 | Sensitive security parameter management | 1 |
| 10 | 10 | Self-tests | 1 |
| 11 | 11 | Life-cycle assurance | 1 |
| 12 | 12 | Mitigation of other attacks | 1 |
| Overall Level | Overall Level | 1 |
This document is the non-proprietary FIPS 140-3 Security Policy for the Google, LLC. OpenSK Cryptographic Module (running firmware version 4.0.2), hereafter referred to as, “the module”. It contains the security rules under which the module must operate and describes how the module meets the requirements as specified in FIPS PUB 140-3 for
The table below describes the individual security areas of FIPS 140-3, as well as the Security Levels of those individual areas. N/A Table 1: Security Levels Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
Purpose and Use: The module is a USB 1.1/2.0 compliant Client To Authenticator Protocol (CTAP) 2.1 token, instantiated as a single chip hardware module, used for first or second factor authentication. It is also backwards compatible with Universal 2nd Factor (U2F, also known as CTAP1). CTAP standardizes how request and response messages are sent over the USB transport to the CTAP key. After registration, a user can use their Security Key with an origin-specific key pair across all online services that implement WebAuthn. CTAP and WebAuthn are both part of FIDO2, a set of standards for online authentication. The Security Key performs two operations that focus on authentication (with a backwards compatible alternative): MakeCredential (or U2F Register) associates a key pair (or credential) with an origin, google.com here, while GetAssertion (or U2F Authenticate), verifies that signature with the Titan Security Key, Chip Boundary to prove physical possession of the hardware second factor. Then, and only then, is the User able to authenticate to Google services. In addition, CTAP 2.1 provides functionality related to this process: GetInfo lists information about the Security Key. ClientPin allows setting up a PIN to unlock some of the Security Key commands. Reset performs a factory reset by deleting all stored user data, including credentials. CredentialManagement allows listing and deleting existing credentials. Selection performs a user presence check, so users can indicate what device they want to use. LargeBlobs lets you read and write a binary string to store inside the security key. There are two custom commands that are not part of the CTAP specification. Both are used for upgrading the firmware: One that provides detailed information about the running firmware version, and the other to send the new, signed firmware binary. The chip runs a version of OpenSK that manages all access control, cryptographic algorithms and the life cycle of all keys. OpenSK is an app running on top of a version of TockOS, which manages all low-level resources. Module Type: Hardware Module Embodiment: SingleChip Module Characteristics: Cryptographic Boundary: The cryptographic boundary of the module is the outer perimeter of the chip, as shown in the figures below. Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
| Name | Model | Hardware Version | Firmware Version | Processor |
|---|---|---|---|---|
| OpenSK Cryptographic Module | OpenSK Cryptographic Module | H1B2G | OpenSK 4.0.2 | N/A |
Figure 1: OpenSK Cryptographic Module (Block Diagram) Figure 2: OpenSK Cryptographic Module (Front and Back) Tested Operational Environment’s Physical Perimeter (TOEPP): The module is a single-chip module as defined by FIPS 140-3. The hardware version of the module is H1B2G.
Tested Module Identification
OpenSK Cryptographic Module Table 2: Tested Module Identification
There are no components within the cryptographic boundary that are excluded from the FIPS 140-3 security requirements.
Modes List and Description: The table below details the Modes of Operation supported by the module. Table 3: Modes List and Description Mode Change Instructions and Status: The module implements only one mode of operation, the approved mode, in which the approved services are available. No configuration is necessary for the module to operate and remain in the approved mode. After passing all pre-operational self-tests and cryptographic algorithm self-tests executed on start-up, the module automatically transitions to the approved mode.
Approved Algorithms: The table below lists all the Approved Algorithms supported by the module. Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
| Name | CAVP Cert | Reference |
|---|---|---|
| AES-CBC | A5101 | SP 800-38A |
| AES-ECB | A5101 | SP 800-38A |
| ECDSA KeyGen (FIPS186-4) | A5101 | FIPS 186-4 |
| ECDSA KeyVer (FIPS186-4) | A5101 | FIPS 186-4 |
| ECDSA SigGen (FIPS186-4) | A5101 | FIPS 186-4 |
| ECDSA SigVer (FIPS186-4) | A5101 | FIPS 186-4 |
| HMAC DRBG | A5101 | SP 800-90A Rev. 1 |
| HMAC-SHA2-256 | A2352 | FIPS 198-1 |
| HMAC-SHA2-256 | A5101 | FIPS 198-1 |
| KAS-ECC-SSC Sp800-56Ar3 | A5101 | SP 800-56A Rev. 3 |
| KDA HKDF SP800-56Cr2 | A5101 | SP 800-56C Rev. 2 |
| SHA2-256 | A2352 | FIPS 180-4 |
| SHA2-256 | A5101 | FIPS 180-4 |
| Name | Properties | Implementation | I | |||
|---|---|---|---|---|---|---|
| CKG | CKG:Cryptographic Key Generation Publication:NIST SP 800-133r2 Sections 4, 5, and 6 | Titan OpenSK Gnubby cryptographic library | FIPS 140-3 IG D.H | |||
| KDF | KDF:Asymmetric Key Derivation Method | Titan OpenSK Gnubby cryptographic library | N/A | |||
| LargeBlobKey FIDO extension | FIPS 140-3 IG 2.4.A |
| Name | Properties | Implementation | I | |||
|---|---|---|---|---|---|---|
| CKG | CKG:Cryptographic Key Generation Publication:NIST SP 800-133r2 Sections 4, 5, and 6 | Titan OpenSK Gnubby cryptographic library | FIPS 140-3 IG D.H | |||
| KDF | KDF:Asymmetric Key Derivation Method | Titan OpenSK Gnubby cryptographic library | N/A | |||
| LargeBlobKey FIDO extension | FIPS 140-3 IG 2.4.A |
| Name | Properties | Implementation | I | |||
|---|---|---|---|---|---|---|
| CKG | CKG:Cryptographic Key Generation Publication:NIST SP 800-133r2 Sections 4, 5, and 6 | Titan OpenSK Gnubby cryptographic library | FIPS 140-3 IG D.H | |||
| KDF | KDF:Asymmetric Key Derivation Method | Titan OpenSK Gnubby cryptographic library | N/A | |||
| LargeBlobKey FIDO extension | FIPS 140-3 IG 2.4.A |
Table 4: Approved Algorithms Vendor-Affirmed Algorithms: The table below lists all the Vendor-Affirmed Algorithms supported by the module. D.H Table 5: Vendor-Affirmed Algorithms Non-Approved, Allowed Algorithms: The table below lists all the Non-Approved, Allowed Algorithms supported by the module. N/A Table 6: Non-Approved, Allowed Algorithms Non-Approved, Allowed Algorithms with No Security Claimed: The table below lists all the Non-Approved, Allowed Algorithms with No Security Claimed. Table 7: Non-Approved, Allowed Algorithms with No Security Claimed The module supports largeBlobKey FIDO extension functionality where an external party can encode an arbitrary string of bits on the device. No security is claimed for this encoded arbitrary data is considered the equivalent to plaintext. Non-Approved, Not Allowed Algorithms: The module does not support any Non-Approved Algorithms that are not Allowed in the Approved Mode of Operation. Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
| Name | Description | Approved Functions | Type | Properties |
|---|---|---|---|---|
| Data Encryption/Decryptio n | Symmetric Encryption/Decryptio n | AES-CBC: (A5101) AES-ECB: (A5101) | BC-UnAuth | Publication:NIS T SP 800-38A |
| Asymmetric Key Generation | Asymmetric Key Pair Generation and Verification | ECDSA KeyGen (FIPS186-4): (A5101) ECDSA KeyVer (FIPS186-4): (A5101) CKG: () CKG: Cryptographi c Key Generation Publication: NIST SP 800-133r2 Sections 4, 5, and 6 | AsymKeyPair -KeyGen AsymKeyPair -KeyVer | Publication:FIP S 186-4 Publication: NIST SP 800- 133r2 |
| Digital Signature | Digital Signature Generation and Verification | ECDSA SigGen (FIPS186-4): (A5101) ECDSA SigVer (FIPS186-4): (A5101) | DigSig- SigGen DigSig- SigVer | Publication:FIP S 186-4 |
| Deterministic Random Bit Generation | Deterministic Random Bit Generation | HMAC DRBG: (A5101) | DRBG | Publication:SP 800-90Ar1 |
| Message Authentication FW | MAC Generation and Verification | HMAC- SHA2-256: (A5101) | MAC | Publication:FIP S 198-1 |
| Key Agreement ECC | Key Agreement | KAS-ECC- SSC Sp800- 56Ar3: (A5101) | KAS-SSC | Publication:NIS T SP 800- 56Ar3 |
| Key Derivation Function | Key Derivation Function | KDA HKDF SP800- 56Cr2: (A5101) | KBKDF | Publication:NIS T SP 800- 56Cr2 |
| Message Digest FW | Hashing | SHA2-256: (A5101) | SHA | Publication:FIP S 180-4 |
| Message Authentication | MAC Generation and Verification | HMAC- SHA2-256: (A2352) | MAC | Publication:FIP S 198-1 |
| Message Digest | Hashing | SHA2-256: (A2352) | SHA | Publication:FIP S 180-4 |
| Key Transport | Key Transport | AES-CBC: (A5101) HMAC- SHA2-256: (A5101) | KTS-Wrap | Publication:FIP S 140-3 IG D.G |
| Symmetric Key Generation | Symmetric Key Generation | CKG: () CKG: Cryptographi c Key Generation Publication: NIST SP 800-133r2 Sections 4, 5, and 6 | CKG | Publication:NIS T SP 800-133r2 |
OpenSK Cryptographic Module N/A for this module.
The table below lists the Security Function Implementations supported by the module. n n DigSigSigGen DigSigSigVer T SP 80056Ar3 T SP 80056Cr2 HMACSHA2-256: KAS-ECCSSC Sp80056Ar3: SP80056Cr2: Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
| Name | Type | Strength | Operational Environment | Conditioning Component | |
|---|---|---|---|---|---|
| Titan Security Key TRNG Implementation | Physical | 256 bits | Google H1B2 | 256 bits | A2352 (SHA2- 256) |
OpenSK Cryptographic Module HMACSHA2-256: HMACSHA2-256: Table 8: Security Function Implementations
There is no algorithm specific information. The tables below detail the modules ESV information. Table 9: Entropy Certificates Table 10: Entropy Sources The module generates a minimum of 256 bits of entropy for key generation. Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
The module generates Keys and SSPs in accordance with FIPS 140-3 IG D.H. The cryptographic module performs Cryptographic Key Generation (CKG) for asymmetric keys as per SP 800-133r2 (vendor affirmed), compliant with FIPS 186-4, and using DRBG compliant with SP 800-90A]. A seed (the random value) used in asymmetric key generation is obtained from SP 800-90A DRBG. The key generation service for ECDSA, as well as the SP 800-90A DRBG have been ACVP tested with algorithm certificates found in Approved Algorithms Table.
The module provides SP 800-56Arev3 compliant key establishment according to FIPS 140-3 IG D.F scenario 2 path (1) with ECDH shared secret computation. A Hash-Based KDF specified in NIST SP 800-56Crev2 is used as the Key Derivation Algorithm. The module provides key transport according to FIPS 140-3 IG D.G using an approved key wrapping technique based on AES-CBC and HMAC-SHA2-256.
The module does not implement any industry protocols. Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
| Name | Physical Port | Logical Interface | Data That Passes |
|---|---|---|---|
| USB pins (D+ and D-) | USB pins (D+ and D-) | Data Input Data Output Control Input Status Output | HID command and parameters for data, HID input parameters for control |
| LED pins | LED pins | Status Output | Signals (high/low) |
| VDD pins | VDD pins | Power | Power |
| GND pins | GND pins | Control Input | N/A |
| RST pins | RST pins | Control Input | N/A |
| BoardID pins | BoardID pins | Status Output | Status values |
| CAPTOUCH pins | CAPTOUCH pins | Control Input | Circuit (high/low) |
| NC (Not Connected) | NC (Not Connected) | None | N/A |
The table below details the module Ports and Interfaces. D-) N/A N/A N/A Table 11: Ports and Interfaces All communication between the module and a host device is conducted in accordance with the U2F and CTAP protocol. The U2F protocol is based on a request-response mechanism, where a requester sends a request message to a U2F device, which always results in a response message being sent back from the U2F device to the requester. All request-response messages are framed in ISO7816-4:2005 APDU format. This specifies how to transport the raw message and any error codes if the command failed. The CTAP2 protocol supports longer messages using CTAPHID. The CTAPHID messages are encoded in CBOR. Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
| Name | Description | Role Access | Csps Accessed | Approved Functions | Indicator | Type | Input | Output | Authentication Methods |
|---|---|---|---|---|---|---|---|---|---|
| Crypto Officer | CO | Role | None | ||||||
| User | User | Role | None | ||||||
| Initialization | Connect to host over USB | Crypto Officer | None | N/A | None | None | |||
| Wink Command | Comma nd issued to device to blink LEDs | Crypto Officer | None | N/A | APDU over HID comma nd | Status output to LED pin | |||
| FIDO U2F: U2F_Register | Create a U2F credenti al | User - DRBG Entropy Input: G,E - DRBG Seed: E - DRBG V: E - DRBG Key: E - | Asymmetric Key Generation Digital Signature Deterministic Random Bit Generation Message Digest FW Key Transport | Succes s or Fail | APDU over HID comma nd and parame ters | APDU over HID comm and respon se / Status output to LED pin |
| Name | Description | Role Access | Csps Accessed | Approved Functions | Indicator | Type | Input | Output | Authentication Methods |
|---|---|---|---|---|---|---|---|---|---|
| Crypto Officer | CO | Role | None | ||||||
| User | User | Role | None | ||||||
| Initialization | Connect to host over USB | Crypto Officer | None | N/A | None | None | |||
| Wink Command | Comma nd issued to device to blink LEDs | Crypto Officer | None | N/A | APDU over HID comma nd | Status output to LED pin | |||
| FIDO U2F: U2F_Register | Create a U2F credenti al | User - DRBG Entropy Input: G,E - DRBG Seed: E - DRBG V: E - DRBG Key: E - | Asymmetric Key Generation Digital Signature Deterministic Random Bit Generation Message Digest FW Key Transport | Succes s or Fail | APDU over HID comma nd and parame ters | APDU over HID comm and respon se / Status output to LED pin |
The module does not support authentication for roles. N/A for this module.
The module supports two roles that an operator may assume: Crypto Officer (CO) role and User role. Roles are assumed implicitly based on the service accessed. The table below lists the roles supported by the module. Table 12: Roles
The table below lists all approved services supported by the module. The abbreviations of the access rights to keys and SSPs have the following interpretation: G = Generate: The module generates or derives the SSP. R = Read: The SSP is read from the module (e.g., the SSP is output). W = Write: The SSP is updated, imported, or written to the module. E = Execute: The module uses the SSP in performing a cryptographic operation. Z = Zeroise: The module zeroises the SSP. N/A N/A V: E Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
| Name | Csps Accessed | Descrip | Indicat | Outpu | Security | ||
|---|---|---|---|---|---|---|---|
| tion | Access | tion | or | ts | Functions | ||
| Symmetric Key Generation | Symmetric Key Generation | Individual Attestatio n Determini stic Seed: G,E - Individual Attestatio n Signing (Private) Key: G,E - Batch Attestatio n Determini stic Seed: G,E - Batch Attestatio n Signing (Private) Key: G,E - Personalit y Determini stic Seed: G,E - Key Handle Encryptio n Key: G - Key Handle Authentic ation Determini stic Seed: G,E - Key Handle Authentic ation Key: G - U2F/Serv er-Side Determini |
OpenSK Cryptographic Module n G,E n G,E y G,E G,E G Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
| Name | Description | Csps Accessed | Approved Functions | Indicator | Input | Output |
|---|---|---|---|---|---|---|
| FIDO U2F: U2F_Authenticate | Sign to Authenti cate | User - DRBG Entropy Input: G,E - DRBG Seed: E - DRBG V: E - DRBG Key: E - Key Handle Encryptio n Key: E - Key Handle Authentic ation Key: E | Data Encryption/Dec ryption Digital Signature Deterministic Random Bit Generation Message Authentication FW Message Digest FW | Succes s or Fail | APDU over HID comma nd and parame ters | APDU over HID comm and respon se / Status output to LED pin |
| FIDO U2F: U2F_Version | Show U2F version string | User | None | Succes s or Fail | APDU over HID comma nd | APDU over HID comm and respon se / Status output to LED pin |
| FIDO2_Make_Credent ial | Create a FIDO2 credenti al | User - DRBG Entropy Input: G,E - DRBG Seed: E - DRBG V: E - DRBG Key: E - Resident Signing (Private) Keys: G - PIN UV Auth Token: R,E - FIDO2/Se rver-Side Determini stic Seed: W,E - FIDO2/Se rver-Side Signing (Private) Keys : G | Data Encryption/Dec ryption Asymmetric Key Generation Deterministic Random Bit Generation Key Transport | Succes s or Fail | CTAP HID comma nd and parame ters | CTAP HID comm and respon se / Status output to LED pin |
| FIDO2_Get_Assertion | Sign to Authenti cate | User - DRBG Entropy Input: G,E - DRBG Seed: E - DRBG V: E - DRBG Key: E - Key Handle Encryptio n Key: E - Key Handle Authentic ation Key: E - U2F/Serv er-Side Signing (Private) Keys (Legacy): E - Resident Signing (Private) Keys: E - PIN UV Auth Token: E - CredRand om Determini stic Seed: | Data Encryption/Dec ryption Asymmetric Key Generation Digital Signature Deterministic Random Bit Generation Message Authentication FW Key Derivation Function Message Digest FW Key Transport Symmetric Key Generation | Succes s or Fail | CTAP HID comma nd and parame ters | CTAP HID comm and respon se / Status output to LED pin |
| FIDO2_Get_Next_Ass ertion | Sign to Authenti cate a different credenti al | User - DRBG Entropy Input: G,E - DRBG Seed: G,E - DRBG V: G,E - DRBG Key: G,E - Key Handle Encryptio n Key: E - Key Handle Authentic ation Key: E - | Data Encryption/Dec ryption Asymmetric Key Generation Digital Signature Deterministic Random Bit Generation Message Authentication FW Key Derivation Function Message Digest FW Key Transport Symmetric Key Generation | Succes s or Fail | CTAP HID comma nd | CTAP HID comm and respon se / Status output to LED pin |
| FIDO2_Get_Info | Show device informati on | User | None | Succes s or Fail | CTAP HID comma nd | CTAP HID comm and respon |
| FIDO2_Client_Pin | Setup / Change / Use a PIN | User - DRBG Entropy Input: G,E - DRBG Seed: E - DRBG V: E - DRBG Key: E - PIN Protocol Agreeme nt Key: G,E - PIN Protocol Deriving Z: G,E - PIN Protocol Encryptio n Key: G,E - PIN Protocol Authentic ation Key: G,E - PIN UV Auth Token: G,R,E - PIN: W - PIN Hash: E - PIN Hash Attemp: W - Pin Protocol Agreeme nt (Public) Key: G,R - PIN | Data Encryption/Dec ryption Asymmetric Key Generation Deterministic Random Bit Generation Message Authentication FW Key Agreement ECC Key Derivation Function Message Digest FW Key Transport | Succes s or Fail | CTAP HID comma nd and parame ters | CTAP HID comm and respon se / Status output to LED pin |
| FIDO2_Reset | Factory reset | User - DRBG Entropy Input: Z - DRBG Seed: Z - DRBG V: Z - DRBG Key: Z - Personalit y Determini stic Seed: Z - Individual Attestatio n Determini stic Seed: Z - Batch Attestatio n Determini stic Seed: Z - Key Handle Authentic ation Determini stic Seed: Z - Batch Attestatio n Signing (Private) Key: Z - Individual Attestatio n Signing | None | Module reset to factory | CTAP HID comma nd | CTAP HID comm and respon se / Status output to LED pin |
OpenSK Cryptographic Module W,E G G,R :R V: E E Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
OpenSK Cryptographic Module E V: E R,E W,E Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
OpenSK Cryptographic Module V: E E E Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
OpenSK Cryptographic Module G,E W,E R G,E V: G,E E Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
OpenSK Cryptographic Module E G,E W,E R Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
OpenSK Cryptographic Module V: E G,E Z: G,E G,E G,E G,R,E W Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
OpenSK Cryptographic Module V: Z y Z n Z n Z Z Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
| Name | Csps Accessed | Descrip | Indicat | Outpu | Security |
|---|---|---|---|---|---|
| tion | Access | tion | or | ts | Functions |
| tion | Access | tion | or | ts | Functions |
OpenSK Cryptographic Module Z Z Z: Z Z Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
OpenSK Cryptographic Module Z Z Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
| Name | Description | Csps Accessed | Approved Functions | Indicator | Input | Output |
|---|---|---|---|---|---|---|
| FIDO2_Credential_Ma nagement | Enumer ate and delete credenti als | User - PIN UV Auth Token: E,Z - FIDO2/Se rver-Side Signing (Public) Keys: R | None | Succes s or Fail | Succes s or Fail | CTAP HID comm and respon se / Status output to LED pin |
| FIDO2_Selection | Touch to choose device | User | None | Succes s or Fail | CTAP HID comma nd | Status output to LED pin |
| FIDO2_Large_Blobs | Store binary data | User - PIN UV Auth Token: E | None | Succes s or Fail | CTAP HID comma nd and parame ters | CTAP HID comm and respon se / Modul e status |
| Vendor_Upgrade | Firmwar e upgrade | Crypto Officer | Digital Signature | Succes s or Fail | CTAP HID comma nd and parame ters | Status Output |
| Vendor_Sysinfo | Show vendor specific informati on | Crypto Officer | None | Return module version informa tion | CTAP HID comma nd | CTAP HID comm and respon se / Modul e status |
| Show Status | Return the module status | User | None | None | None | Modul e status |
| On-Demand Self-test | Initiate on- demand self- tests by reboot or power cycle | Crypto Officer | Data Encryption/Dec ryption Asymmetric Key Generation Digital Signature Deterministic Random Bit Generation Message Authentication FW Key Agreement ECC Key Derivation Function Message Digest FW Message Authentication Message Digest | None | None | Pass or Fail |
OpenSK Cryptographic Module e Z Z Z E,Z Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
OpenSK Cryptographic Module e ondemand selftests by e e Table 13: Approved Services Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
The module does not support any Non-Approved Services. N/A for this module.
The module supports external firmware loaded for upgrades. An Approved ECDSA Signature Verification (P-256, SHA2-256) firmware load test operation is performed prior to a firmware upgrade. Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
The integrity of the executable firmware is verified by comparing a SHA2-256 digest calculated at boot time with the SHA2-256 digest value stored in the module that was computed at build time.
The integrity test is performed as part of the pre-operational self-tests, which are executed when the module is initialized. The integrity test can be invoked on demand via reboot or power-cycle the module, which will perform (among others) the firmware integrity test. Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
Type of Operational Environment: Limited How Requirements are Satisfied: The limited modifiable operational environment of the module prevents users from accessing secret keys, private keys or SSPs which they are not authorized to access. There was no logical or physical access to the SSPs. The module is designed to accept only controlled firmware changes that successfully pass the software/firmware load test. Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
| Mechanism | Inspection | Inspection Guidance | ||
|---|---|---|---|---|
| Frequency | ||||
| N/A | N/A | N/A |
| Temp/Voltage Type | Temperature or Voltage | EFP or EFT | Result | |
|---|---|---|---|---|
| LowTemperature | -20° C | EFT | Environmental Failure | |
| HighTemperature | 85° C | EFT | Environmental Failure | |
| LowVoltage | 2V | EFT | Environmental Failure | |
| HighVoltage | 6V | EFT | Environmental Failure |
| Temperature | Temperature | |
|---|---|---|
| Type | ||
| LowTemperature | -5°C | |
| HighTemperature | +70°C |
The table below details the Physical Security Mechanisms supported by the module. N/A N/A N/A Table 14: Mechanisms and Actions Required The module has a single-chip embodiment that employs standard passivation techniques and meets commercial grade specs regarding power and voltage ranges, temperature, reliability, and shock/vibration. The module is encased in an opaque, tamper-evident, removal-resistant IC packaging material which cannot be removed or penetrated without causing serious damage to the module (i.e. the module will not function). The table below details the module Environmental Failure Testing information. Table 15: EFP/EFT Information
The table below details the module Hardness Testing Temperature Ranges. Table 16: Hardness Testing Temperatures Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
Currently, the ISO/IEC 19790:2012 non-invasive security area is not required by FIPS 140-3 (see NIST SP 800-140F). The requirements of this area are not applicable to the module. Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
| Name | Type | Description |
|---|---|---|
| RAM | Dynamic | Random Access Memory |
| Flash | Static | Flash Memory |
| Name | Type | From | To | |||
|---|---|---|---|---|---|---|
| PSP Export | Plaintext | RAM | Outside | N/A | N/A | |
| PIN Protocol Output | Encrypted | RAM | Outside | Automated | Electronic | Key Transport |
| Zeroization | Description | Rationale | Operator Initiation | |
|---|---|---|---|---|
| Method | ||||
| Reboot | Zeroisation when module is rebooted | Keys are procedurally zeroised by rebooting the module, which is acceptable at Security Level 1 | Crypto Officer by rebooting the host system | |
| Reset command | Zeroisation when the module is reset | Keys are automatically zeroised by resetting the module, which is acceptable at Security Level 1 | Crypto Officer or User by resetting the module | |
| Remove power | Zeroisation when power is removed from the module | Keys are procedurally zeroised by rebooting the module, which is acceptable at Security Level 1 | Crypto Officer by removing power |
The table below lists Sensitive Security Parameters (SSPs) storage areas for the module. Section 9.4 below selects from the storage areas listed and specifies the appropriate parameter in the “Storage” column if applicable to a specific SSP. Table 17: Storage Areas
The table below lists SSP input and output methods for the module. Section 9.4 below selects from the input and output methods listed and specifies the appropriate parameter in the “Inputs/Outputs” column if applicable to a specific SSP. N/A N/A Table 18: SSP Input-Output Methods
The table below lists SSP zeroisation methods for this module. Section 9.4 below selects from the zeroisation methods listed and specifies the appropriate parameter in the “Zeroization” column if applicable to a specific SSP. Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
| Name | Type | Description | Strength | Generation | Establishment | Use | Size - Strengt h |
|---|---|---|---|---|---|---|---|
| DRBG Entropy Input | DRBG Parameter - CSP | Input bitstring that provides an assessed minimum amount of unpredictab ility for the DRBG mechanism | 256 - 256 | Factory Loaded and Internal TRNG | Deterministic Random Bit Generation | ||
| DRBG Seed | Seed - CSP | A string of bits that is used as input to a DRBG mechanism | 256 - 256 | Deterministic Random Bit Generation | |||
| DRBG V | Internal Value - CSP | Secret value of the DRBG internal state | N/A - N/A | Deterministic Random Bit Generation | |||
| DRBG Key | Symmetric Key - CSP | Secret value of the DRBG internal state | N/A - N/A | Deterministic Random Bit Generation | |||
| Personality Determinist ic Seed | Determinis tic Seed - CSP | Parameter related to user credentials (key handle, user). Used to derive | 256 - 256 | Allowed KDF Method | Deterministic Random Bit Generation | ||
| Individual Attestation Determinist ic Seed | Determinis tic Seed - CSP | Determinist ic seed used to derive the Individual Attestation Key | 256 - 256 | Allowed KDF Method | Deterministic Random Bit Generation | ||
| Batch Attestation Determinist ic Seed | Determinis tic Seed - CSP | Determinist ic seed used to derive the Batch Attestation Key | 256 - 256 | Allowed KDF Method | Deterministic Random Bit Generation | ||
| Key Handle Authenticat ion Determinist ic Seed | Determinis tic Seed - CSP | Determinist ic seed used to derive the Key Handle Authenticati on Key | 256 - 256 | Allowed KDF Method | Deterministic Random Bit Generation | ||
| Batch Attestation Signing (Private) Key | Private Key - CSP | Used for signature in U2F and FIDO2 registration during batch attestation | 256 - 256 | Asymmetr ic Key Generatio n Determini stic Random Bit Generatio n | Digital Signature | ||
| Individual Attestation Signing (Private) Key | Private Key - CSP | Used for signature in U2F and FIDO2 registration during enterprise attestation | 256 - 256 | Asymmetr ic Key Generatio n Determini stic Random Bit Generatio n | Digital Signature | ||
| Key Handle Encryption Key | Symmetric Key - CSP | Encrypt server-side credentials | 256 - 256 | Determini stic Random Bit Generatio n Symmetri c Key Generatio n | Data Encryption/Decry ption | ||
| Key Handle Authenticat ion Key | Authentica tion Key - CSP | Authenticat e server- side credentials | 256 - 256 | Determini stic Random Bit Generatio n Symmetri c Key Generatio n | Message Authentication FW | ||
| U2F/Serve r-Side Signing (Private) Keys (Legacy) | Private Key - CSP | Private key for core Legacy FIDO functionalit y | 256 - 256 | Asymmetr ic Key Generatio n Determini stic Random Bit Generatio n | Digital Signature | ||
| FIDO2/Ser ver-Side Signing (Private) Keys | Private Key - CSP | Private key for core FIDO2 functionalit y | 256 - 256 | Asymmetr ic Key Generatio n Determini stic Random Bit Generatio n | Digital Signature | ||
| Resident Signing (Private) Keys | Private Key - CSP | Private key for core FIDO2 functionalit y | 256 - 256 | Asymmetr ic Key Generatio n Determini stic Random | Digital Signature | ||
| PIN Protocol Agreement Key | Private Key - CSP | Module's pin protocol agreement private key | 256 - 256 | Asymmetr ic Key Generatio n Determini stic Random Bit Generatio n | Key Agreement ECC | ||
| PIN Protocol Deriving Z | Shared Secret - CSP | Shared Secret for client PIN | 256 - 256 | Key Agreeme nt ECC | Key Derivation Function | ||
| PIN Protocol Encryption Key | Symmetric Key - CSP | Derived shared encryption key | 256 - 256 | Key Derivation Function | Data Encryption/Decry ption | ||
| PIN Protocol Authenticat ion Key | Authentica tion Key - CSP | Derived shared authenticati on key | 256 - 256 | Key Derivation Function | Message Authentication FW | ||
| PIN UV Auth Token | Authentica tion Token - CSP | Short lived authenticati on token | 256 - 256 | Determini stic Random Bit Generatio n Symmetri c Key Generatio n | Key Transport | Data Encryption/Decry ption | |
| PIN | PIN - CSP | User verification knowledge factor | Minimu m 6 charact ers - 48 bits | Key Transport | |||
| PIN Hash | Hash Value - CSP | Hash prefix of PIN | 128 - 128 | ||||
| PIN Hash Attemp | Hash Value - CSP | User guessed PIN hash | 128 - 128 | Key Transport | |||
| CredRand om Determinist ic Seed | Determinis tic Seed - CSP | Determinist ic Seed used to derive the CredRando m Deriving Keys | 256 - 256 | Allowed KDF | Deterministic Random Bit Generation | ||
| CredRand om Deriving Keys (with and without UV) | Symmetric Key - CSP | Derived keys used to derive the CredRando m | 256 - 256 | Determini stic Random Bit Generatio n Symmetri c Key Generatio n | Key Derivation Function | ||
| CredRand om | Derived Symmetric Key - CSP | Derived key used for hmac- secret extension | 256 - 256 | Key Derivation Function | Message Authentication FW | ||
| FIDO2 HMAC Secret Salts | Salt - CSP | Input for hmac- secret extension | 256 - 256 | Key Transport | Message Authentication FW | ||
| FIDO2 HMAC Secret Outputs | MAC Output - CSP | Outputs for hmac- secret extension, used to do offline encryption with arbitrary user data | 256 - 256 | Key Transport | Data Encryption/Decry ption | ||
| Pin Protocol Agreement (Public) Key | Public Key - PSP | Module's pin protocol agreement public key | 256 - 256 | Asymmetr ic Key Generatio n Determini stic Random Bit Generatio n | Key Agreement ECC | ||
| Batch Attestation Signing (Public) Key | Public Key - PSP | Batch attestation | 256 - 256 | Factory Loaded | Digital Signature | ||
| PIN Protocol Deriving (Public) Key | Public Key - PSP | Client PIN Protocol agreement public key | 256 - 256 | Key Agreeme nt ECC | |||
| U2F/Serve r-Side Signing (Public) Keys (Legacy) | Public Key - PSP | Public key for core Legacy FIDO functionalit y | 256 - 256 | Asymmetr ic Key Generatio n Determini stic Random Bit Generatio n | Digital Signature | ||
| FIDO2/Ser ver-Side Signing (Public) Keys | Public Key - PSP | Public key for core FIDO2 functionalit y | 256 - 256 | Asymmetr ic Key Generatio n Determini stic Random Bit Generatio n | Digital Signature | ||
| Resident Signing (Public) Keys | Public Key - PSP | Public key for core FIDO2 functionalit y | 256 - 256 | Asymmetr ic Key Generatio n Determini stic Random Bit Generatio n | Digital Signature | ||
| Individual Attestation Signing (Public) Certificate | Public Certificate - PSP | Used for signature in U2F and FIDO2 registration during | 256 - 256 | Factory Loaded | Digital Signature | ||
| U2F/Serve r-Side Determinist ic Seed | Determinis tic Seed - CSP | Determinist ic seed used to derive the U2F/Server -Side signing (Private) Keys (Legacy) | 256 - 256 | Key Transport | Deterministic Random Bit Generation | ||
| FIDO2/Ser ver-Side Determinist ic Seed | Determinis tic Seed - CSP | Determinist ic seed used to derive the FIDO2/Ser ver-Side Signing (Private) Keys | 256 - 256 | Key Transport | Deterministic Random Bit Generation | ||
| DRBG Entropy Input | RAM:Plaintext | Reboot Remove power Environmenta l Failure | DRBG Seed:Used With DRBG V:Used With DRBG Key:Used With | Until module loses power/reboot or environmenta l failure occurs | |||
| DRBG Seed | RAM:Plaintext | Reboot Remove power Environmenta l Failure | DRBG Entropy Input:Used With DRBG V:Used With DRBG Key:Used With | Until module loses power/reboot or environmenta l failure occurs | |||
| DRBG V | RAM:Plaintext | Reboot Remove power Environmenta l Failure | DRBG Entropy Input:Used With DRBG Seed:Used With DRBG Key:Used With | Until module loses power/reboot or environmenta l failure occurs |
| Zeroization | Description | Rationale | Operator Initiation | |
|---|---|---|---|---|
| Method | ||||
| Environmental Failure | Zeroisation when the temperature or voltage falls outside the module's normal operating ranges | Keys are automatically zeroised by a power cycle, which is acceptable at Security Level 1 | Automatically when an environmental failure occurs |
OpenSK Cryptographic Module Table 19: SSP Zeroization Methods
The following table summarizes the keys and Sensitive Security Parameters (SSPs) that are used by the cryptographic services implemented in the module: n h N/A N/A N/A N/A Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
OpenSK Cryptographic Module n h n n n n Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
OpenSK Cryptographic Module n h e serverside y y y n n n n n n n n n Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
OpenSK Cryptographic Module n h n n n n n m6 Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
OpenSK Cryptographic Module n m for hmacsecret hmacsecret hmacsecret h n n n n Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
OpenSK Cryptographic Module n h y y y n n n n n n Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
OpenSK Cryptographic Module n h Table 20: SSP Table 1 Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
| Name | Storage | Zeroization | Related SSPs | |
|---|---|---|---|---|
| DRBG Key | RAM:Plaintext | Reboot Remove power Environmenta l Failure | Until module loses power/reboot or environmenta l failure occurs | DRBG Entropy Input:Used With DRBG Seed:Used With DRBG V:Used With |
| Personality Deterministic Seed | Flash:Plaintext | Reset command | N/A | |
| Individual Attestation Deterministic Seed | Flash:Plaintext | Reset command | N/A | |
| Batch Attestation Deterministic Seed | Flash:Plaintext | Reset command | N/A | |
| Key Handle Authentication Deterministic Seed | Flash:Plaintext | Reset command | N/A | |
| Batch Attestation Signing (Private) Key | RAM:Plaintext | Reboot Remove power Environmenta l Failure | Until module loses power/reboot or environmenta l failure occurs | Batch Attestation Deterministic Seed:Derived From |
| Individual Attestation Signing (Private) Key | RAM:Plaintext | Reboot Remove power Environmenta l Failure | Until module loses power/reboot or environmenta l failure occurs | Individual Attestation Deterministic Seed:Derived From |
| Key Handle Encryption Key | RAM:Plaintext | Reboot Remove power Environmenta l Failure | Until module loses power/reboot or environmenta l failure occurs | Personality Deterministic Seed:Derived From |
| Key Handle Authentication Key | RAM:Plaintext | Reboot Remove power | Until module loses power/reboot or | Key Handle Authentication Deterministic |
| environmenta l failure occurs | Environmenta l Failure | environmenta l failure occurs | Seed:Derived From | |
| U2F/Server- Side Signing (Private) Keys (Legacy) | RAM:Plaintext | Reboot Remove power Environmenta l Failure | Until module loses power/reboot or environmenta l failure occurs | U2F/Server- Side Deterministic Seed:Derived From |
| FIDO2/Server -Side Signing (Private) Keys | RAM:Plaintext | Reboot Remove power Environmenta l Failure | Until module loses power/reboot or environmenta l failure occurs | FIDO2/Server- Side Deterministic Seed:Derived From |
| Resident Signing (Private) Keys | RAM:Plaintext | Reboot Remove power Environmenta l Failure | Until module loses power/reboot or environmenta l failure occurs | |
| PIN Protocol Agreement Key | RAM:Plaintext | Reboot Remove power Environmenta l Failure | Until module loses power/reboot or environmenta l failure occurs | |
| PIN Protocol Deriving Z | RAM:Plaintext | Reboot Remove power Environmenta l Failure | Until module loses power/reboot or environmenta l failure occurs | |
| PIN Protocol Encryption Key | RAM:Plaintext | Reboot Remove power Environmenta l Failure | Until module loses power/reboot or environmenta l failure occurs | PIN Protocol Deriving (Private) Key:Derived From |
| PIN Protocol Authentication Key | RAM:Plaintext | Reboot Remove power | Until module loses power/reboot | PIN Protocol Deriving (Private) |
OpenSK Cryptographic Module N/A N/A N/A N/A Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
OpenSK Cryptographic Module U2F/ServerSide FIDO2/ServerSide Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
| Name | Storage | Zeroization | Or environmenta l failure occurs | Related SSPs Key:Derived From | |
|---|---|---|---|---|---|
| PIN UV Auth Token | RAM:Plaintext | Reboot Remove power Environmenta l Failure | PIN Protoco l Output | Until module loses power/reboot or environmenta l failure occurs | |
| PIN | RAM:Plaintext | Reboot Remove power Environmenta l Failure | Until module loses power/reboot or environmenta l failure occurs | ||
| PIN Hash | Flash:Encrypte d | Reset command | N/A | ||
| PIN Hash Attemp | RAM:Plaintext | Reboot Remove power Environmenta l Failure | Until module loses power/reboot or environmenta l failure occurs | ||
| CredRandom Deterministic Seed | Flash:Plaintext | Reset command | N/A | ||
| CredRandom Deriving Keys (with and without UV) | RAM:Plaintext | Reboot Remove power Environmenta l Failure | Until module loses power/reboot or environmenta l failure occurs | CredRandom Deterministic Seed:Derived From | |
| CredRandom | RAM:Plaintext | Reboot Remove power Environmenta l Failure | Until module loses power/reboot or environmenta l failure occurs | CredRandom Deriving Keys (with and without UV):Derived From | |
| FIDO2 HMAC Secret Salts | RAM:Plaintext | Reboot Remove power | Until module loses power/reboot or | ||
| environmenta l failure occurs | Environmenta l Failure | environmenta l failure occurs | |||
| FIDO2 HMAC Secret Outputs | RAM:Plaintext | Reboot Remove power Environmenta l Failure | PIN Protoco l Output | Until module loses power/reboot or environmenta l failure occurs | |
| Pin Protocol Agreement (Public) Key | RAM:Plaintext | Reboot Remove power Environmenta l Failure | Until module loses power/reboot or environmenta l failure occurs | PIN Protocol Agreement Key:Paired With | |
| Batch Attestation Signing (Public) Key | Flash:Plaintext | N/A | PSP Export | N/A | |
| PIN Protocol Deriving (Public) Key | RAM:Plaintext | Reboot Remove power Environmenta l Failure | Until module loses power/reboot or environmenta l failure occurs | ||
| U2F/Server- Side Signing (Public) Keys (Legacy) | RAM:Plaintext | Reboot Remove power Environmenta l Failure | PSP Export | Until module loses power/reboot or environmenta l failure occurs | U2F/Server- Side Signing (Private) Keys (Legacy):Paire d With |
| FIDO2/Server -Side Signing (Public) Keys | RAM:Plaintext | Reboot Remove power Environmenta l Failure | PSP Export | Until module loses power/reboot or environmenta l failure occurs | FIDO2/Server- Side Signing (Private) Keys :Paired With |
| Resident Signing (Public) Keys | RAM:Plaintext | Reboot Remove power Environmenta l Failure | PSP Export | Until module loses power/reboot or environmenta | Resident Signing (Private) Keys:Paired With |
| Individual Attestation Signing (Public) Certificate | Flash:Plaintext | N/A | PSP Export | N/A | |
| U2F/Server- Side Deterministic Seed | Flash:Plaintext | Reset command | N/A | ||
| FIDO2/Server -Side Deterministic Seed | Flash:Plaintext | Reset command | N/A |
OpenSK Cryptographic Module d N/A N/A Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
OpenSK Cryptographic Module N/A N/A Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
OpenSK Cryptographic Module N/A U2F/ServerSide N/A N/A N/A Table 21: SSP Table 2
Per FIPS 140-3, IG C.K FIPS 186-4 CAVP tests performed are mathematically identical to FIPS 186-5 CAVP tests, therefore the module can claim FIPS 186-5 compliance for these tests. Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method | Details | Indicator | Algorithm or Test | Test Properties | |
|---|---|---|---|---|---|---|---|---|---|---|
| SHA2-256 (A2352) | SHA2-256 (A2352) | Firmware Integrity | SW/FW Integrity | Approved Hash | 256-bit hash | Status Output | ||||
| SHA2-256 (A5101) | SHA2-256 (A5101) | CAST | Successfu l initializatio n of the module | Module Initializatio n | Hash | 256-bit hash | KAT | |||
| HMAC- SHA2-256 (A5101) | HMAC- SHA2-256 (A5101) | CAST | Successfu l initializatio n of the module | Module Initializatio n | MAC | 256-bit key | KAT | |||
| ECDSA SigGen (FIPS186- 4) (A5101) | ECDSA SigGen (FIPS186- 4) (A5101) | CAST | Successfu l initializatio n of the module | Module Initializatio n | Signature Generation | NIST P- 256 | KAT | |||
| ECDSA SigVer (FIPS186- 4) (A5101) | ECDSA SigVer (FIPS186- 4) (A5101) | CAST | Successfu l initializatio n of the module | Module Initializatio n | Signature Verification | NIST P- 256 | KAT | |||
| KAS- ECC-SSC Sp800- | KAS- ECC-SSC Sp800- | CAST | Successfu l initializatio | Module Initializatio n | Ephemeral Unified | NIST P- 256 | KAT | |||
| 56Ar3 (A5101) | 56Ar3 (A5101) | n of the module | ||||||||
| HMAC DRBG (A5101) | HMAC DRBG (A5101) | CAST | Successfu l initializatio n of the module | Module Initializatio n | Instantiate, Generate and Reseed | As specified in NIST SP 800- 90Ar1 Section 11.3 | KAT | |||
| KDA HKDF SP800- 56Cr2 (A5101) | KDA HKDF SP800- 56Cr2 (A5101) | CAST | Successfu l initializatio n of the module | Module Initializatio n | Key Derivation | HMAC- SHA2- 256 | KAT | |||
| AES-CBC (A5101) | AES-CBC (A5101) | CAST | Successfu l initializatio n of the module | Module Initializatio n | Encryption/Decrypti on | 256-bit key | KAT | |||
| ECDSA KeyGen (FIPS186- 4) (A5101) | ECDSA KeyGen (FIPS186- 4) (A5101) | PCT | Success or failure of service | Key Pair Generatio n and Key Agreemen t | Key Pair Generation | NIST P- 256 | PCT | |||
| SHA2-256 (A2352) | SHA2-256 (A2352) | CAST | Successfu l initializatio n of the module | Module Initializatio n | Hash | 256-bit hash | KAT | |||
| HMAC- SHA2-256 (A2352) | HMAC- SHA2-256 (A2352) | CAST | Successfu l initializatio n of the module | Module Initializatio n | Hash | 256-bit key | KAT | |||
| Firmware Load Test | Firmware Load Test | SW/F W Load | Successfu l firmware update | Firmware Update Request | N/A | ECDSA Signature Verificatio n with NIST P- 256 | Firmware Load Test | |||
| Entropy Source 90B Start- Up RCT and APT | Entropy Source 90B Start- Up RCT and APT | CAST | Successfu l initializatio n of the entropy source | Module Initializatio n | Entropy Generation | Repetition Count Test (RCT) and Adaptativ e | Start-up Health Tests | |||
| Entropy Source 90B Continuou s RCT and APT | Entropy Source 90B Continuou s RCT and APT | CAST | Successfu ll output of entropy bits | Entropy Bits Request | Entropy Generation | Repetition Count Test (RCT) and Adaptativ e Proportio n Test (APT) as specified in NIST SP 800- 90B Sections 4.4.1 and 4.4.2 | Continuou s Health Tests | |||
| SHA2-256 (A2352) | SHA2-256 (A2352) | Firmware Integrity | SW/FW Integrity | On Demand | Reboot, reset or power cycle |
This section specifies the pre-operational and conditional self-tests performed by the module. The pre-operational and conditional self-tests ensure that the module is not corrupted and that the cryptographic algorithms work as expected.
Pre-operational Self-Tests are run upon the power up/initialization of the module. The module transitions to the operational state only after the pre-operational self-tests (and the cryptographic algorithm self-tests (CASTs)) are passed successfully. The design of the module ensures that all data output, via the data output interface, is inhibited whenever the module is in a pre-operational self-test condition. The Pre-Operational Self-Tests are detailed in the table below. Table 22: Pre-Operational Self-Tests
Conditional Self-Tests are run when an applicable security function or process is invoked. The Conditional Self-Tests are detailed in the table below. s s n HMACSHA2-256 n (FIPS1864) (FIPS1864) KASECC-SSC NIST P256 n NIST P256 n NIST P256 l l l l l n Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
OpenSK Cryptographic Module s SP 80090Ar1 HMACSHA2256 (FIPS1864) NIST P256 HMACSHA2-256 NIST P256 e W SP80056Cr2 s l n n n l l l l l t n n N/A n Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method | Details | Algorithm or Test | Test Properties | Indicator |
|---|---|---|---|---|---|---|---|---|---|
| Entropy Source 90B Continuou s RCT and APT | Entropy Source 90B Continuou s RCT and APT | CAST | Successfu ll output of entropy bits | Entropy Bits Request | Repetition Count Test (RCT) and Adaptativ e Proportio n Test (APT) as specified in NIST SP 800- 90B Sections 4.4.1 and 4.4.2 | Continuou s Health Tests | Entropy Generation | ||
| SHA2-256 (A2352) | SHA2-256 (A2352) | Firmware Integrity | SW/FW Integrity | On Demand | Reboot, reset or power cycle | ||||
| SHA2-256 (A5101) | SHA2-256 (A5101) | KAT | CAST | On Demand | Reboot, reset or power cycle | ||||
| HMAC-SHA2- 256 (A5101) | HMAC-SHA2- 256 (A5101) | KAT | CAST | On Demand | Reboot, reset or power cycle | ||||
| ECDSA SigGen (FIPS186-4) (A5101) | ECDSA SigGen (FIPS186-4) (A5101) | KAT | CAST | On Demand | Reboot, reset or power cycle | ||||
| ECDSA SigVer (FIPS186-4) (A5101) | ECDSA SigVer (FIPS186-4) (A5101) | KAT | CAST | On Demand | Reboot, reset or power cycle | ||||
| KAS-ECC-SSC Sp800-56Ar3 (A5101) | KAS-ECC-SSC Sp800-56Ar3 (A5101) | KAT | CAST | On Demand | Reboot, reset or power cycle | ||||
| HMAC DRBG (A5101) | HMAC DRBG (A5101) | KAT | CAST | On Demand | Reboot, reset or power cycle | ||||
| KDA HKDF SP800-56Cr2 (A5101) | KDA HKDF SP800-56Cr2 (A5101) | KAT | CAST | On Demand | Reboot, reset or power cycle | ||||
| AES-CBC (A5101) | AES-CBC (A5101) | KAT | CAST | On Demand | Reboot, reset or power cycle | ||||
| ECDSA KeyGen (FIPS186-4) (A5101) | ECDSA KeyGen (FIPS186-4) (A5101) | PCT | PCT | On Demand | Reboot, reset or power cycle | ||||
| SHA2-256 (A2352) | SHA2-256 (A2352) | KAT | CAST | On Demand | Reboot, reset or power cycle | ||||
| HMAC-SHA2- 256 (A2352) | HMAC-SHA2- 256 (A2352) | KAT | CAST | On Demand | Reboot, reset or power cycle | ||||
| Firmware Load Test | Firmware Load Test | Firmware Load Test | SW/FW Load | On Demand | Firmware Update Request | ||||
| Entropy Source 90B Start-Up RCT and APT | Entropy Source 90B Start-Up RCT and APT | Start-up Health Tests | CAST | On Demand | Reboot, reset or power cycle | ||||
| Entropy Source 90B Continuous RCT and APT | Entropy Source 90B Continuous RCT and APT | Continuous Health Tests | CAST | Entropy Generation | Entropy Bits Request |
OpenSK Cryptographic Module s SP 80090B 4.4.2 e SP 80090B 4.4.2 s Table 23: Conditional Self-Tests The module performs self-tests on all approved cryptographic algorithms supported in the approved mode of operation, using the tests shown in the table above. To ensure all conditional CASTs are performed prior to the first operational use of the associated algorithm, all CASTs are performed during the module’s initial power-up sequence. The CASTs for algorithms used in the pre-operational firmware integrity test are performed prior to the integrity test itself; all other CASTs are executed immediately after the successful completion of the firmware integrity test. Services are not available, and data output (via the data output interface) is inhibited during the self-tests. If any of these tests fails, the module transitions to the error state.
Pre-operational self-tests can be run on-demand, for periodic testing, by rebooting the module. Table 24: Pre-Operational Periodic Information Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
OpenSK Cryptographic Module Table 25: Conditional Periodic Information
If any of the Pre-operational Self-Tests or Conditional Self-Tests fail, the module will output an error status and enter an error state, where all data output is inhibited. Upon entering an error state, an operator can attempt to clear the error state by removing the module from the USB port and reinserting it to restart the module. If the error state cannot be cleared, the module must be returned to the manufacturer. The table below shows the different causes that lead to the Error States and the status indicators reported. Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
| Name | Description | Role Access | Indicator | |
|---|---|---|---|---|
| Error | The module's error state | POST, CAST or PCT Failure | Error Code | Module reboot and power cycle |
OpenSK Cryptographic Module Table 26: Error States Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
No configuration of the module or installation steps are required from the operator. When the module is powered on its power-up self-tests are executed without any operator intervention. The module enters in approved mode automatically if the power-up self-test completes successfully. If any of the self-tests fail during power-up, the module transitions to an Error state. The operator can verify that the module is in the Approved mode of operation and that the FIPS validated version is being used, by checking the version output using the "Vendor_Sysinfo" command and comparing it against the versioning information on the module certificate. The status of the module can be determined by the availability of the module or by executing the “Show Status” service. If the module is available, it has passed all self-tests. If it is unavailable, it is in the error state.
None. Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.
The module is protected against the following non-invasive attacks: Fault Injection: Code signing Execution gating Storage parity Transmission parity Power On Self-Test Voltage monitoring Temperature monitoring Internal clock Active Security Shield Side-Channel Attacks: Constant-time (data-independent) code execution Random insertion of wait states Jittery clock Power masking Data blinding TRNG Entropy Churning Computation Throttling Google, LLC. 2025 This document may be reproduced and distributed only in its original entirety without revision.