Canokeys from CHINA shd work the same as yubikeys?

hi,

yubikeys are almost 50Euro.

i found CHINA’s canokeys are just around 15Euro.

in the wave of deepseek, i am giving it a go.
canokeys do support PGP, PIV etc.

anyway have experience?

thanks

I’d be very leery of any ‘security’ device that comes from China.

1 Like

I believe it is worthwhile to acquire at least one key for evaluation.

It is an open source Chinese product vs a closed source US product (yubikey). I don’t think there will be much difference securitywise if you’re not going to attract the attention of a TLA.

Where are you buying from?

FTFY      

Yubico (the manufacturer of Yubikey) is NOT a solely Swedish company. It has headquarters in Santa Clara, California.

1 Like

funny, cant find one in aliexpress.

however there are several shops in taobao that sell it.

btw, from canokeys’ website,

ppl could buy STM32 “blackpill” (better) or other color pills (check first),
and try the features.
these cheap STM32’s 's security is not strong, so just for a taste,
also you can try QEMU and it support an emulated canokey!

Product and Hardware Versions

As of September 2024, the CanoKey project offers three products and two developer reference hardware. They use the same core library - canokey-core.

  • CanoKey Canary: This is the upcoming version. It uses a USB Type C interface.
  • CanoKey Pigeon: This is the currently available version. It uses a USB Type A interface.
  • CanoKey Epoxy: This version is no longer available. Its appearance is made of transparent epoxy.
  • CanoKey STM32: This version has never been sold and is only for development testing. The hardware design of this version is open-source and can be obtained here. Please note that this version cannot provide any security assurances; anyone with access to the device can obtain the plaintext keys.
  • CanoKey nRF52: This version has never been sold and is only for development testing. It uses the nRF52840 chip, and various USB devices based on this chip are easily available. The open-source firmware for this version can be obtained here. Please note that this version cannot provide any security assurances; anyone with access to the device can obtain the plaintext keys.

snowden: you know what i want to say.

I have
1 yubico 5 NFC
1 security key
1 someone’ diy stm32 that coudl run gogole’s openSK or canokey
1 canokey USB A
-----------plan to buy v
1 canokey USB c

previously i only use FIDO and thus the canokey’s work just well as yubikey.

however i plan to implement pgp piv etc,
yubico just too expensive, so i wanna introduce canokey.
but not yet implemented.

also, i have interesed in the DIY stm32’s.

just imagine you setup everything, and then yubico or canokey’s company/community is dead.

diy stm32 is not secure (think of someone can directly read it out as plain text),
however this is the only permanent way to resuce your system provided you saved the secrets as files in SSD/cloud.

yes, yubikey is to eliminate passwords etc,
but you need recovery code to resuce yubikey associated accounts.
it’s a cycle.