For the past year, we have been busy making OnlyKey better, easier to use, and well-suited for remote workers. With our upcoming Fall release (to be released later in October) we will introduce some great new features such as:
OnlyKey GPG agent
This has been our #1 most requested feature, and it is finally here! For years, OnlyKey has supported an SSH agent, allowing secure passwordless SSH authentication. Now OnlyKey agent integrates with GPG to let users decrypt files, sign git commits, and even manage passwords (with pass and gopass). Instead of keeping GPG keys on a computer, OnlyKey generates and securely stores your keys off of the computer. We will also have the option to import your own existing PGP keys for more advanced users.
We have greatly improved our webcrypt web application for OnlyKey on-the-go use. With our GPG agent we now have the ability to seamlessly use PGP anywhere, locally or in the browser (Chrome, Firefox, Android, and Safari on iPhone). In the browser, WebCrypt now supports:
- Multiple-recipient encrypted messages and files.
- Send to Keybase users and now also Protonmail users directly in the app. Just type their username or Protonmail email address.
- User search has been improved to also include Protonmail. Find Keybase and Protonmail user’s by name or email.
- Support for multiple PGP key types RSA or X25519 (used by Protonmail).
- File and message share links. We have developed an innovative way to allow file sharing links using an open-source decentralized database called GUN. Share links utilize a double layer of encryption.
- 3rd-party developer API. We have developed an innovative way to permit 3rd-party developer use in external applications. OnlyKey generates an unlimited number of derived keys which are unique to a developer’s domain and may be used in web applications. We plan to release this on NPM soon.
Another top-requested feature, enabling SysAdmin mode permits OnlyKey to type almost any combination of characters in addition to usernames and passwords. For example, wouldn’t it be nice to login to Windows with just a single button press? SysAdmin mode permits OnlyKey to enter Ctrl-Alt-Del, then enter usernames and passwords. Another example might be allowing OnlyKey to type Ctrl+Alt+T to open a terminal in Ubuntu to run a commonly used command. Of course, with this feature additional security is also required and a privileged access mode is required to configure these values.
Primary Profile and Secondary Profile LED Color
OnlyKey supports a primary and secondary profile, switching between the two is now even easier. Hold down button #3 for 5 seconds to lock OnlyKey and switch profiles. Recognizing which profile you are logged into is now easier with profile colors, OnlyKey has Green light for Primary profile and Blue light for Secondary profile.
Security Key (FIDO2 / FIDO U2F) Updates
Updates have been made for improved usability of the security key feature and to support the ability to manage FIDO2 resident keys.
What else is new?
New OnlyKey Community Forum – We have launched our new OnlyKey Community Forum available here – https://onlykey.discourse.group. This will replace the existing OnlyKey Support Forum.
KeePassXC Support – OnlyKey is supported in KeePassXC. A recent update to KeePassXC allows using OnlyKey as a security key to protect your software password manager. If you are in the market for a free, open source, and cross-platform software password manager, check out KeePassXC and check out the OnlyKey Users Guide to get started.
Improved OnlyKey SSH Support – OnlyKey SSH agent now supports both derived keys and stored keys for users who wish to use a single key to log into multiple servers. PGP (RSA and ECC) key import support will be added in our next OnlyKey SSH agent release. This allows users to import existing keys to OnlyKey for secure SSH. Alternatively, OpenSSH supports OnlyKey — read more about that here.
We are in the final phases of testing a new, more portable USB-A & USB-C OnlyKey hardware platform and expect to have some news about launch in late 2020 / early 2021. Stay tuned!