Hi ! I just want to share my enthusiasm for this kind of security stuff.
Recently I wrote a short post about the recent security issue on the Intel platform where I was saying that we need a co-processor with its own storage/memory using a security protocol has implemented in a Hardware Wallet like the Trezor.
This guy, Denys Fedoryshchenko managed to build a small firmware implementing such kind of a protocol on a super cheap STM32 (2$ a piece + 3$ for the ST-Link V2 programmer). The difficulty is to have enough flash to store your keys and a very small firmware. The keys are stored in encrypted form using AES256 (the best is to have the 128KB Flash version if you need to store several keys)
There is another firmware that exists but it is bigger and the keys are encrypted with a slightly less secure algorithm: https://www.fsij.org/doc-gnuk/intro.html#what-s-gnuk
This is this project that inspired Denys to build his own.
Check out his github repository, there is some activity around: https://github.com/nuclearcat/cedarkey
It has dependencies to :
- ARM MBED, MBED TLS https://tls.mbed.org/ (Available as Apache or GPL2 license, I just found it funny :))
- libopencm3 (LGPLv3)
- SCRYPT
This is really a pretty nice stuff implemented on those STM32, I am really eager to see how it is going to be used and what feature he is going to add. If they add a lot more flash, it will be probably possible to implement a FIDO style protocol.