Taking A U2F Hardware Key From Design To Production

Building a circuit from prototyping to printed circuit board assembly is within the reach of pretty much anyone with the will to get the job done. If that turns out to be something that everyone else wants, though, the job gets suddenly much more complex. This is what happened to [Conor], who started with an idea to create two-factor authentication tokens and ended up manufacturing an selling them on Amazon. He documented his trials and tribulations along the way, it’s both an interesting and perhaps cautionary tale.

[Conor]’s tokens themselves are interesting in their simplicity: they use an Atmel ATECC508A specifically designed for P-256 signatures and keys, a the cheapest USB-enabled microcontroller he could find: a Silicon Labs EFM8UB1. His original idea was to solder all of the tokens over the course of one night, which is of course overly optimistic. Instead, he had the tokens fabricated and assembled before being shipped to him for programming.

Normally the programming step would be straightforward, but using identical pieces of software for every token would compromise their security. He wrote a script based on the Atmel chip and creates a unique attestation certificate for each one. He was able to cut a significant amount of time off of the programming step by using the computed values with a programming jig he built to flash three units concurrently. This follows the same testing and programming path that [Bob Baddeley] advocated for in his Tools of the Trade series.

From there [Conor] just needed to get set up with Amazon. This was a process worthy of its own novel, with Amazon requiring an interesting amount of paperwork from [Conor] before he was able to proceed. Then there was an issue of an import tariff, but all-in-all everything seems to have gone pretty smoothly.

Creating a product from scratch like this can be an involved process. In this case it sounds like [Conor] extracted value from having gone through the entire process himself. But he also talks about a best-case-scenario margin of about 43%. That’s a tough bottom line but a good lesson anyone looking at building low-cost electronics.

Hack A Day Classifieds


Announcing Hack a Day Classifieds! Buy, sell, trade your tools and junk with other Hack a Day readers.

Quite often, we get emails or comments with people asking “do you want this piece of junk?” or “Would you sell that thing?”. We usually just push them off on craigslist, but we realize that it can be hard to find our specific flavor of stuff in craigslist. Who posts a half smashed tube radio on there?

Our answer is to give you guys the Hack a Day Classifieds. We know it isn’t perfect, but we wanted to supply this service to hackers. Feel free to post what you’ve got. Think of it like a little mini craigslist, just for us. It should be fully functional and ready to go, but who knows what issues we’ll see when you all start going there. Please be patient and understanding with us.