YAST security token

An open source highly secure USB dongle for security applications like OpenPGP card or FIDO2

Similar projects worth following
YAST (Yet Another Security Token) is an open source USB security token which can be used to implement standards like OpenPGP card of FIDO2. Unlike others open source security tokens (as far as i know), YAST embeds a CC certified at EAL6+ secure element allowing to securely store and protect secrets. SE050 secure element can be binded to the LPC55Sxx main MCU using the LPC internal PUF (Physical Unclonable Function).

Purpose of this token

This security token is intended to be used as a development platform for security applications.

It is built around a LPC55Sxx chip and a SE050 secure element both from NXP.
This token has the same form factor as the OpenSK token
from Google therefore its case can be reused.

What is the added value of YAST?

On the market there is already a large amount of security tokens. Most of them are based on proprietary designs while some others are open source. On one hand, closed source tokens seem to be based on secure elements while on the other hand, as far as I know, open source tokens are based on standard, not security certified, chips like STM32 chips. This design choice seems to be mainly dicted by concerns about NDA which come with Secure Elements.

From my point of view this is a real problem. I agree some tokens based on secure elements are not exempt from vulnerabilities like the Titan security key from Google. In fact, this token is based on a pretty old secure element A7005 from NXP and therefore things which were secure almost ten years ago are no more secure now. However if a old secure element is now vulnerable (but more than 4 months of work were needed to discover and exploit the vulnerability), old non secure chips are **far more** vulnerable. For example, it is possible to extract the firmware from an STM32F1 chip using a pure software attack (ok this is not entirely true as an access to the SWD port is needed). This is this chip which is used in the Nitrokey Start key from Nitrokey.

While using a secure element is not a "cure-all", using non-secure and non-certified chips for secure application is almost always a bad idea as you relies on a "untrusted" (not certified) chip executing an "untrusted" (not certified) code. Here openess is not really a huge advantage as there is very few people around the world which have the required skills needed to perform a valuable security assessment of a security token.

So how a security token can be built using a secure element and still be open source? SE050 security chip from NXP is a preprogrammed secure element embedding a really versatile security applet. All documentation is freely accessible on NXP's website (some documentation requires an account to be accessible) and therefore no NDA is required. The YAST key embeds both a LPC55Sxx chip and the SE050 SE. LPC55Sxx chip can be binded to its SE050 companion using its embedded PUF (Physical Unclonable Function). The resulting hardware comes with both the flexibility and the power of the LPC55 chip and the security of the SE050 secure element which has been certified at level EAL6+ (Hardware and OS) according to the Common Criterias.

For which application the YAST token can be used?

YAST token is made of a LPC55Sxx MCU connected to a SE050 coprocessor which acts as a secure cryptographic library. SE050 is designed to prevent both leakage of cryptographic keys and their usage by unauthorized users. In consequence, YAST token is suited for applications which extensively use cryptographic primitives. However, others processing taking place on LPC55 side do not benefit from SE050 high security level. So before using YAST token for a given application, you should be sure that the following hypothesis are verified:

  • LPC55Sxx does not implements any security functions and it is only used as an interface between SE050 chip and the host PC.
  • Or, LPC55Sxx implements some security functions but they can only be used if the user is properly authenticated by the SE050 AND the legitimate user is not willing to attack his own token.

Concretely, the YAST token can be used to implement application like OpenPGP card (demo application available), FIDO2 protocol (but YAST token does not have any led) or HSM-like application.

SE050 has some limitations which can be circumvented:

  • PIN object cannot be atomically updated. You have to first delete then
    create a new PIN object. If a power loss occurs between PIN...
Read more »

  • RNG firmware available and future works on FIDO2

    Michael Grand03/12/2021 at 21:23 0 comments

    The RNG firmware is now available on Github. This firmware generate a continuous stream of random bytes through a VCOM port. Three modes of operation are available:

    Mode of operation
    Throughput (B/s)

    This is a demo firmware and, for a given security strength, throughput can certainly be improved. 

    I'm going to start to work on a Fido2 demo application. I will let you know when I will have made substantial progress. I also plan to work on a open source contactless Java Card implementation of the FIDO2 standard. I have ordered an ACOSJ dual interface smart card as development platform.

  • YAST now available on tindie

    Michael Grand03/02/2021 at 09:18 0 comments

    YAST is now for sale on Tindie.

    In parallel, I'm working on an RNG firmware which would provide a continuous random number stream through a virtual com interface. Expected throughput goes from 15kB/s using directly the RNG feature of the SE050 up to 210kB/s when a DRBG is executed on the LPC55 and seeded by the SE050.

  • OpenPGP card firmware available for download

    Michael Grand02/20/2021 at 19:10 0 comments

    The Open PGP card firmware for YAST token is available on github. This firmware implements the OpenPGP Card standard version 3.4.The following features are available:

    • RSA 2048 keys (up to 4096 by modifying
    • 6-digit PW1 password, 8-digit PW3 and RC passwords
    • Get challenge (up to 3070 bytes per call)
    • Factory reset
    • Key on-chip generation and key import trough GPG application.

    The token hardware and firmware are specifically designed to prevent the usage of the keys without the consent of the user. Keys stored onto the token cannot be extracted by any means.

    YAST token will be on sale on Tindie soon. By the way, this firmware can be ported on LPC55S28 dev. kit (see. repo If your are interested by separately evaluating the SE050 secure element using a Raspberry PI, a breakout board is already on sale on Tindie.

View all 3 project logs

Enjoy this project?



soundinfo690 wrote 11/05/2023 at 08:17 point

Your endeavor is incredible. This endeavor has given me a lot to learn. I'd want to distribute it to the  security guard for hire  team so they can read it and apply something fresh to our ongoing efforts.

  Are you sure? yes | no

jerryharmer567 wrote 03/13/2023 at 11:11 point

There has been a great deal of value to me in my involvement with the project. Would like to share it with the security companies in los angeles team so they can also read it and implement something new.

  Are you sure? yes | no

Tobias Oberstein wrote 06/17/2021 at 19:39 point

I just found, which clarifies the SE version being used (SE050C1HQ1_Z01SCZ): awesome! +1, as this version supports Keccak and Curve25519/EdDSA ECC the latter is used in WAMP-cryptosign authentication. (

  Are you sure? yes | no

Tobias Oberstein wrote 06/17/2021 at 18:07 point

Hi guys,

first of all, awesome project! thanks for sharing your work! fwiw, I fully agree with the argument rgd why LPC55Sxx + SE050E makes sense.

I am working with this chip in the context of IoT / blockchain (pls see / XBR projects on GitHub if you are interested).

anyways, I have some questions;) would be cool to hear your thoughts about that.

1) Are you using the SE050Cx (rather than A/Bx)? Because only this version supports Keccak ECC, which is used in Ethereum. IOW: only the SE050Cx can be used to off-line sign Ethereum transactions.

2) The SE050xxx supports NFC, which obviously requires an antenna. This allows the chip to be read/written from eg a mobile app without USB power. Is that supported by the token?

3) "At the moment, due to a shortage in LPC55S69 chips, YAST token is based on a LPC55S28 chip which does not implement TrustZone. However these two chips are pin compatible." - I see:( Is that still true?

Cheers, /Tobias (with greetings from Germany;)

  Are you sure? yes | no

Michael Grand wrote 07/12/2021 at 16:17 point

Dear Tobias,

First if all, I apologize for the late reply!

YAST token is indeed based on SE050Cx which supports the largest range of cryptographic algorithms.

 Considering question #2, YAST does not support NFC communications through SE050. In addition, I does not exactly know what can be done through this interface. Datasheet says that it is possible to configure the component on the field but i'm not sure you can use all the features of the chip through this interface. You will have to check the detailed datasheet to see if this interface can do what you need. If this is not the case, I believe the new solokey, which is roughly based on the same global architecture, implements the NFC interface using a separate chip. You could have a look to its schematic.

About question #3, unfortunately we are facing a long term shortage (at least on mouser, but I'm pretty sure this shortage affects all retailers). Mouser says that lpc55s69 should be back in stock in Q1 2022!

Best regards,

Michael Grand

  Are you sure? yes | no

Ken Yap wrote 02/20/2021 at 02:19 point

Isn't the project name a pleonasm? 😉

  Are you sure? yes | no

Similar Projects

Does this project spark your interest?

Become a member to follow this project and never miss any updates