GSoC/GCI Archive
Google Summer of Code 2014

Crypto Stick

License: GNU General Public License version 3.0 (GPLv3)

Web Page:

Mailing List:

The Crypto Stick project develops Open Source USB keys for secure login in the Web and to enable high secure encryption of e-mails and data. It includes an One Time Password feature which can be used with Google and many other popular websites. The project has been founded in 2006. Core developers come from Germany, Poland, Singapore and Vietnam.

Secret keys are always stored securely inside the Crypto Stick. Their extraction is impossible which makes the Crypto Stick immune to computer viruses and Trojan horses. The user-chosen PIN and the tamper-proof design protect in case of loss and theft. The complete software stack is Open Source to allow verifying the security and integration with own applications. Different PCB/boards on the market can be used for development.

Many exciting features are already implemented such as support of Google's two-factor authentication, SSH, GnuPG, Mozilla Thunderbird, OpenSC. Other ideas on the roadmap are integration of email encryption with popular webmailers such as Gmail.


  • True Crypt improvement Study PKCS-11 specification and how it is currently used by True Crypt. Implement and test missing funtionality for proper use of smart cards. Document code and create user documentation.
  • Update to the OTP firmware and optimization of the GUI interface Update to the OTP firmware as mentioned in the deliverables and optimization of the GUI interface of the Ctypto Stick tool using QT5 and possibly porting the code of Crypto Stick on Android and adding an OCRA-mode.