Skip to content

How do I start?

Start today to protect your personal keys, your communications, your digital life.

Decide between the Pico HSM, Pico Fido and Pico OpenPGP:

  • Pico HSM: for users who want to manage multiple private and secret keys, sign and decrypt operations, deploy a PKI, smooth integration with OpenSC or OpenSSL.
  • Pico Fido: for users who look for secure logins in applications, smooth integration with OS, register and authenticate credentials.
  • Pico OpenPGP: for users who aim at integrating OpenPGP for secure email, gnupg and PGP cryptographic operations.
1

Acquire a Raspberry Pico or ESP32-S3 device. You have multiple vendors, starting at $4. You can choose the internal flash size (up to 16 MB).

Take a look to Raspberry Foundation and Espressif.

2

If you own an ESP32-S3 board, go to ESP32 flasher.

If you own a Raspberry Pico, download the firmware for your board. If you board is the canonical sold by the Raspberry Foundation, go for the pico or pico_w compilation, depending on the model (W stands for wireless model).

Pico HSM

Version 4.0

Pico Fido

Version 5.8

Pico OpenPGP

Version 2.0

3

For Raspberry Pico, put the Pico device into recovery mode:

  1. Unplug the device
  2. While pressing the BOOTSEL button, plug the device to the USB port
  3. A mounted flash unit will appear in the File Explorer / Finder named RPI-RP2
  4. Copy the .uf2 file download previously and copy to the mounted unit
  5. The device will unmount the flash unit and will be remounted as a Pico key. The led light will blink periodically

Your device is ready to work!

4* *only for Pico HSM and Pico OpenPGP

Patch VID & PID if you use Pico HSM or Pico OpenPGP.

Pico HSM and Pico OpenPGP firmwares are shipped with dummy VID and PID values, since we are not allowed to embed VID/PID that we do not own. If you plan to use tools like OpenSC, pkcs11-tool, gpg, gpg2, etc. you must patch VID/PID to some of the supported pairs.

More info at Pico Patcher tool.

IMPORTANT: do not distribute any firmware with a patched VID/PID that you do not own.

What to do now?

Take a look on the following interesting posts:
  • Led Light Codes

    Led Light Codes

    Pico HSM uses the led to indicate the current status. Four states are available: Press to confirm The Led is almost on all the time. It goes off for 100 milliseconds every second. In this state, you have to press BOOTSEL button to confirm operation (i.e., confirm a signature generation). The operation will timeout in…

  • Generate and Sign a Certificate

    Generate and Sign a Certificate

    Pico HSM allows you generating lots of keypairs (public and private). It supports different types of cryptographic keys and thanks to PKCS11 interface, it can be used with any app implementing PKCS11 interface to sign a certificate request. Once the certificate is generated and signed, it can be easily examined with usual tools:

  • Keypair Generation and Key Management

    Keypair Generation and Key Management

    Pico HSM allows you generating multiple keypair (public and private). It supports different types of cryptographic keys and thanks to PKCS11 interface, it can be used with any app implementing PKCS11 interface. The ID parameter is an internal hexadecimal number for easy identification. The label is a string that also identifies the key. Despite it…

About me

This is another project, as many I started.

Copyright