I’ll soon be doing some coding for the Spark2 under Linux. Raw crypto stuff though, not linked to Vivokey.
Speaking of Vivokey Amal, hypothetically-speaking, would there be a problem if it worked with user-generated keys as well as its own s00per-s3kr1t key (or keys) that it sets on all the crypto chips it sells, aside from the fact that it can’t really trust the user to keep their key safe? I mean if the user compromises their own key, at the end of the day, the only loser is them. Vivokey itself wouldn’t run any risk.
1 Like
I haven’t looked into what sort of command’s the chip takes but now I’m curious without the keys to validate it’s response what do think you will be able to do with it?
I’ll stick my own key(s) in it, and use it to encrypt stuff, sign files, and challenge-response authenticate into my own servers. If I don’t find existing code to modify, I’ll code my own. But most likely I’ll extend another library.
1 Like
A spark2 or an unprovisioned ntag413? I thought the ntag413s Iin the spark where configured to be fully read only?
Yeah okay. Let’s say a Spark2 is a Vivokey-locked NTAG413 then - in which case, I meant an unprovisioned NTAG413 
1 Like
Cool, only reason I was clarifying was if I could do anything additional with my spark 2 in the future. Still will be interested in what you do with it I’m looking into similar stuff for the DF2 eventually
1 Like
Well that’s the thing: if you don’t know the master key (and you don’t) and you can’t set any other key (and you won’t be able to), you won’t do any non-Vivokey crypto with it. You can use it to store a short NDEF, or use it with my brilliant login software [gratuitous plug right there… ] with its UID, and of course use it to authenticate with VK’s servers. But that’s about it.
1 Like
Yeah that was my impression (unless @amal releases key 2 to us)
Hence the confusion of you doing your own crypto with it.
1 Like
I for one just am glad people are working on things with it. I misunderstood it when I bought it. I am struggling to figure out how to actually implement it.
What do you want to implement?
Well you can set the URL and authenticate with software and websites that use the VivoKey OIC system and Enrol it with things. That’s about it AFAIK.
1 Like
Ah yes okay, application-level. Not interested
6 Likes
Very nice keyboard 
Exciting progress, @Pilgrimsmaster will be pleased!
Next week comes the linux desktop app right 
2 Likes
So the main issue we have with desktop clients at the moment is the push notifications, i.e. firebase for Android, which doesn’t have an official client or anything. I think you’d mentioned something about polling? I think the big question is, how important would a desktop application be for VivoKey chip scan validations really be? Are there common scenarios where you wouldn’t have your phone handy for such situations?
1 Like
I could see it being used in headless linux projects. Given the huge DIY electronics overlap, many people have needs/wants that could be solved with microcomputers.
1 Like
Yeah, I was thinking the same thing, it would be great to have an api so say my door lock can actually validate my identity over the internet if I wanted to implement that.
As for desktop client, I am thinking about if I use vivokey as my login mechanism for my personal “cloud” services I would require login every time, having a desk reader is much more convenient for those use cases. Also if the phone breaks I am without access despite having 3 devices capable of reading it.
If I was building the app I would use the scan to trigger the check for a verification. So website says login. I scan hand on my ARC and the client goes cool, lets see if VivoKey servers need this.
So my motivations would be:
- Backup (In case of destruction, or in my case forgetfulness)
- Convenient (No need to pull phone out of pocket at work/home, unlock it, click notification then scan. Just scan)
- Cool possibilities if I could validate a scan from my own application that I have not even thought of yet
I like the idea of building a reader that has no intelligence ( it scans my apex, sends the request off and gets a id back) it would be awsome to be able to do this with something like an esp8266 (arduino with wifi)
1 Like
I love these things…
1 Like