Analysis updated 2026-05-18
Run an OpenPGP-compatible hardware key for GnuPG email and code signing.
Study an open, auditable hardware security token implementation in Rust.
Layer up to four symmetric ciphers in a cascade for extra key protection.
Use ephemeral ECDH and Shamir secret sharing on a physical security device.
| supermagnum/galdralag-firmware | codeitlikemiley/antigravity-sdk-rust | dedsec-xu/needle | |
|---|---|---|---|
| Stars | 3 | 3 | 3 |
| Language | Rust | Rust | Rust |
| Setup difficulty | hard | hard | moderate |
| Complexity | 5/5 | 4/5 | 3/5 |
| Audience | researcher | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
Requires Baochip-1x/Dabao hardware and a RISC-V cross-compile toolchain.
Galdralag Firmware is the software that runs on the Baochip-1x hardware security token, specifically the Dabao evaluation board. A hardware security token is a small physical device, similar to a USB key, that stores cryptographic keys inside tamper resistant hardware so they can never be extracted by software. This one behaves like an OpenPGP smartcard, a widely used standard for email encryption and code signing that tools like GnuPG understand natively. The firmware runs on the Xous microkernel, a security focused operating system, and is written in Rust, a programming language chosen because it prevents entire categories of memory related security bugs at compile time. The full hardware design, schematics, bootloader, and operating system, is open source and auditable, meaning anyone can inspect exactly what the device does. Beyond standard OpenPGP card operations, this firmware adds features not commonly found on similar devices: cipher profiles that let you layer up to four different symmetric encryption algorithms in a cascade, ephemeral ECDH, a key agreement technique that generates fresh encryption keys per session, Shamir secret sharing, a method to split a secret across multiple pieces so no single piece reveals it alone, and biometric authentication support. The project explicitly does not support FIDO2, one time passwords, or USB keyboard emulation, it is focused on GnuPG compatible cryptographic operations. It is registered with the Open Invention Network, a defensive patent pool for open source software. The project also documents a threat model, an audit log, and detailed guides covering the key lifecycle, biometric API, and hardware bring up testing, suggesting the authors intend it to be reviewed and trusted rather than taken on faith. Support for post quantum cryptography, the newer generation of algorithms designed to resist future quantum computers, is mentioned as partly implemented but not yet independently audited. The full README is longer than what was shown.
Open source firmware for a USB hardware security key that stores encryption keys like an OpenPGP smartcard.
Mainly Rust. The stack also includes Rust, Xous.
License terms were not clearly stated in the truncated portion of the README that was reviewed.
Setup difficulty is rated hard, with roughly 1day+ to a first successful run.
Mainly researcher.
This repo across BitVibe Labs
Verify against the repo before relying on details.