The Mooltipass project is a complete ecosystem aimed at providing authentication solutions. It is composed of:
- A physical device, providing all security-related features
- Multiple browser extensions (Chrome, Firefox, Edge, Opera) for easy credentials storage & recall
- A cross-plaform user interface, for easy management of the physical device features and database
- A cross-platform software daemon, serving as an interface between device and software clients
- An SSH agent, providing password-less SSH authentication using a Mooltipass device
- A python library to recall credentials stored on the Mooltipass
- A command line tool written in go to interact with the Mooltipass device
The Mooltipass Mini BLE is composed of two microcontrollers: an auxiliary one dedicated to USB and Bluetooth communications and a secure microcontroller dedicated to running all security features. You may read about the rationale behind this choice here. The device microcontrollers communicate with each other using a high speed serial link.
The auxiliary microcontroller mostly provides communication features.
Our USB interface provides three communication channels:
- A keyboard HID interface for the Mooltipass Mini BLE to simulate keypresses
- A custom HID interface for Mooltipass communications
- A FIDO2 HID interface to support password-less authentication
The Mooltipass Mini BLE uses the ATBTLC1000 to provide Bluetooth Low Energy connectivity. It currently provides two communication channels:
- A keyboard HID interface for the Mooltipass Mini BLE to simulate keypresses
- A custom HID interface for Mooltipass communications
It is in our plans to provide two additional communication channels for Bluetooth:
- One for FIDO2 features
- One to provide communcation with a mobile app providing autofill services for Android and iOS
Our user interface is the fruit of several years of work. It includes:
- Update files, language strings, font files, bitmap files and keyboard files bundle storage in external flash
- A read-only file system for parsing that bundle file: custom_fs.c
- 256x64x4bpp SH1122-based OLED screen support, with internal frame buffer: sh1122.c
- Run-length graphical files decoding: custom_bitsteam.c
- Unicode Basic Multilingual Plane support
- Multiple languages support on device
- Language-based fonts support
Our database model is documented here. Its main characteristics are:
- Multiple doubly linked list-based credential and file storage
- Parent (services) - Child (credentials) structure
- Credential categories support
- Credential favorites support
- Webauthn custom credential type
At the time of writing, the Mini BLE can handle logins & passwords up to 64 unicode characters long.
Mooltipass devices can simulate key presses in order to type logins & passwords onto the computer they're connected to. As the "byte sent on the wire" to "actual character typed on the computer" conversion is handled by the computer itself, that meant the Mooltipass devices need to handle multiple keyboard layouts.
For the Mooltipass Mini BLE, we are parsing the CLDR to make sure we can type text on any device.
The Mooltipass team selected BearSSL for cryptographic routines. The remaining code was made from the ground up. The Mooltipass Mini BLE includes the following authentication features:
- Standard login/password authentication, by key presses or with its own communication channel
- Webauthn / FIDO2 password-less authentication
- TOTP second factor authentication
Creating these firmwares from the ground up allowed us to create a smooth user-experience, tailored to privacy-minded indviduals. Here are some things that are worth mentioning:
- All transfers to peripherals, displays and MCUs are DMA-based
- A custom NiMH charging algorithm was implemented
- An accelerometer is used as a source of entropy
- All source code is doxygen-style documented
If you have even more spare time to contribute, the Mooltipass team is actively looking for contributors to:
- add a Bluetooth FIDO2 communication channel
- develop a companion Android/iOS app to use Autofill services
Depending on the task, we could ship you one of our developpement boards (shown above), or you could also develop using our device emulator. Do not forget to review our contributing guidelines!
The following languages are currently supported:
- English
- Catalan
- German
- French
- Italian
- Croatian
- Dutch
- Portuguese
- Spanish
- Slovene
- Finnish
If your language is not listed, get in touch with us to then be able to follow these instructions.
Get in touch with the development team and other Mooltipass enthuasiasts on our Mooltipass IRC channel: #mooltipass on irc.libera.chat