Technical description

Specifications

Weight and dimensions

Weight: 23g
Height: 39mm
Length 65mm
Width: 10mm

Processor

Atmel AVR Microcontroller

Display

128x32 pixel Transreflective LCD with LED backlight

Battery

Rechargeable Lithium-Polymer Battery. Hold power for more then 14 hours of continuous use. Charges the battery immediately when the device is connected via USB.

Number of password entries

500

Crypto algorithms used

NIST approved AES-128, NIST approved CTR_DRBG, CBC-MAC, AES in counter mode and AES in CBC mode

Menu language

English

USB keyboard layouts

English(US), Swedish, German, Norwegian, Danish, Swiss(German), Swiss(French), Mac English(US),Mac Swedish, Mac pro Swedish, Mac German,Mac Norwegian,Mac Danish,Mac Swiss(German),Mac Swiss(French),English(UK), Mac English(UK), French, Mac French

Case material

ABS plastic

Compliance

Seclave technical and security detailes

Encryption and decryption

The microcontroller contains two flash memories, one storage flash memory that hold encrypted data and an protected external memory chip to hold it's internal crypto keys.

The stored content on Seclave, including passwords, labels, username and optional fields are encrypted with AES-128 using a high entropy random key.

The encryption and decryption is carried out internally on the microcontroller of Seclave.

This protected memory chip is design to protect unauthorized extraction of it's content, including protection against physical attacks.

The user unlock the protected flash memory with a two passcode words, which is validated by the memory If four incorrect attempts are carried out the content will be permanenty erased.

Entropy

The internal entropy is managed using the NIST approved pseudo random generator CTR_DRBG, which uses AES-128 as the mixing function.

The random generator is seeded with entropy from several physical sources, including a highly random seed based on timing events triggered by user interaction, sensors measuring physical properties with natural noise.

Backup

The backup archives are encrypted with AES-128 in counter mode and authenticated using a CBC-MAC with a 128-bit high entropy random key. This makes the backup archive safe to expose to anybody, as long as the backup key is kept safe.

The backups are seeded and fully filled, so it is impossible to determine how many passwords that are contained on a backup.

It is also impossible to read out if anything or how much of the backuped data that has been changed between two backups without breaking the encryption.

Security boundaries

The USB stack is written with security as a top priority as it act as an security boundary between the Seclave domain, which contains all passwords, and the computer it is attached to, which is only authorized to receive a subset of the stored passwords.

This is achieved by only implementing a bare minimum of what is needed to drive a HID keyboard and a USB mass storage device and at the same time treating all data that is received from the computer as potentially being invalid and dangerous.