pqfk-proto — ForgeKey host<->device wire protocol over the pqfk-spec format; consumed by the bridge (pqbr) and clients. Apache-2.0.
Forge Vault — Host-side encrypted credential store: holds the credential registry, device pairing material, and audit log, sealed by a key derived from the user passphrase + device-bound attestation key (argon2 + chacha20poly1305).
pqfk-spec — ForgeKey transport/wire format (CDDL grammar + codec). CC-BY-4.0 spec prose with Apache-2.0 implementable fragments; the crate ships the Apache codec.
Forge Firmware — RP2350/production-MCU firmware umbrella (Embassy, HAL, USB HID+CDC, display driver, secure-element driver, on-device protocol handler); the reproducibly-built, supply-chain-attested device firmware.
Forge Crypto — Audited crypto-primitive re-export crate pinning the exact primitives the ForgeKey workspace uses (ed25519-dalek, x25519-dalek, curve25519-dalek, chacha20poly1305, aes-gcm, argon2, hkdf, sha2; no_std variants on-device; ml-dsa/FIPS-204 pinn
pqfk-proto — ForgeKey host<->device wire protocol over the pqfk-spec format; consumed by the bridge (pqbr) and clients. Apache-2.0.
Forge Credential Registry — Canonical credential-entry schema (label, derivation path, scope, policy, expiry, attestation) + signed CBOR/Ed25519 detached-signature manifest format, consumed by the ForgeKey device, host CLI, and web console. Published as a
pqcr-migrate — schema_version migrations for the pqcr (Forge Credential Registry) signed-manifest format. Apache-2.0 (the pqcr reference-impl tier).
Forge Bridge — Host-side transport bridge between the ForgeKey device (USB CDC + custom HID class) and the host stack; speaks the pqfk-proto wire format (tokio, nusb/rusb, postcard). One transport for the CLI, web extension, and desktop console.
pqfk-spec — ForgeKey transport/wire format (CDDL grammar + codec). CC-BY-4.0 spec prose with Apache-2.0 implementable fragments; the crate ships the Apache codec.
ForgeKey — Hardware security / credential-presentation authority (BIP-85 derivation, secure element + trusted display + USB-HID approval). Product ROOT scope and brand. Sub-crates: pqfk-spec, pqfk-proto, pqfk-host, pqfk-mcu, pqfk-ui.
ForgeKey — Hardware security / credential-presentation authority (BIP-85 derivation, secure element + trusted display + USB-HID approval). Product ROOT scope and brand. Sub-crates: pqfk-spec, pqfk-proto, pqfk-host, pqfk-mcu, pqfk-ui.
Forge Attestation Provider — Supply-chain attestation: verifies (and produces) per-unit manifests (PCB serial, batch ID, SE/MCU lot numbers, firmware manifest, build provenance) per in-toto v1.0 / SLSA v1.0. Manifests published to a transparency log; seri
ForgeKey — Hardware security / credential-presentation authority (BIP-85 derivation, secure element + trusted display + USB-HID approval). Product ROOT scope and brand. Sub-crates: pqfk-spec, pqfk-proto, pqfk-host, pqfk-mcu, pqfk-ui.
pqfk-proto — ForgeKey host<->device wire protocol over the pqfk-spec format; consumed by the bridge (pqbr) and clients. Apache-2.0.
pqfk-spec — ForgeKey transport/wire format (CDDL grammar + codec). CC-BY-4.0 spec prose with Apache-2.0 implementable fragments; the crate ships the Apache codec.
Forge Bridge — Host-side transport bridge between the ForgeKey device (USB CDC + custom HID class) and the host stack; speaks the pqfk-proto wire format (tokio, nusb/rusb, postcard). One transport for the CLI, web extension, and desktop console.