Send in your ideas. Deadline August 1st, 2020.


Help grow the future

Your donations make a difference:
Donate today or Help fundraising



[Pitchfork -- concluded on 2018/08]

The PITCHFORK is a free/libre hardware device for compartmentalizing key material and cryptographic operations in a small and durable USB device. It uses a Cortex-M3 processor and stores all keys in the CPUs flash. The PITCHFORK has an embedded radio interface over which it can do secure key exchanges with other devices, including "post-quantum" cryptography. Over USB it can send and receive messages using various modern low-level crypto protocols providing different aspects of overall security.


Once a computer device you own is compromised, any cryptographic material on the device itself becomes available to the attacker to gain access to wherever that material can give access to - making your secrets as safe as the devices you use.

A Pitchfork board

In a PITCHFORK device, the cryptographic material your security depends on is stored in isolated hardware. It aims to directly protects cryptographic key material from adversaries in many different scenario's controlling the users environment such as network traffic, general computing devices, possession of the key container.


The concept is similar to smartcard-based cryptographic key-compartmentalization devices like the Nitrokey/Cryptostick, however the team behind Pitchfork tries to address some different attack vectors which results in additional capabilities. The radio device allows for offline private key exchanges, while the on-device user interface is resilient against keylogging on a compromised device.

Pitchfork team

Pitchfork is supported by NLnet and the Internet Hardening Fund.