blog

Libre Key Companion: manufacturer-agnostic security key manager for Android and iOS

28-06-2026

We're happy to announce Libre Key Companion, a new open-source companion application for Android and iOS that lets you manage hardware security keys and smart cards from any manufacturer.


The application supports NFC on both platforms, and USB where supported by the operating system.

On iOS, security key management is currently possible via NFC only. This is due to current iOS platform limitations around external security key interfaces. USB-based interaction is not available on iOS today, but this may change in the future if platform capabilities evolve.

Libre Key Companion brings together the most common security key management tasks into a single application. It supports FIDO2/CTAP2 management (PIN, alwaysUV, passkeys and biometric enrollment), OATH (TOTP/HOTP), Token2 on-device OTP, and read-only inspection of OpenPGP and PIV applets. It also looks up a key's FIDO Alliance metadata to display its certified product name, certification level and icon.



Why a new app, and not the existing Token2 Companion?

A fair question, since we already ship companion applications for our security keys.

Our existing Token2 Companion software has evolved over many years around our own product line. It contains a considerable amount of Token2-specific functionality and platform-specific behavior that makes it an excellent management tool for our devices, but not an ideal foundation for a community-driven, manufacturer-agnostic project.

Rather than open-sourcing a legacy codebase, we decided to start fresh.





Libre Key Companion is built as a clean, modular application, separating transport (NFC/USB), protocol implementations (CTAP2, YKOATH, OpenPGP, PIV, Token2 OTP) and the user interface.

Security-sensitive functionality—including OATH algorithms, CTAP2 PIN/UV cryptography, and certificate parsing—is validated against published specification test vectors wherever applicable. This results in a codebase that is easier to understand, audit, extend, and maintain.




Manufacturer-agnostic by design — but Token2 first

Libre Key Companion is designed to support any standards-compliant FIDO2 security key, regardless of manufacturer.

It implements open standards including CTAP2, YKOATH, the OpenPGP Card specification, and NIST SP 800-73 (PIV), making it suitable for a wide range of authenticators.

Naturally, Token2 devices receive the highest testing priority, since we develop both the hardware and the software. However, the project is intentionally open and welcomes improvements for devices from other manufacturers. If your preferred authenticator isn't fully supported yet, contributions are encouraged.



What it does today

  • FIDO2 / CTAP2 management — view authenticator information, set or change the PIN, enable or disable alwaysUV, list and delete passkeys, and enroll or manage fingerprints on biometric authenticators.
  • OATH (TOTP/HOTP) — list credentials with live codes, add credentials from QR codes or otpauth:// URIs, and delete credentials.
  • Token2 on-device OTP — manage OTP entries stored directly on compatible Token2 security keys.
  • FIDO Alliance metadata — identify a security key by AAGUID and display its certified product name, certification level, and icon using an offline metadata database that can be updated.
  • OpenPGP & PIV — inspect key slots, supported algorithms, certificates, and retry counters.

Libre Key Companion is intentionally a management application. It does not function as a system credential provider or passkey provider for website sign-in.




A note on scope

Libre Key Companion is currently beta software.

The implemented features have been tested on real hardware, but the project is still evolving toward a 1.0 release. As with any management utility capable of modifying authenticator settings, we recommend testing on a spare key whenever possible.



Get involved or start using it today

Libre Key Companion is completely open source.

Android Repository   iOS Repository

We welcome bug reports, feature requests, and pull requests. If you'd like support for a particular authenticator or discover a compatibility issue, please open an issue on GitHub. Our goal is to build an open, standards-based security key manager that benefits the entire FIDO ecosystem.
Android
The Android version is available from:
iOS
On iOS, Libre Key Companion supports security key management via NFC only, due to current platform limitations in iOS external security key access. USB-based interaction is not available on iOS at this time, but may become possible in the future if platform capabilities evolve. The iOS version is open source and available from GitHub: It will also be available on the App Store: The App Store version will be updated in sync with GitHub releases where applicable.

updates tools