Crayonic KeyVault™

fingerprint recognition

handwriting recognition

voice recognition





Credentials secured by KeyVault
  • FIDO2 keys.

  • PIV smart card keys and certificates.

  • OAUTH secrets for TOTP, HOTP codes.

  • PGP keys.

  • Passwords in compatible password manager.

  • Blockchain keys for ETH and BTC compatible transactions.

  • Digital signature keys for Qualified Electronic Signatures as per eIDAS compliance.

  • Small files in secure mass storage (64 MB).

KeyVault Integration Options

KeyVault is compatible out-of-the-box with all FIDO2 certified services supporting all extensions.

KeyVault has been tested with Microsoft Windows Hello service for 100%  passwordless and usernameless authentication to PCs as well as MS Azure Active Directory connected services such as Office365 and other SAML2 / OIDC connected cloud and enterprise apps.

KeyVault integrates with PIV infrastructure for legacy PKI services. Using Crayonic SDK or backend service KeyVault enables X.509 certificate issuance over the FIDO2 protocol.


Self-service backup and recovery of lost KeyVaults can be integrated with IAM systems using SDK and/or Crayonic Gateway. This service is using FIDO2 protocol to backup and recover credentials using a highly secure multiparty computing scheme to eliminate issues of storing sensitive key material in centralised databases.

Security policy settings can be implemented using SDK and allow fast and centrally managed set up of KeyVault internal security policy i.e. level of authentication for unlocking given credential stored in Crayonic KeyVault™.