SDK Overview

With Cotech SDKs, your app can take advantage of the latest security solutions for authentication and end-to-end encryption. SDK updates are distributed via our Maven repository. This makes it easy for you to integrate the newest versions that we have to offer.

Add the SDK to Your Project

To get a username and password for our Maven repository, please contact us for a license.

Add this to your build.gradle:

repositories {
    maven {
        credentials {
            username "xxx"
            password "xxx"
        url ""

dependencies {
    // Base artifact
    implementation 'de.cotech:hwsecurity:4.4.0'

    // If included, the app will show up when a security key is connected via USB.
    implementation 'de.cotech:hwsecurity-intent-nfc:4.4.0'
    // If included, the app will show up when a security key is held against the NFC sweetspot.
    implementation 'de.cotech:hwsecurity-intent-usb:4.4.0'
    // FIDO2/WebAuthn implementation
    implementation 'de.cotech:hwsecurity-fido2:4.4.0'
    // FIDO implementation
    implementation 'de.cotech:hwsecurity-fido:4.4.0'

    // Additional classes for local parsing and verification of FIDO messages
    // Usually not required for FIDO clients.
    implementation 'de.cotech:hwsecurity-fido-util:4.4.0'

    // To support OpenPGP Security Keys
    implementation 'de.cotech:hwsecurity-openpgp:4.4.0'

    // To support PIV Security Keys
    implementation 'de.cotech:hwsecurity-piv:4.4.0'

    // For TLS client certificate authentication (for example with PIV Security Keys)
    implementation 'de.cotech:hwsecurity-provider:4.4.0'
    // For SSH with Jsch (with OpenPGP or PIV Security Keys)
    implementation 'de.cotech:hwsecurity-ssh:4.4.0'
    // For SSH with SSHJ (with OpenPGP or PIV Security Keys)
    implementation 'de.cotech:hwsecurity-sshj:4.4.0'
    // Generic security key dialog with a keypad for PIN input
    implementation 'de.cotech:hwsecurity-ui:4.4.0'

SDK Artifacts

  • All packages in our Hardware Security SDK live in a consistent namespace starting with the string de.cotech.hw.

  • The artifacts use strict Semantic Versioning.

  • All artifacts have a minimum SDK Version of 14 (Android >= 4.0). Though, we recommend a higher SDK (Rec. SDK) for some artifacts.

  • All SDK artifacts are kept as small as possible with a minimum set of dependencies.

  • hwsecurity-fido-util and hwsecurity-openpgp automatically provide a Proguard file via consumerProguardFiles. When you set minifyEnabled true for your app, our Proguard file will automatically be used to remove unnecessary Bouncy Castle classes.

Build Artifact Version Min SDK Rec. SDK Size
de.cotech:hwsecurity 4.4.0 14 ~158 KiB
de.cotech:hwsecurity-intent-nfc 4.4.0 14 ~2 KiB
de.cotech:hwsecurity-intent-usb 4.4.0 14 ~2 KiB
de.cotech:hwsecurity-fido2 4.4.0 14 19 ~360 KiB
de.cotech:hwsecurity-fido 4.4.0 14 19 ~128 KiB
de.cotech:hwsecurity-fido-util 4.4.0 14 19 ~45 KiB
de.cotech:hwsecurity-openpgp 4.4.0 14 ~162 KiB
de.cotech:hwsecurity-piv 4.4.0 14 ~58 KiB
de.cotech:hwsecurity-provider 4.4.0 14 ~10 KiB
de.cotech:hwsecurity-ssh 4.4.0 14 ~8 KiB
de.cotech:hwsecurity-sshj 4.4.0 14 ~5 KiB
de.cotech:hwsecurity-ui 4.4.0 14 19 ~131 KiB


We strive to keep the number of external dependencies as small as possible. When possible we use Android’s API, e.g., for JSON parsing or JCA operations. All artifacts depend on the core artifact de.cotech:hwsecurity.

Build Artifact Dependencies
de.cotech:hwsecurity androidx.lifecycle:lifecycle-runtime:2.3.0
de.cotech:hwsecurity-fido2 de.cotech:hwsecurity-ui
de.cotech:hwsecurity-fido de.cotech:hwsecurity-ui
de.cotech:hwsecurity-fido-util de.cotech:hwsecurity-fido
de.cotech:hwsecurity-openpgp org.bouncycastle:bcprov-jdk15on:1.65
de.cotech:hwsecurity-piv de.cotech:hwsecurity-provider
de.cotech:hwsecurity-ssh org.bouncycastle:bcprov-jdk15on:1.65
de.cotech:hwsecurity-sshj com.hierynomus:sshj:0.31.0
de.cotech:hwsecurity-ui androidx.appcompat:appcompat:1.2.0

Dependency Licenses

The Hardware Security SDK uses code from other projects. In order to comply with its license requirements we prepared a license text that can be included in your published app: License Text.