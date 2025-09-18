from the another-thing-for-your-key-ring dept.
The Librem Key is an OpenPGP smart card supporting up to 4096-bit RSA keys and 512-bit ECC keys. These keys are intended to be used as basic security token functions -- they will work with any laptop/PC but reportedly offer extra features when paired with Librem laptops or devices supporting the Heads security firmware.
In addition to the standard features of a security token (GPG key storage and multi-factor authentication) that the Librem Key can perform on any computer, here are some of the interesting integration options with our Librem laptops we are already looking into with the Librem Key that will make security much more convenient for users who are facing average threats:
- Insert the Librem Key at boot and automatically decrypt your hard drive
- Automatically lock your laptop whenever you remove the Librem Key
- Use your Librem Key to log in
(Score: 2) by pvanhoof on Tuesday September 25, @09:48PM
So they basically do ~ this [howtoforge.com]?
CRYPTROOT=target=sda2_crypt,source=/dev/disk/by-label/Librem_Key in /etc/initramfs-tools/conf.d/cryptroot
sda2_crypt dev/disk/by-label/Librem_Key none luks,keyscript=/usr/local/sbin/unlocklukskey.sh in /etc/crypttab
Locking my laptop when I take out the USB stick is quite a good idea against Evil Maid attacks. However. It should also unmount my encrypted /home after somehow freezing all my user's processes and their filedescriptor usage for files within /home, and then somehow dehibernate them after remount once I plug in the USB stick.
Anything that keeps the luks encryption key in memory (which is precisely what keeping the encrypted volumes mounted will do, no matter if you take out the USB stick or not) is going to even let recently hired youngsters with basic infosec training of my country's secret services (Belgium) to Evil Maid me completely. Almost certain that they'll just copy all the RAM somehow and fish the keys out of it in the blink of an eye.
Also important is that this setup will survive a apt-get dist-upgrade with kernel upgrades and constant initrd regenerating. Would be nice to have all this well supported by the people who maintain the distribution. Some amount of security is nice. But for the real serious stuff it will (or would) be TAILS anyway.. In which case I might as well store all important data (encrypted) on the same USB stick that with this Librem Key contains the keys anyway (and then boot Tails from RO media like a cdrom).
(Score: 2) by MostCynical on Tuesday September 25, @09:50PM (1 child)
Librem key $59 (USD)
Nitro Key Pro 2 [nitrokey.com] €49
So almost the same price.
Can't immediately tell how they are different (apart from the branding)
(Score: 0) by Anonymous Coward on Tuesday September 25, @09:58PM
Couldn't we cobble together an open source version of this with a cheap commodity sd card/usb stick?