A few months ago we announced that we were partnering with Nitrokey to produce a new security token: the Librem Key and I’m pleased to announce that today the Librem Key is available for purchase on our site for $59.
In case you haven’t heard of USB security tokens before, they are devices typically about the size of a USB thumb drive that can act as “something you have” for multi-factor authentication. With so many attacks on password logins, most security experts these days recommend adding a second form of authentication (often referred to as “2FA” or “multi-factor authentication”) in addition to your password so that if your password gets compromised the attacker still has to compromise your second factor. USB security tokens work well as this second factor because they are “something you have” instead of “something you know” like a password is, and because they are portable enough you can just keep them in your pocket, purse, or keychain and use them only when you need to login to a secure site.
In addition to multi-factor authentication, security tokens can also often store your private GPG keys in a tamper-proof way so you can protect them from attackers who may compromise your laptop. With your private keys on the security token, you can just insert the key when you need to encrypt, decrypt, sign, or authenticate and then type in your PIN to unlock the key. Since your private keys stay on the security token, even if an attacker compromises your computer, they can’t copy your keys (and even if you leave the key plugged in, they need to know your PIN to use it).
There are many other vendors out there who offer their own security tokens, so why make our own? The first reason is that few security tokens out on the market align with our values here at Purism, in particular with respect to freedom. I’ve explained in a previous post why freedom is essential to security and privacy and this is especially true for a device that is holding some of your most sensitive secrets. We wanted a security token that used open hardware, free software firmware, and free software user applications and that is why we partnered with Nitrokey to produce a security token that respected your freedom from the beginning.
We also wanted to make the Librem Key because of all of the integration possibilities with our existing products that would make customers more secure in a way that’s also more convenient. When you can bundle a security token with your own laptop and operating system, there are so many interesting possibilities, especially when the firmware and user applications are free software so we can easily modify them to add even more features.
In addition to the standard features of a security token (GPG key storage and multi-factor authentication) that the Librem Key can perform on any computer, here are some of the interesting integration options with our Librem laptops we are already looking into with the Librem Key that will make security much more convenient for users who are facing average threats:
One of the most exciting opportunities the Librem Key opens up to us is in integrating with our tamper-evident Heads BIOS to provide cutting-edge tamper-evident security but in a convenient package that doesn’t exist anywhere else.
Currently with Heads, when you want to prove that the BIOS hasn’t been tampered with, you need to set up a TOTP application on your phone and scan a QR code from within Heads. Then at each boot you compare the 6-digit code Heads displays on the screen with the code in your phone. If the codes match, the BIOS is safe. This method works but is a bit cumbersome and with the Librem Key we can do better.
We have worked with Nitrokey to add a custom feature to our Librem Key firmware specifically for Heads. This custom firmware along with a userspace application allows us to store the shared secret from the TPM on the Librem Key instead of on a phone app. Then when Heads boots, if the BIOS hasn’t been tampered with the TPM will unlock its copy of the shared secret, and Heads will send the 6-digit code over to the Librem Key. If the code matches what the Librem Key itself generated, it flashes a green light. If the codes don’t match, it flashes a red light.
So if you are concerned about someone tampering with your computer when you aren’t around, just boot with the Librem Key inserted. If it blinks green you are safe, if it blinks red you’ve been tampered with. There is no other product on the market today that offers this kind of simple but strong tamper-evident protection, much less one that respects your freedom where the keys are fully in your control.
The Librem Key opens up possibilities for even stronger anti-interdiction protection for customers who need it. We will be able to link a Librem Key with a laptop running Heads at our facility and then ship them separately. Then when each package arrives you can immediately test for tampering with an easy “green is good, red is bad” test.
Many companies have already incorporated 3rd party security tokens into their engineering teams as a way for software engineers to sign their code pushes securely or as convenient multi-factor token. The Librem Key offers enterprises a way to combine all of the other features they are used to with other security tokens along with our cutting-edge tamper-evident boot process on our Librem laptops in an easy and convenient package where all of the keys are fully under their control.
Since the firmware and userspace tools are free software, that means enterprises can also easily customize these tools to suit their own internal policies whether with their own software teams or by working with Purism. That could mean anything from providing a customized error page to employees when Heads detects tampering to actively preventing employees from booting a tampered-with machine.
Knowing that our customers have a secure and freedom-respecting security token opens up all sorts of other possibilities and today we are only scratching the surface on what we will be able to do with Librem Key both for new customers and those that have been with us from the beginning. Stay tuned for future posts where I will dive deeper into some of the Librem Key’s features and explain how to get the most out of it. In the mean time you can order your own Librem Key from the Librem Key product page.
Update: read more in our follow-up post explaining the interaction between the Librem Key and our coreboot+Heads BIOS replacement to learn more about how the tamper detection works.