Invest in the Future You Want to See.

A First Public Offering of Purism Stock on StartEngine. Minimum $500.

Invest Now

Librem Key Goodies (Part 1)

Librem 14, Product Design, Security /

David Hamner

Latest posts by David Hamner (see all)

The Librem Key comes preloaded with the PureBoot bundle to protect your firmware. While it’s good at protecting your boot firmware, that’s only some of what it can do.

You can also encrypt your computer’s file system, auto lock on removal, and encrypt local documents just to get started.

Encrypted Filesystem

By default, PureOS has an encrypted filesystem protected with a passphrase. But you can also use your Librem Key and your pin to unlock the files. To do so, You’ll need your Public key your Librem key uses. When you receive your Librem key, the Public key is shipped along with the Librem Key on a Thumb drive we call the Librem Vault.

You can also reset your Librem Key and store the public keys on a thumb drive from within Pureboot. Options -> OEM Factory Reset

To get access to both the public and private keys, you’ll need to generate your own keys manually and copy them onto the Librem key. See our docs for full steps. Once you know where your Public key is. Run these commands:

sudo apt install git scdaemon
git clone https://source.puri.sm/pureos/packages/smartcard-key-luks
cd smartcard-key-luks
sudo ./smartcard-key-luks /path/to/your/key.asc

You’ll be asked for your PIN on your Librem Key, and the unlock password on the drive. Once this is set up, you’ll need to reboot and re-sign your boot files. After that, you’ll be greeted with this menu on every reboot. With your Librem Key attached, enter your pin to unlock your computer.

You can still use your original passphrase without your Librem Key, by selecting: Options -> Boot Options -> Ignore tampering -> recovery mode Note, If you end up in the ram disk, press ctrl + D to continue to boot. Since you normally would use the Librem Key and its PIN to unlock your disk, you can consider using a much stronger passphrase for your backup option here.

File encryption

Your public key can also be used to secure local files that require the use of your Librem key to decrypt.

To use it, import your key with gpg

gpg --import /path/to/your/key.asc

With the public key imported, you can encrypt files by specifying the recipient.

gpg -r <email> -e /path/to/file/to/encrypt

Then, with your Liberm key attached, run this command on the resulting gpg encrypted file to regain access.

gpg --decrypt example.txt.gpg

Auto-locking

You can also configure your Librem device to lock when you remove the Librem Key.

This can be really handy to protect your computer when you walk away.

To enable auto-locking, Download and run this script as root:

git clone https://source.puri.sm/david.hamner/auto-lock-setup
cd auto-lock-setup
sudo ./auto_lock_setup

You can also manually copy these files into place.

Wrap up

From individual documents, to low-level file systems, all the way to your boot firmware, the Librem key can protect you on many levels. While not covered in this video, you can also sign email, post your public key to a key server, and create multiple Liberm Keys with duplicate keys. Take control of your data with the Librem key.

You can find the full documentation about the Librem Key.

Purism Products and Availability Chart

 ModelStatusLead Time 
USB Security Token Purism Librem KeyLibrem Key

(Made in USA)		In Stock
($59+)		10 business days
Learn More Buy Now
Librem 5In Stock
($999+)
3GB/32GB		10 business days
Learn More Buy Now
Librem 5 + SIMple
(4 GB Data)		In Stock
($99/mo)		10 business days
Learn More Buy Now
Librem 5 + SIMple Plus
(10 GB Data)		In Stock
($129/mo)		10 business days
Learn More Buy Now
Librem 5 + AweSIM
(Unlimited Data)		In Stock
($169/mo)		10 business days
Learn More Buy Now
Librem 11In Stock
($999+)
8GB/1TB		10 business days
Learn More Buy Now
Most Secure Laptop Purism Librem 14Librem 14In Stock
($1,370+)		10 business days
Learn More Buy Now
Most Secure PC Purism Librem Mini
Librem MiniApr 2024
($799+)		Shipping April, 2024
Learn More Buy Now
Purism Liberty Phone with Made in USA ElectronicsLiberty Phone
(Made in USA Electronics)		Apr 2024
($1,999+)
4GB/128GB		Shipping April, 2024
Learn More Buy Now
Most Secure Server Purism Librem ServersLibrem ServerApr 2024
($2,999+)		Shipping April, 2024
Learn More Buy Now
The current product and shipping chart of Purism Librem products, updated on March 26th, 2024

Recent Posts

Related Content

Tags

Advanced readers AweSIM Battery life Benchmarks and testing Boot and BIOS Chipsets and components Communications infrastructure Crowdfunding Customer Feedback cybersecurity Enterprise FLOSS applications Giving and contributing back Graphics infosec Laptops librem 5 Librem 5 USA Librem 14 Linux kernel Made in USA Electronics most secure computer most secure laptop most secure pc most secure phone Newsletter and status updates Phones Power management Press Privacy Product or service launch PureOS secure computing Security Social media Software freedom Supply chain Tablets Testimonials and user stories Tips and tricks User empowerment User experience design User interaction design Videos Website
Purism

3D renders are artist renderings, for illustration purposes. Images and specifications are subject to change depending on manufacturing requirements.

Unless otherwise noted, contents created by the Purism team on this website are copyleft with a CC-by-SA 4.0 license.