Welcome to the USB security token designed to make encryption easy while respecting your freedom with open hardware and free software. Keep your secret encryption keys in your pocket and out of the hands of hackers.
The Librem Key is designed with portability in mind. It’s the same size as your average thumb drive and has a durable, full-size USB plug and a sealed case. Add it to your key ring or just put it in your pocket or purse and know your keys are always with you.
The Librem Key features a tamper-resistant OpenPGP smart card that can store up to 4096-bit RSA keys and up to 512-bit ECC keys and can even securely generate them directly on the device. Ordinary GPG keys stored on your computer can be copied and used by hackers to decrypt your emails and documents, but once private keys are on the Librem Key, they stay on there and can’t be copied–encryption and decryption happens on the key itself!
With your GPG keys safely on the Librem Key, using encryption across multiple devices just got easier. Just insert your Librem Key whenever you want to encrypt, sign, or decrypt. Your keys are protected with a PIN so they are safe even in the hands of an attacker.
When you store your most sensitive secrets on a device, it’s even more important that you can trust the hardware and the software. Since the Librem Key is built on open hardware with free software firmware, you can verify both against security bugs and backdoors. You retain ownership and control of your device–not us.
You should use a long passphase to protect your encrypted hard drive, but typing it in each time you boot can be a hassle. With a Librem Key linked to your encrypted drive, you can boot your system, insert your key, and enter your PIN when prompted. You can always fall back to your passphrase if your Librem Key isn’t at hand.
It’s a good practice to lock your computer whenever you step away from it but it can be tricky to remember to do it. Just remove your Librem Key and your desktop will lock automatically, protecting your system from snooping while you are gone.
When combined with our cutting-edge Heads tamper-evident boot system, the Librem Key makes it easy to prove your system is secure by detecting whether your laptop BIOS or kernel has been tampered with. Insert the key at boot time and if it blinks green, all systems are go. If it ever detects tampering, the Librem Key’s LED blinks red, alerting you to the problem.
Concerned about tampering while traveling? With the Librem Key in your pocket you can have peace of mind when you leave your Librem laptop in your hotel room or send it through customs. If anyone tampers with your BIOS or kernel while your laptop is out of your hands, the Librem Key will alert you the next time you turn it on.
|Key slots||Three key slots supporting RSA 2048-4096 bit and ECC 256-512 bit|
|Supported elliptic curves||NIST P-256, P-384, P-521 (secp256r1/prime256v1, secp384r1/ prime384v1, secp521r1/prime521v1), brainpoolP256r1, brainpoolP384r1, brainpoolP512r1|
|Protocols||CSP, OpenPGP, S/MIME, X.509, PKCS#11|
|One-time password storage||3x HOTP (RFC 4226), 15 x TOTP (RFC 6238)|
|Integrated password manager||16 entries|
|Random number generator||40 kbit/s true random number generator|
|Tamper-resistant smart card|
|Life expectancy||> 100,000 PIN entries|
|Storage time||> 20 years|
|USB||USB 2.0, type A|
|Dimensions||48 x 19 x 7 mm|
|Safety and environmental compliance||FCC, CE, RoHS, WEEE|