14 DAY TRIAL // Purism announced today that its highly anticipated Librem Key security key is now available for purchase as the first and only OpenPGP-based smart card to offer a Heads-firmware-integrated tamper-evident boot process for laptops.
Developed in partnership with Nitrokey, a company known for manufacturing open-source USB keys that enable secure encryption and signing of data for laptops, Purism's Librem Key is dedicated to Librem laptop users, allowing them to store up to 4096-bit RSA keys and up to 512-bit ECC keys on the security key, as well as to securely generate new keys directly on the device. Librem Key integrates with the secure boot process of the latest Librem 13 and 15 laptops.
"It’s not feasible or healthy to monitor your computing devices every second - and that's especially the case when you travel," says Kyle Rankin, Chief Security Officer at Purism. "With the Librem Key, we are giving Librem users the keys to completely lock their computer if they're in an unfamiliar network environment in the same way one would want to have the keys to their car if they needed to drive to an unfamiliar neighborhood."
Disk & email encryption, authentication, and tamper-evident boot security on a single key
Designed to let Librem laptop users see if someone has tampered with the software on their computers when it boots, Librem Key leverages the Heads-enabled TPM (Trusted Platform Module) chip in new Librem 13 and Librem 15 laptops. According to Purism, when inserted, the security key will blink green to show users that the laptop hasn't been tampered with, so they can continue from where they left off, and blinks red when tampering has occurred.
In addition, Librem Key features standard security capabilities available in generic security tokens, such as the ability to securely store user GPG encryption and signing keys so you can use them more securely across multiple devices, the ability to store authentication GPG keys for SSH (Secure Shell) sessions, and support for using One-Time-Passwords (OTP) or for two-factor authentication (2FA) to login to websites.
Users can change the factory-generated keys in Librem Key with their own at any time. Existing Librem 13 or Librem 15 users interested in purchasing the Librem Key can do so right now from Purism's online shop. However, Librem Key will also be commercialized as an add-on with new Librem laptop orders, and Purism said that it plans to pre-configure the security key at their factory to act as an easy-to-use disk decryption key with pre-encrypted Librem laptops.
While continuing to improve the security of its Librem laptops and working hard to deliver us the highly-anticipated Librem 5 Linux phone, Purism has big plans for Librem Key too, planning to expand its capabilities with support for detecting tampering of its laptop that might occur during shipping, support for unlocking disk encryption at boot, support for locking the screen when removing the Librem Key, and automatic user logging when inserting it.
