https://www.linuxjournal.com/ en https://www.linuxjournal.com/content/purism-librem-key <div data-history-node-id="1340412" class="layout layout--onecol"> <div class="layout__region layout__region--content"> <div class="field field--name-node-author field--type-ds field--label-hidden field--item">by <a title="View user profile." href="https://www.linuxjournal.com/users/todd-jacobs" lang="" about="https://www.linuxjournal.com/users/todd-jacobs" typeof="schema:Person" property="schema:name" datatype="" xml:lang="">Todd A. Jacobs</a></div> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p><em>The Librem Key is a new hardware token for improving Linux security by adding a physical authentication factor to booting, login and disk decryption on supported systems. It also has some features that make it a good general-purpose OpenPGP smart card. This article looks at how the Librem Key stacks up against other multi-factor tokens like the YubiKey 5 and also considers what makes the Librem Key a unique trusted-computing tool.</em></p> <p> Purism is a new player in the security key and multi-factor authentication markets. With the introduction of the Librem Key, Purism joins the ranks of other players—such as Yubico, Google, RSA and so on—in providing hardware tokens for multi-factor authentication. </p> <p> In addition, like the YubiKey 5 series, the Librem Key also provides OpenPGP support with cryptographic functions that take place securely on-key. This allows users to generate and use GnuPG public and private keys without exposing any secret key material to the host computer where the USB device is attached. </p> <p> The Librem Key is based on the German-manufactured Nitrokey Pro 2, but it has been modified to focus on "trusted boot" when used with Purism's Linux laptops. (I take a closer look at what the trusted boot process is and how the Librem Key fits into that process, later in this article.) </p> <span class="h3-replacement"> Comparing the Librem Key to the YubiKey 5</span> <p> There is certainly overlap between the features of the Librem Key and the YubiKey 5 series. Let's look at what they have in common before I go into what makes the Librem Key unique. </p> <span class="h3-replacement"> Table 1. Librem Key and YubiKey Feature Comparison</span> <table><thead><tr><td>Feature</td> <td>Librem Key</td> <td>YubiKey 5</td> </tr></thead><tbody><tr><td>OpenPGP support</td> <td>yes</td> <td>yes</td> </tr><tr><td>PAM support</td> <td>yes</td> <td>yes</td> </tr><tr><td>PIV smart card</td> <td>no</td> <td>yes</td> </tr><tr><td>HOTP support</td> <td>yes</td> <td>yes</td> </tr><tr><td>TOTP support</td> <td>yes</td> <td>yes</td> </tr><tr><td>Password management</td> <td>yes</td> <td>yes</td> </tr><tr><td>PKCS#11 support</td> <td>yes</td> <td>yes</td> </tr><td>S/MIME support</td> <td>yes</td> <td>yes</td> <tr><td>X.509 support</td> <td>yes</td> <td>yes</td> </tr><td>FIDO U2F</td> <td>no</td> <td>yes</td> <tr><td>FIDO2</td> <td>no</td> <td>yes</td> </tr><tr><td>Hardware TRNG</td> <td>yes</td> <td>no</td> </tr><tr><td>USB-A</td> <td>yes</td> <td>yes</td> </tr><tr><td>USB-C</td> <td>no</td> <td>yes</td> </tr></tbody></table><p> As you can see from Table 1, the two devices are more alike than they are different. Both devices can be used for the following: </p></div> <div class="field field--name-node-link field--type-ds field--label-hidden field--item"> <a href="https://www.linuxjournal.com/content/purism-librem-key" hreflang="en">Go to Full Article</a> </div> </div> </div> Tue, 23 Apr 2019 12:00:00 +0000 Todd A. Jacobs 1340412 at https://www.linuxjournal.com