The Purism Librem Key

The Librem Key is a new hardware token for improving Linux security by adding a physical authentication factor to booting, login and disk decryption on supported systems. It also has some features that make it a good general-purpose OpenPGP smart card. This article looks at how the Librem Key stacks up against other multi-factor tokens like the YubiKey 5 and also considers what makes the Librem Key a unique trusted-computing tool. By Todd A. Jacobs

Purism is a new player in the security key and multi-factor authentication markets. With the introduction of the Librem Key, Purism joins the ranks of other players—such as Yubico, Google, RSA and so on—in providing hardware tokens for multi-factor authentication.

In addition, like the YubiKey 5 series, the Librem Key also provides OpenPGP support with cryptographic functions that take place securely on-key. This allows users to generate and use GnuPG public and private keys without exposing any secret key material to the host computer where the USB device is attached.

The Librem Key is based on the German-manufactured Nitrokey Pro 2, but it has been modified to focus on "trusted boot" when used with Purism's Linux laptops. (I take a closer look at what the trusted boot process is and how the Librem Key fits into that process, later in this article.)

Comparing the Librem Key to the YubiKey 5

There is certainly overlap between the features of the Librem Key and the YubiKey 5 series. Let's look at what they have in common before I go into what makes the Librem Key unique.

Table 1. Librem Key and YubiKey Feature Comparison

Feature Librem Key YubiKey 5
OpenPGP support yes yes
PAM support yes yes
PIV smart card no yes
HOTP support yes yes
TOTP support yes yes
Password management yes yes
PKCS#11 support yes yes
S/MIME support yes yes
X.509 support yes yes
FIDO U2F no yes
FIDO2 no yes
Hardware TRNG yes no
USB-A yes yes
USB-C no yes

As you can see from Table 1, the two devices are more alike than they are different. Both devices can be used for the following:

  1. PAM-enabled logins on Linux systems.
  2. One-time password credentials, such as TOTP and HOTP.
  3. OpenPGP support, including onboard key generation and slots for encryption, signing and authentication keys.
  4. Password management: two configurable slots on the YubiKey with touch-to-send and touch-to-generate functionality once the device is configured, and 16 entries on the Librem Key when used with the Nitrokey App supporting application.
  5. Source of randomness using the OpenSC protocol: hardware randomness from the Librem Key and algorithmic randomness from the YubiKey.

There also are areas where the YubiKey 5 series and certain Nitrokey models offer more features than the Librem Key. In particular, the YubiKey comes in more form factors, and it's significantly thinner or smaller than the chunkier thumb-drive form factor of the Librem Key.

Purism Librem Key

Figure 1. Purism Librem Key (Photo Credit: Purism, SPC)

Nitrokey Pro

Figure 2. Nitrokey Pro (Photo Credit: Nitrokey UG)

YubiKey 5 Series

Figure 3. YubiKey 5 Series Form Factors

The YubiKey offers 32 slots for onboard HMAC-based One-Time Password (HOTP) storage. In contrast, the Librem Key currently holds only three.

The Nitrokey offers FIDO U2F and secure on-key storage on several of its models, although you can't get both features on the same device. Since the Nitrokey Pro 2 doesn't offer either of these features currently, the Librem Key doesn't either.

Of the three devices, the YubiKey offers the most options for multi-factor authentication. In direct comparison, the Librem Key supports far fewer slots and protocols.

YubiKey Diagram

Figure 4. YubiKey Diagram (Photo Credit: Yubico, Inc.)

However, feature-by-feature and form-factor comparisons don't do the Librem Key justice. The unique value of the device is in its approach to improving Linux system security. Let's take a closer look at how that's done.

Librem Key for Secure Boot

Purism currently sells a set of Linux laptops aimed at security-conscious users. These laptops include unique features like a physical toggle for the camera and microphone, and a second switch for toggling WiFi and Bluetooth.

Librem Hardware Switches

Figure 5. Librem Hardware Switches (Photo Credit: Purism, SPC)

The laptops come with PureOS installed, as well as a Heads-enabled coreboot process that leverages each system's Trusted Platform Module (TPM). When paired with the Librem Key, these components collectively verify the integrity of the boot process. Purism says:

[T]he Librem Key makes it easy to prove your system is secure by detecting whether your laptop BIOS or kernel has been tampered with. Insert the key at boot time and if it blinks green, all systems are go. If it ever detects tampering, the Librem Key's LED blinks red, alerting you to the problem.

Note: see Kyle Rankin's "Tamper-Evident Boot with Heads" article in this issue for a more indepth look at the Heads project.

Heads—which is probably a play on the name of the security-focused distribution Tails—displays a time-based one-time password (TOTP) at boot calculated from various BIOS measurements. You then can verify this one-time code against the code generated in a multi-factor app, such as Google Authenticator or FreeOTP. Matching codes provide cryptographic guarantees that the boot process has not been tampered with.

In this scenario, you aren't actually using the one-time password to authenticate yourself to the system. Instead, the system is authenticating itself to you, the user, so that you can verify its integrity!

With Heads, you can boot the computer without validating the TOTP. This ensures that the validation process won't block you if you don't have access to your smartphone or other validation device, but doing so is clearly a security trade-off that swaps strong verification for convenience at your discretion.

Removing the Librem Key's reliance on the host computer's system clock increases security further, since the Librem Key doesn't have its own independent time source. Purism modified the Nitrokey Pro 2 to use HOTP instead of TOTP. This functionality is paired with a boot-time application that attempts to communicate with a connected Librem Key to validate the HOTP code in a more visual and automated way.

If a Librem Key is detected, and everything is as it should be, the key flashes green as a visual indication that your TPM and BIOS haven't been tampered with. If it flashes red, your system's boot process has failed the integrity check, and it may have been tampered with. Depending on the type of tampering, the Heads system (which may itself have been tampered with) should report an error, but the tamper-resistant Librem Key will reliably display a flashing red light to warn you of an unsafe system.

As a thoughtful design choice, a lost Librem Key won't lock you out of your system. Although you temporarily will lose the visual indicator and automated self-checking mechanism, you still can use the boot system's standard TOTP mechanism for manual verification until you find or replace your Librem Key.

Not Just for Purism Laptops

Although this article focuses on using the Librem Key with Purism laptops, it's worth noting that the underlying magic is the combination of four key components:

  1. A computer system with a TPM module.
  2. The Heads coreboot system.
  3. The libremkey_hotp_initialize command-line tool.
  4. The libremkey_hotp_verification command-line tool.

In theory, anyone running PureOS on a TPM-enabled system should be able to make use of the Librem Key's secure-boot functionality. Additionally, any distribution that can use Heads modified with the command-line tools listed above also could take advantage of a Librem Key.

Although a Librem Key is obviously most useful out of the box when paired with a Purism laptop, the open-source nature of the solution makes it an ideal playground for Linux enthusiasts on other TPM-enabled hardware as well. Purism deserves credit for providing an open-source security solution without vendor lock-in!

Librem Key for Disk Decryption

The Librem Key also is intended to support automatic decryption of LUKS-encrypted disks simply by having the key inserted at boot time. However, this functionality currently is pending support from upstream Debian maintainers, followed by some additional work by the PureOS team. The problem is likely to be resolved by the time this article is published, but it remains outstanding at the time of this writing.

While LUKS decryption with the Librem Key is not yet available, the device could be used by other tools such as VeraCrypt to provide keyfile-based decryption or other workarounds.

The Librem Key provides PKCS#11 support. That means it should be compatible with VeraCrypt's smart card and hardware token support. VeraCrypt allows smart card tokens to be used as keyfiles for cryptographic operations such as disk decryption. The following comes directly from VeraCrypt's keyfile documentation:

VeraCrypt can directly use keyfiles stored on a security token or smart card that complies with the PKCS #11 (2.0 or later) standard and that allows the user to store a file (data object) on the token/card. To use such files as VeraCrypt keyfiles, click Add Token Files (in the keyfile dialog window).

Access to a keyfile stored on a security token or smart card is typically protected by PIN codes, which can be entered either using a hardware PIN pad or via the VeraCrypt GUI. It can also be protected by other means, such as fingerprint readers.

In order to allow VeraCrypt to access a security token or smart card, you need to install a PKCS #11 (2.0 or later) software library for the token or smart card first. Such a library may be supplied with the device or it may be available for download from the website of the vendor or other third parties.

If your security token or smart card does not contain any file (data object) that you could use as a VeraCrypt keyfile, you can use VeraCrypt to import any file to the token or smart card (if it is supported by the device). To do so, follow these steps:

1) In the keyfile dialog window, click Add Token Files.

2) If the token or smart card is protected by a PIN, password or other means (such as a fingerprint reader), authenticate yourself (for example, by entering the PIN using a hardware PIN pad).

3) The 'Security Token Keyfile' dialog window should appear. In it, click Import Keyfile to Token and then select the file you want to import to the token or smart card.

While this workaround should work, there's an important caveat. Because of initial high demand for the Purism Librem Key, I was unable to get a hold of a key to test this configuration. This alternative approach is offered in the spirit of can-do Linux hacking rather than as a tried-and-true method. Your mileage may therefore vary.

As yet another option, the ability to use the Librem Key to encrypt or decrypt documents, passwords (such as with the pass command-line password manager) or block devices using standard OpenPGP operations works as expected.

Finally, it's worth noting that existing LUKS, dm-crypt and ecryptfs options are typically "good enough" for most users, provided that you can trust the integrity of your BIOS and operating system. Since PureOS and the Librem Key already offer those integrity guarantees on TPM-enabled systems, the main benefit of using the Librem Key to unlock encrypted disks is the tamper-resistant automation of the decryption process.

Conclusion

If you want to implement trusted boot, or prefer to work with a fully open-source OpenPGP smart card, the Librem Key is a great choice. For other uses, the value proposition is less clear.

The Librem Key is an early-stage product. This is most apparent in its smaller feature set and less-rugged construction when compared to the YubiKey.

At a retail price of $59 plus shipping, the Librem Key is also pricier than comparable products from Yubico. It's also slightly more expensive than the original Nitrokey Pro 2 on which it's based.

As an OpenPGP smart card or hardware-based authentication token, the Librem Key falls a little short of its competition in features and pricing. However, its use of open-source hardware, firmware and software make the Librem Key a very compelling alternative to similar tokens with proprietary firmware (such as the YubiKey) when optimizing for trust and transparency.

Furthermore, no other consumer product on the market currently provides hardware validation of a trusted boot process the way Purism's Librem Key does. If hardware tamper-detection is important to you, the use of a Librem Key with compatible hardware and software should be an integral component of your defense-in-depth security strategy.

A fully trusted boot process is essential to effective computer security. The Librem Key increases security by validating that process each and every time. The visual green/red indicator automates the validation process and greatly simplifies the user experience.

The Librem Key is a unique product and a significant step forward in user-friendly trusted-boot authentication. For its intended use case, it's the best option on the market today—and a product worth following as it continues to evolve.

Glossary

Resources

Software and Documentation: