How to use gpg card on librem 5

dallas87 · August 14, 2024, 6:03pm

I founded no documentation about how exactly to use it in order to encrypt files/…

Is it there a place that I missed where it will say how exactly to use it on the phone?

FranklyFlawless · August 14, 2024, 6:34pm

gondolyr · August 14, 2024, 6:35pm

I think the best we have currently is this Purism post for the setup: https://puri.sm/posts/openpgp-in-your-pocket/

There are some proposed use-cases here: https://puri.sm/posts/your-own-personal-enclave-the-smart-card-reader-on-the-librem-5/

The official documentation probably needs some dusting off.

dallas87 · August 14, 2024, 7:37pm

From the second post, this section " General-Purpose Secret Protection" the question would be, how to do that?
What are the commands as the gpg aren’t on the phone, are just on the smart card (and I just don’t know how to use one as never had)

dallas87 · August 15, 2024, 4:19pm

After digging longer and longer I founded that you may use it with nitrokey app for some of its features (password manager and others …)
but on the phone it seems doesn’t recognize it (on the laptop it does)

But still I’m curios how I can encrypt files with it … (having the keys on the phone I know … but that’s the idea of the smart card, right? … so I assume there should be a way to do so …)

guru · August 15, 2024, 4:44pm

This is an OpenPGP smartcard and best supported by GnuPG. Search the forum with these two words and you will find here how to configure GnuPG to use it and how to setup the card. You can either use GnuPG directly to crypt your data or some (terminal) app like pass.

gondolyr · August 15, 2024, 5:24pm

The Nitrokey App 1 worked with my Librem Key, which is a slightly modified Nitrokey Pro 2. If you’re using the Nitrokey App 2, I believe that only works with the Nitrokey 3.

Nitrokey 2

There are a couple of guides for the Nitrokey 2 to do things such as encrypting storage devices with it.

You likely need to manually install the udev rules, provided here (The documentation is for the Nitrokey 3 here but the udev rules include the Nitrokey 2 devices): https://docs.nitrokey.com/nitrokey3/linux/troubleshooting#nitrokey-is-not-detected-on-linux (Direct link)

Nitrokey 3

You likely need to manually install the udev rules, provided here: https://docs.nitrokey.com/nitrokey3/linux/troubleshooting#nitrokey-is-not-detected-on-linux (Direct link)

What Nitrokey device do you have? It would help with troubleshooting your issues.

If you’re looking to encrypt individual files, you can use gpg to encrypt them like so (you need to have PGP keys set up first):

cat ~/Documents/unencrypted_data.txt | gpg -se -r "a-recipient-user-id" -u "my-pgp-user-id" --output ~/Documents/encrypted_data.txt.asc

Where

-s tells gpg to sign the data.
-e tells gpg to encrypt the data.
-r is for the recipient user ID.
-u is for the local user ID.

For example,

cat ~/Documents/unencrypted_data.txt | gpg -se -r "recipient.email@example.com" -u "me@example.com" --output ~/Documents/encrypted_data.txt.asc

I have encrypted individual files when sending files over email as an example use-case for this.

irvinewade · August 15, 2024, 11:10pm

Does this mean

encrypt/decrypt individual files (as catered for above), or
decrypt the encrypted root file system?

(or both)

VClaw · February 18, 2026, 8:48pm

I am also confused of how to using it. After following the documentary I added the keys to my smartcard. But then how to use it to encrypt or decrypt, how do we know that the gpg encrypt command is using the keys from the card.

lithosphere9 · April 22, 2026, 5:15am

found first global hints here:

more specific from the man page of gpg:

--card-edit Present a menu to work with a smartcard. The subcommand "help" provides an overview on available commands. For a detailed description, please see the Card HOWTO at https://gnupg.org/documentation/howtos.html#GnuPG-cardHOWTO

man gpg reveals even more promising functionality.

And there is a dedicated card man page: https://www.gnupg.org/documentation/manuals/gnupg24/gpg-card.1.html

Hope this facilitates a small step further to geting the Librem 5 crypt card to doing something useful.

I do have a similar unresolved problem like @dallas87

guru · April 22, 2026, 10:43am

I’m using since “ages” (since 2021) an OpenPGP card in my L5 to crypt all my ~300 passwords (in a password store) and have them available everywhere. As well, I use the card for SSH access from my L5 to other servers. Detail are hiere

http://www.unixarea.de/OpenPGP-L5.txt (configuration for GnuPG)

and

http://www.unixarea.de/L5hints.txt (chapter 52 Using the OpenPGP card for outbound SSH).

lithosphere9 · April 25, 2026, 1:14pm

@guru >> great! <<

it IS a pity the collection L5hints.txt is hidden instead of putting it in front in the manuals and marketing stuff from the vendor. SO many points that would have and will help me a lot!
Sorry not to find it earlier: This is real world solutions.

“fun” fact: The great info was not archived in wayback machine … the pyramids of our time will be lost before their creators cease to be … we are not mentally fit for the digital times I guess.

Thanks!

guru · April 25, 2026, 4:48pm

I don’t know where this could be hosted in some better place. Who knows it, just fetch it and let me know for future updates.