How to use gpg card on librem 5

dallas87 · August 14, 2024, 6:03pm

I founded no documentation about how exactly to use it in order to encrypt files/…

Is it there a place that I missed where it will say how exactly to use it on the phone?

FranklyFlawless · August 14, 2024, 6:34pm

gondolyr · August 14, 2024, 6:35pm

I think the best we have currently is this Purism post for the setup: https://puri.sm/posts/openpgp-in-your-pocket/

There are some proposed use-cases here: https://puri.sm/posts/your-own-personal-enclave-the-smart-card-reader-on-the-librem-5/

The official documentation probably needs some dusting off.

dallas87 · August 14, 2024, 7:37pm

From the second post, this section " General-Purpose Secret Protection" the question would be, how to do that?
What are the commands as the gpg aren’t on the phone, are just on the smart card (and I just don’t know how to use one as never had)

dallas87 · August 15, 2024, 4:19pm

After digging longer and longer I founded that you may use it with nitrokey app for some of its features (password manager and others …)
but on the phone it seems doesn’t recognize it (on the laptop it does)

But still I’m curios how I can encrypt files with it … (having the keys on the phone I know … but that’s the idea of the smart card, right? … so I assume there should be a way to do so …)

guru · August 15, 2024, 4:44pm

This is an OpenPGP smartcard and best supported by GnuPG. Search the forum with these two words and you will find here how to configure GnuPG to use it and how to setup the card. You can either use GnuPG directly to crypt your data or some (terminal) app like pass.

gondolyr · August 15, 2024, 5:24pm

The Nitrokey App 1 worked with my Librem Key, which is a slightly modified Nitrokey Pro 2. If you’re using the Nitrokey App 2, I believe that only works with the Nitrokey 3.

Nitrokey 2

There are a couple of guides for the Nitrokey 2 to do things such as encrypting storage devices with it.

You likely need to manually install the udev rules, provided here (The documentation is for the Nitrokey 3 here but the udev rules include the Nitrokey 2 devices): https://docs.nitrokey.com/nitrokey3/linux/troubleshooting#nitrokey-is-not-detected-on-linux (Direct link)

Nitrokey 3

You likely need to manually install the udev rules, provided here: https://docs.nitrokey.com/nitrokey3/linux/troubleshooting#nitrokey-is-not-detected-on-linux (Direct link)

What Nitrokey device do you have? It would help with troubleshooting your issues.

If you’re looking to encrypt individual files, you can use gpg to encrypt them like so (you need to have PGP keys set up first):

cat ~/Documents/unencrypted_data.txt | gpg -se -r "a-recipient-user-id" -u "my-pgp-user-id" --output ~/Documents/encrypted_data.txt.asc

Where

-s tells gpg to sign the data.
-e tells gpg to encrypt the data.
-r is for the recipient user ID.
-u is for the local user ID.

For example,

cat ~/Documents/unencrypted_data.txt | gpg -se -r "recipient.email@example.com" -u "me@example.com" --output ~/Documents/encrypted_data.txt.asc

I have encrypted individual files when sending files over email as an example use-case for this.

irvinewade · August 15, 2024, 11:10pm

Does this mean

encrypt/decrypt individual files (as catered for above), or
decrypt the encrypted root file system?

(or both)