Introducing the Librem Key


#32

I bought a Librem Key after taking delivery of my Librem 13V3. No instructions came with the key. Please point me to documentation to set up my key to work with my Librem 13V3. Thanks


#33

Sorry about the initial lack of docs. We are still working on some of the documentation because some of the most exciting features (like LUKS integration and Heads) continue to progress and change.

In the mean time, though, we do have documentation for the Librem Key at https://docs.puri.sm/Librem_Key/Getting_Started.html


#34

Thank you very much.


#35

FYI, despite installing scdaemon, I see the following:

https://asciinema.org/a/Ah0RLA0E1USJjP4OMnXcA8Tao


#36

Try rebooting, or restarting scdaemon. There’s a possibility that the package doesn’t automatically start the scdaemon service.


#37

There is no service:

~ dpkg -L scdaemon
/.
/lib
/lib/udev
/lib/udev/rules.d
/lib/udev/rules.d/60-scdaemon.rules
/usr
/usr/lib
/usr/lib/gnupg
/usr/lib/gnupg/scdaemon
/usr/share
/usr/share/doc
/usr/share/doc/scdaemon
/usr/share/doc/scdaemon/NEWS.Debian.gz
/usr/share/doc/scdaemon/changelog.Debian.gz
/usr/share/doc/scdaemon/changelog.gz
/usr/share/doc/scdaemon/copyright
/usr/share/doc/scdaemon/examples
/usr/share/doc/scdaemon/examples/scd-event
/usr/share/man
/usr/share/man/man1
/usr/share/man/man1/scdaemon.1.gz
/usr/share/metainfo
/usr/share/metainfo/org.gnupg.scdaemon.metainfo.xml

#38

Udev itself may possibly need to be restarted. But first before you reboot, try removing and re-inserting the Librem Key to see if udev picks it up.


#39

https://asciinema.org/a/2lntwkSFjyIG9OABHjz8cfXtY

Reboot has not changed the situation :frowning:


#40

Are you using PureOS? On a brand new vanilla PureOS install here, I just had to install scdaemon, then reinserted the card and gpg --card-status worked. No restarting services or rebooting.


#41

Yes Sir. PureOS here all the way.


#42

Login to your desktop, insert the Librem Key and then run gpg --card-status.


#43

https://asciinema.org/a/Nad39NKpcIYNiphJZG83jFCOb


#44

That video was of dmidecode for some reason, maybe you meant to paste a different video. Please try logging in as your regular user, inserting the Librem Key, and running gpg --card-status. It should just work, as the only additional package you should need is scdaemon, which you have installed.


#45

Right, I wanted to show you the output of dmidecode so you could see I am running PureOS, etc. but I really should have just shown you my /etc/apt/sources.list or something :slight_smile:

In any case, I’ve gone through all these steps and continue to see the original error. Reading through gpgconf’s man page, I learned about its --check-programs arg and see everything is available and working.

~ gpgconf --check-programs
gpg:OpenPGP:/usr/bin/gpg:1:1:
gpg-agent:Private Keys:/usr/bin/gpg-agent:1:1:
scdaemon:Smartcards:/usr/lib/gnupg/scdaemon:1:1:
gpgsm:S/MIME:/usr/bin/gpgsm:1:1:
dirmngr:Network:/usr/bin/dirmngr:1:1:
pinentry:Passphrase Entry:/usr/bin/pinentry:1:1:

I can also reproduce the original error across both USB ports (had to try). Really not sure what other knobs to turn here. I happen to be using gpg 2.2.11. Can I ask your version?


#46

I’m using the default gpg 2.2.11 package with the default terminal and shell on the default PureOS desktop. On this side I took a Librem 15v3, installed a vanilla PureOS on top of it and then installed scdaemon and the Librem Key showed up with gpg --card-status.


#47

Got it! Found disable-scdaemon in my ~/.gnupg/gpg-agent.conf

duh :slight_smile:


#48

@Kyle_Rankin Hi ! will the Librem Key work only for the Librem laptops or will it also support the Librem 5 once it gets released ?


#49

My apologies if this has been asked before, but could a future version of the Librem Key be in a similar form factor as the YubiKey NEO, and not like a standard USB drive? It seems to be much more durable that way.


Will there be a Librem Key Storage, now that it supports HOTP? (HEADS)
#50

A USB-C type would be awesome and much more usable than the USB-A Version it is now.


#51

The goal is to support the Librem 5 as well, but because the Librem 5 has a USB-C connector, it means using a hub or other adapter to use existing Librem Keys. At some point we would like to offer a USB-C connector option as well.

Also note that the Librem 5 will feature its own internal OpenPGP smartcard reader so it can already perform a lot of the security features of the Librem Key with respect to secure key storage.