Librem Key and One Time Passwords

Is it possible to use the Librem Key to generate one time passwords? If so, how is this done?


It should be but I have no idea how.

The blurb talks about “can even securely generate [keys] directly on the device” and also mentions “40 kbit/s true random number generator”.

Yeah, I’m starting to think that basically, the use-case for the Librem Key is basically just “boot securely” and that is it.

I was reading the specs and starting to think “oh, maybe it does more than that” but I don’t really think that is what it is designed for.

Wishful thinking. I’m thinking about buying a YubiKey and was like “oh, maybe I don’t have to”.

I think there is more to it than just “connect your physical device and the website magically works”. LOL.

did you try it with the nitrokey app since afaik the librem key is a nitrokey with some added features for secure boot.
Haven’t tried that yet my self but it’s on my to do list.

I think documentation is what you are lacking.

Kieran: LOL. yes, almost certainly so.

Manuel: So, from what I could find, Nitrokey helped Purism develop and/or build the Librem Key but it isn’t compatible. I.e., isn’t just a regular nitrokey. Just to be sure I downloaded the Nitrokey app and it didn’t work.

Sorry, you need your handlers to get you a new one time pad.

@ryanjpreston sorry to hear that it didn’t work with the nitrokey app.
Another option that comes to mind is to use the gpg keys on the librem key to encrypt the secrets used by oathtool similar to the options described at Use oathtool Linux command line for 2 step verification (2FA) at instead of the generated gpg key that is used in the example.
Might not be the most elegant way but it should work. Probably going to try it out the next time i’ve got access to the librem key and laptop