New Post: Hardware Encrypted COMSEC Bundle by Purism

The long sought after secure communication of end-to-end hardware encrypted (HWE) chats is now available.

11 Likes

That’s really cool (and great). Can’t wait to try it out!

4 Likes

Will we be able to use this without AweSIM?

1 Like

Yes. We are planning to add a key signing service which for now will be bundled with AweSIM. But you should be able to run using your own key service, and self signed keys. As it is now, it’s not using a key server and can be tested with just 2 Librem 5s and 2 PGP smart cards by following the setup steps.

9 Likes

That’s so cool

1 Like

Does Pinephones & Pro support PGPurism Smart Cards like L5? :stuck_out_tongue_winking_eye:

2 Likes

No, not even the Necuno NC_1 prioritizes cryptography.

2 Likes

How different is this than encrypted RCS texting on Android Messages? What about when the message is sent between two Pixel phones with their TPM chips (Titan)?

Given that Android has had an API for a Hardware Backed Keystore since Android 6, I would assume that most Android phones have a TPM (or TrustZone, or TEE, or …) meeting the TPM 2.0 standard.

2 Likes

Great news.
I ordered additional openPGP cards. :slightly_smiling_face:

3 Likes

Hell yea. Me too. Now for that LUKS build for L5 to get back up and running so I can flash my baby.

3 Likes

You can use two Librem Keys on any Linux Computer. So it would not be pretty, but you could use a usb hub and plug in a Librem key.

2 Likes

I looked into it some, and the Titan M2 seems to do many of the same things our Librem key/OpenPGP cards do. In fact, we secure our bootloader PureBoot using the OpenPGP card in the Librem key. The big difference is, instead of locking down the bootloader and calling it security (Which is what the Titan seems to do during boot), the Librem Key locks down the code you, the computer’s owner, signed with your Librem key. The Librem Key gives the same kind of security without handing full control (on any control) to the hardware vendor. In the case of hardware chat on the Librem 5, the difference is that you can generate your own keys and copy them to the card, you can back this key up and make duplicates, or generate on-card keys that never leave and can’t leave.

2 Likes

It’s important to remember that if your “security” depends on keys held by Big Tech then your “security” just went out the window if

  • the relevant company is compromised (e.g. a supply chain compromise), or
  • the relevant company is “persuaded” by a government to do something unpleasant, or
  • of course if the relevant company is just untrustworthy.

So it comes down to: whom do you want to be at your root of trust?

You or someone else?

4 Likes

Me, myself, and I.

3 Likes

Is there going to be work done on E2EE calls through L5’s PGP?

1 Like

The others features coming up on Chatty that i really want it is SMS Encrypted.
There is a Russian App for Sailfish OS that enable SMS Encrypted also there are a WEP to support SMS/MMS via Libsignal on Sailfish-Message

3 Likes

I hope you’re not spreading misinformation. I’m not sure that one can use a different bootloader, but certainly on a Pixel phone one can “unlock the bootloader,” use one’s own keys, and boot whatever you want. Were you trying to say that’s not true? How do you think people load custom ROMs or create/sign and load their own ROMs?

Honesty, the fact that certain updates on the Librem 5 require you to re-key/re-sign even if you can’t be assured that the changes were from where you suspect (e.g. updates already signed with a key) is backward. A user should only have to sign-off on a re-key/re-sign when there is a change that isn’t signed. I’ve seen plenty of examples on this forum where confused users were being prompted to re-sign and didn’t know why. That should not happen – the fact that it does happen is a security problem.

And do you not think that’s true for every implementation of TPM 2.0???

Don’t you think it would be cool is if there were an OS API that every application could count on to securely interface with the TPM/smartcard ???

2 Likes

I’d like to have a discussion about this, as I’m new to Titan, and the info around this is very marketing heavy. Honestly I’d be happy to hear Titan makes it easy to manage and handle your own keys. But we make it possible on many of our products to replace the bootloader completely with Coreboot. You can even build you’re own version of PureBoot and use that. :thinking:
As for your idea about how to sign updates, I love it. We do want to make our products as simple to use as possible without taking away user power. Perhaps an option in Pureboot to auto except signed files from purism or something along those lines. This might be a fun use case for a key signing services as well.
Just a note, I’m personally not a security expert so I have a lot of catching up to do :sweat_smile:. And sure, a simple API interface would be really handy. The demo chatty build uses gpg as a back-end, but that could be cleaned up to be much less hacky.

1 Like

@jonathon.hall

I would only be okay with such a feature if it was opt-in.

1 Like

Any such feature would be carefully thought out of course, we would not allow any change to subvert your own control over your own boot files.

As some incompletely-thought ideas though, I do think there are situations where this information would be useful to provide, though not directly controlling the decision whether to boot. It might be useful to provide information like this when the boot files have changed, although as I’ve said over on Heads I think a better solution to that problem is to eliminate the question by involving the user to sign new boot files at the time the updates are performed.

Or maybe there is an application of this information in PureBoot Basic where you are not signing boot files at all - you might want to know if your boot files are suddenly not signed by your distribution any more, and if it’s intentional you could continue to boot. But it needs to be thought out properly.

2 Likes