USB-C Librem Key Pass Through Power Possible?

I was looking at the Nitrokey offerings for USB-C with respect to Librem 5 usage. No offerings appear to be targeted at single USB port charging devices like the Librem 5.

It would seem that a security conscious solution could provide a USB charger port at the other end of the key that only had the power lines connected.

Is this possible?

Why not use a hub in situations you provide power to the phone?

If you use a dock you could also connect ethernet, monitor, input devices and whatever more if you like.

Don’t really want to carry a hub everywhere I might just want to charge and use the phone at the same time. The Librem Key usage scenario is that it has to be plugged in to use the computer, right?

The LibremKey does a few things and for neither it needs to be plugged in all the time while using a computer:

  • stores your gpg private key (used to decrypt or sign e.g. emails or to decrypt your password store pass)
  • generate one-time-passwords (otp) to login to services like,, or many others
  • store static passwords
  • at time of writing only with the Librem notebooks: authenticate the start environment to detect tampering and decrypt your harddrive
  • for experts: login using kerberos (ask @guido.gunther who wrote a very interesting article somewhere about it)

For all these use cases (and maybe even more I do not know) you can plug the stick in, use it, plug it out - keep using your computer.

Some people made some configuration to lock there screen when the key is unplugged, but that is not a standard usage and not configured by default.

You’ll like not find a ‘power injector’ for usb-c that’ll satisfy your needs - the power delivery (PD) protocol doesn’t work in favour of such an idea. The most simple power injector supporting PD you’ll find is the smallest usb-c hub with a power connector.

If this did change over the last year (I searched for a simple power injector, too) then please don’t forget to post it or even better put it on the list of tested accessories.

1 Like

Alternatively, get an openpgp smart card and insert it inside the L5 (under the battery).

1 Like

I guess this is the scenario I’m thinking of: “With a Librem Key linked to your encrypted drive, you can boot your system, insert your key, and enter your PIN when prompted. You can always fall back to your passphrase if your Librem Key isn’t at hand.
Just remove your Librem Key and your desktop will lock automatically, protecting your system from snooping while you are gone.”

I don’t get the ‘power injector’ comments. My scenario has the Librem Key plugged into the Librem 5, and a USB power supply plugged into the other end of the Librem Key. Unplug the power supply, the phone stops charging, but the Librem Key still works. Plug in the power supply the phone starts charging. Maybe I’m underestimating the complexity of USB PD.

This doesn’t have the easy unlock-lock scenario that I would look for with the Librem Key.

You mean with a hypothetical future hardware device, as similar as possible to the Librem Key, that doesn’t currently exist? Sure. However …

I believe that this is not possible i.e. the data lines are used in the negotiation that happens in order to implement USB-C PD. However with back-to-back power negotiations, you can get the effect of “only the power lines connected” - so even if you connect to an untrusted USB-C power source, you are not exposing data lines all the way through from the Librem 5 to the power source.

(If the Librem Key is your primary source of trust on the Librem 5 then it probably isn’t ideal to expose the Librem Key directly to an untrusted power source.)

Of course a completely different (future hardware) approach is a second USB-C port on the Librem 5 - so you can charge the Librem 5 using the existing USB-C port even when a USB client device is connected to the hypothetical second, say, data-only USB-C port. (My assumption would be that the hypothetical second USB-C port would not be on the bottom of the phone.)

1 Like