New OpenPGP smart cards now available for purchase on Purism’s website
SAN FRANCISCO, Calif., September 20, 2018 — Purism, the social purpose corporation which designs and produces popular digital rights respecting hardware, software, and services, has launched its new security token, the Librem Key, which is the first and only OpenPGP smart card providing a Heads-firmware-integrated tamper-evident boot process. The new Librem Key, built with Open Hardware USB OpenPGP security tokens from Nitrokey, can store up to 4096-bit RSA keys and up to 512-bit ECC keys and can securely generate them directly on the device. Librem Keys are now available for purchase on Purism’s website, with Librem laptops or as a single order. Librem Keys will be able to provide basic security token functions on any laptop, but have extended features that work exclusively with Purism’s Librem laptop line and other devices that support Trammel Hudson’s Heads security firmware.
Purism developed the Librem Key through its partnership with Nitrokey. This integration allows Librem laptop users to add unprecedented protection to their device through a key they can insert at boot time to ensure the user is right where they left off without any tampering. Once inserted, if the key blinks green, then you’re right where you left off. If it blinks red, it signals tampering has occurred. The key is fully equipped to integrate with the Librem’s secure boot process with Heads-enabled TPM detailing the tamper evidence. The key enables users to directly test if someone has tampered with the software on their computer starting at the boot level.
With Librem Key, IT departments will have an integrated out-of-the-box solution for disk and email encryption, authentication, and tamper-evident boot security that’s easy to use.
In addition to its industry leading tamper evidence capabilities, the Librem Key also offers the standard security features available in generic security tokens:
- Securely store user GPG encryption/signing keys to make it easier to use their keys in a secure way across devices
- Store authentication GPG keys you can use for Secure Shell (SSH)
- Using One-Time-Passwords (OTP) to login to websites or for two factor authentication (2FA)
Eventually, Purism plans to expand the Librem Key’s features to even further empower users to securely control their devices, such as:
- Detecting tampering during shipping with tamper-evident boot enabled and configured on the laptop and Librem Key and each device shipped separately
- Unlocking disk encryption (instead of having to enter a passphrase) when the Librem Key is inserted at boot
- Locking the screen whenever the Librem Key is removed
- Automatically logging the user into their desktop when the Librem Key is inserted
The launch of Librem Key furthers Purism’s mission to make security and cryptography accessible where its customers hold the keys to their own security. This launch arrives amid growing demand for heightened protection expectations from security key manufacturers.
“Purism’s work to make coreboot measured against an external security token is the realization of a dream we’ve had since 2005,” says Ron Minnich, coreboot Founder.
“It’s not feasible or healthy to monitor your computing devices every second – and that’s especially the case when you travel,” says Kyle Rankin, Chief Security Officer at Purism. “With the Librem Key, we are giving Librem users the keys to completely lock their computer if they’re in an unfamiliar network environment in the same way one would want to have the keys to their car if they needed to drive to an unfamiliar neighborhood.”
“Your privacy is dependent on your freedom. We believe that having true privacy means your computer and data should be secure whether you are with your device or not,” says Todd Weaver, Founder and CEO of Purism. “As we look forward to shipping Heads by default, the Librem Key combined with the rest of our security features will give users the peace of mind that their data is safer than it would be on any other laptop on the market.”
With Purism enabling users to leverage the Heads integrated TPM chip in new Librem 13 and Librem 15 orders moving forward, they will also have the option of purchasing a Librem Key by itself or as an add-on with a laptop order. For future add-on orders, Purism plans to pre-configure the Librem Key at the factory to act as an easy-to-use disk decryption key and ship laptops that are pre-encrypted. Customers will also be able to replace the factory-generated keys with their own at any time.
About PurismPurism is a Social Purpose Corporation devoted to bringing security, privacy, software freedom, and digital independence to everyone’s personal computing experience. With operations based in San Francisco (California) and around the world, Purism manufactures premium-quality laptops and phones, creating beautiful and powerful devices meant to protect users’ digital lives without requiring a compromise on ease of use. Purism designs and assembles its hardware by carefully selecting internationally sourced components to be privacy-respecting and fully Free-Software-compliant. Security and privacy-centric features come built-in with every product Purism makes, making security and privacy the simpler, logical choice for individuals and businesses.
Media ContactMarie Williams, Coderella / Purism
See also the Purism press room for additional tools and announcements.