Overview

User passwords have constantly been targeted and exploited by bad actors for decades. Most security experts recommend adding a second form of authentication rather than use of a password alone. This is often referred to as two-factor authentication (2FA) or multi-factor authentication (MFA). If a password is compromised, the attacker must still compromise a second authentication method.

USB security tokens are devices typically about the size of a USB flash drive. Unlike USB flash drives, however, they are not used to store data. Instead, these devices are a tangible authentication method for MFA because they are “something you have” instead of “something you know,” such as a password. They are portable enough to keep them in a pocket, purse, or keychain for use when logging in to a secure site.

The Librem Key is a USB security token to make encryption, GPG key management, password management, and tamper detection convenient and secure. It also integrates with the Heads tamper-evident BIOS to detect BIOS-level tampering.

Technical specifications

Key slots	3 * key slots supporting RSA 2048-4096 bit and ECC 256-512 bit
Supported elliptic curves	NIST P-256, P-384, P-521 (secp256r1/prime256v1, secp384r1/ prime384v1, secp521r1/prime521v1), brainpoolP256r1, brainpoolP384r1, brainpoolP512r1
Protocols	CSP, OpenPGP, S/MIME, X.509, PKCS#11
One-time password storage	3 * HOTP (RFC 4226) 15 * TOTP (RFC 6238)
Integrated password manager	16 entries
Random number generator	40 kbit/s true random number generator
Tamper-resistant smart card
Life expectancy	> 100,000 PIN entries
Storage time	> 20 years
USB	USB 2.0, type A
Dimensions	48 x 19 x 7 mm
Weight	6g

See also

• Purchase a Librem Key

• Blog post overview

• Librem Key + Heads integration

• Supplemental Nitrokey documentation

• The Heads Project