Getting Started

The Librem Key is a USB security token that can be used to store GPG keys, manage passwords, provide multi-factor authentication, and can integrate with the Heads tamper-evident BIOS to detect BIOS-level tampering. The official product page is where you can order the key. See About the Librem Key for instructions on how to use the Librem Key.

Know Your Rights: This product contains Free Software that is licensed under the GNU General Public License version 3 or newer. A copy of that license is available here. You may obtain the complete Corresponding Source code from Purism at the firmware’s project page.

FAQ

What’s the default PIN?”
The default user PIN is 123456 and the default admin PIN is 12345678.
How do I change the default PIN?
Use gpg --edit-pin on the command line. See About the Librem Key for more detailed instructions.
Does the Librem Key support U2F?
Not at this time.
How much storage does the Librem Key have?
The Librem Key is not a USB thumb drive and can’t store regular files.
GPG isn’t seeing my Librem Key.
Ensure the scdaemon package is installed. See About the Librem Key for more detailed instructions.
Where’s the source code?

Librem Key firmware code

Librem Key HOTP userspace code

Technical Specs

  • Key slots: Three key slots supporting RSA 2048-4096 bit and ECC 256-512 bit
  • Supported elliptic curves: NIST P-256, P-384, P-521 (secp256r1/prime256v1, secp384r1/ prime384v1, secp521r1/prime521v1), brainpoolP256r1, brainpoolP384r1, brainpoolP512r1
  • Protocols: CSP, OpenPGP, S/MIME, X.509, PKCS#11
  • One-time password storage: 3x HOTP (RFC 4226), 15 x TOTP (RFC 6238)
  • Integrated password manager: 16 entries
  • Random number generator: 40 kbit/s true random number generator
  • Tamper-resistant smart card
  • Life expectancy: > 100,000 PIN entries
  • Storage time: > 20 years
  • USB: USB 2.0, type A
  • Dimensions: 48 x 19 x 7 mm
  • Weight: 6g
  • Safety and environmental compliance: FCC, CE, RoHS, WEEE