Follow TFiR on Twitter, Facebook, YouTube and Reddit. Subscribe to our Weekly Newsletter

Purism is working with Nitrokey to create Purekey for Purism’s Librem laptops

Purism, the makers of Linux powered laptops, has partnered with Nitrokey, maker of open source USB GPG SmartCards and Hardware Security Modules (HSMs), to harden the security of Purism’s Librem laptops.

Kyle Rankin, CSO at Purism explained the reason why they choose Nitrokey over other players. “Almost all of the security token vendors either have proprietary firmware, closed hardware, or both. It’s important that our partners are aligned with the values in our SPC charter and Nitrokey shares our commitment to Free Software and Open Hardware.”

“We’re pleased to be working with the Purism team, who are very aligned with our commitment to open hardware and free software. The possibilities of this partnership are exciting, especially given the growing importance of secure key storage on hardware SmartCards and Purism’s important work on tamper-evident protection.” said Jan Suhr, CEO, Nitrokey.

Nitrokey will create a Purekey for Purism to be used to secure its laptops. The Purekey will be in a keyfob form factor much like a USB thumb drive, and similar in appearance to the Nitrokey Pro.

The Purekey integrates a USB-based smart card reader in addition to the other security token features it has. For the smart card function, it will act like other separate USB hardware tokens and will store the user’s keys. The user will plug the Purekey into their laptop’s USB port whenever they want to access their keys.

Purekey will also be a critical component in Purism’s tamper-evident boot protection. Purism will tightly integrate Purekey into their tamper-evident boot software so that customers will be able to detect tampering on their hardware from the moment it leaves the factory.

Both new and existing users of Librem laptops will be able to use the new hardware. “Existing users will be able to order a Purekey by itself to use with their existing laptop. The main difference between existing customers and those that purchase new hardware is that Purism will have the ability to do integration work between the hardware and the Purekey before shipping to the customer, (such as generating a default key to use to decrypt the disk, for instance) and in the future tightly integrate it with our Heads tamper-evident solution. Existing customers will still have those features, but they would need to do the configuration on their existing hardware instead of it being set up by default,” said Rankin.

Why it matters: KeyFOB or SmartCards are mandatory in public sector and some enterprises where employees and executives have access to classified or critical data. By integrating Purkey with it’s laptops, Purism is targeting those users.

Rankin said that the strongest demand for Purekey comes from enterprises, which already have experience with security tokens both to store encryption keys as well as for multi-factor authentication. “Adding ‘something you have’ to the standard ‘something you know’ passwords provides an extra level of protection in the event a password is compromised,” he said.

Also, security-minded customers are starting to use smart cards as part of their daily workflows and many engineering departments hand them out to employees so developers can sign their code and provide a chain of trust starting with the developer’s workstation.

Beyond enterprise, Purism sees demand for such solutions even by individuals who need to protect their laptops. Outside of the enterprise, Purism wants Purekey to become a  customer’s ‘key to their computer’ with uses cases like:

  • A secure and easy way to store GPG keys and share them on multiple
    devices for encrypted communication.
  • Integrate with disk encryption so the user can insert their Purekey
    instead of typing in a long passphrase to unlock their disk.
  • Integrate with a password manager to unlock it or provide an additional
    method of authentication.
  • As a hardware multi-factor authentication token for websites (HOTP and
    TOTP are supported).
  • Automatically lock your computer when you remove your Purekey
  • If you are looking for an extremely secure Linux laptops, Purism is a good choice.

Check out our interview with Purism founder Todd Weaver.