Quick update on Librem Key Usage
In another post, I noted the steps I took to get my Librem Key working for my cryptography needs within Pure OS. This covers:
- Sign and Verify operations
- Encrypt and Decrypt operations
- Use of my Authentication key to SSH into my various machines globally
- Integration with PureBoot
One thing I noted in the last post was that if you wanted to use the pkcs11 interface
of the smartcard, it was necessary to kill off gpg-agent first. What I failed to notice
myself, was that on normal boot the pcks11 interface grabs the device first. Since I was
not frequently booting to run straight into SSH, I was generally unplugging my Librem Key
and only plugging it back in when I needed to SSH. This allowed gpg-agent to snag the
device and make it seem like nothing was wrong to me.
Fast forward to today, when I'm using SSH immediately almost every time I start my machine. Since I don't wish to wear out the USB plug in short order, and since clearly software is to blame, I set forth on finding a solution:
sudo systemctl disable pcscd && sudo systemctl stop pcscd
There you have it, now your gpg-agent reigns supreme over your smartcard and you can go
about your business just fine. Should you wish to use the pkcs11 interface just stop
your local gpg-agent, and start pcscd:
systemctl --user stop gpg-agent && sudo systemctl start pcscd