Anthony J. Martinez

Quick update on Librem Key Usage

In another post, I noted the steps I took to get my Librem Key working for my cryptography needs within Pure OS. This covers:

One thing I noted in the last post was that if you wanted to use the pkcs11 interface of the smartcard, it was necessary to kill off gpg-agent first. What I failed to notice myself, was that on normal boot the pcks11 interface grabs the device first. Since I was not frequently booting to run straight into SSH, I was generally unplugging my Librem Key and only plugging it back in when I needed to SSH. This allowed gpg-agent to snag the device and make it seem like nothing was wrong to me.

Fast forward to today, when I'm using SSH immediately almost every time I start my machine. Since I don't wish to wear out the USB plug in short order, and since clearly software is to blame, I set forth on finding a solution:

sudo systemctl disable pcscd && sudo systemctl stop pcscd

There you have it, now your gpg-agent reigns supreme over your smartcard and you can go about your business just fine. Should you wish to use the pkcs11 interface just stop your local gpg-agent, and start pcscd:

systemctl --user stop gpg-agent && sudo systemctl start pcscd