Using PGP & U2F with a Linux laptop?

Hi there. I’m considering purchasing a Vivokey Flex but have a few questions about using it with my laptop (running Kubuntu 18.10), as well as my smartphone.

First off, are there any small USB NFC readers that I can purchase and plug into my laptop? Ideally I would want a small dongle that just fits into the port and stays in the laptop, rather than a large external sensor with a long USB cable.

Second, how does the Vivokey interface with gpg-agent? Right now I have a Yubikey 4C, and the flow there is to:

  • attempt to sign/decrypt/ssh something
  • Pinentry appears and prompts me to insert the device
  • Pinentry prompts me for my Yubikey’s PIN
  • I tap the Yubikey to complete the action

If I have an NFC reader connected to my laptop, what’s the flow like when attempting to sign with the PGP keys on the Vivokey? Do I have to awkwardly hold my hand against the reader while I wait for Pinentry to wake up, then enter my PIN with my other hand, while not pulling my Vivokeyed hand away? Or can I pre-enter my PIN before touching my hand to the device? Will I have to re-enter my PIN every time I need to sign something? Or can I configure the Vivokey to only require a PIN after some period of inactivity?


1 Like

great questions… we are planning on working with a fork of the SmartPGP applet on the Flex One, but you are also welcome to deploy any applet you want through the Fidesmo developer portal. I’m pretty sure that SmartPGP can be made to work similarly, if not identically.

Are you a member of the Flex Beta Program?

1 Like

I am not. I have been watching Vivokey’s progress over the past couple of months and am strongly considering purchasing a Flex later this year as part of your Fall release :smiley:

I would certainly be willing to tinker with the SmartPGP applet, but I still haven’t been able to find a USB NFC dongle. Are you aware of any cable-less dongles? Ideally around the size of a USB drive


How about this one?

1 Like

We’re investigating this still currently; I have done a little bit of work and have successfully got the app working on a test card. We also happen to have a manufacturer prefix and OpenPGP is definitely on the list.

I’ve done some testing and if your gpg-agent is correctly configured (you need to mark the keyhandle if i remember correctly), it will ask you to place the specific OpenPGP card on the reader and possibly ask for a pin (depending on your signing settings). But, smartcard openPGP login is quite within the realm of possibility.