Using OnlyKey with Linux
Step 1 - Linux UDEV Rule
Linux requires a UDEV rule in order for non-root users to be able to communicate with USB devices. Installing the OnlyKey App .deb will also install the UDEV rule automatically or to install manually:
-
Go to https://github.com/trustcrypto/trustcrypto.github.io/blob/master/49-onlykey.rules and download or create a copy of the file named
49-onlykey.rules
into the Linux directory:/etc/udev/rules.d/
. -
Use the command
udevadm control --reload-rules && udevadm trigger
or restart system for changes to take effect
To complete this via terminal issue the following commands:
$ wget https://raw.githubusercontent.com/trustcrypto/trustcrypto.github.io/pages/49-onlykey.rules
$ sudo cp 49-onlykey.rules /etc/udev/rules.d/
$ sudo udevadm control --reload-rules && sudo udevadm trigger
Step 2 - Install OnlyKey Desktop App
For Debian user’s install the DEB below.
For other Linux users you may install the OnlyKey app via snapcraft
$ snap install --beta --devmode onlykey-app
At time of writing, an issue is open with snapcraft to allow USB permissions, this requires manual approval from snapcraft. Once this is complete the app can be installed without dev-mode. Additional alternatives are mentioned below:
Install Brave/Chromium Browser The app is also available as a Chrome app which is supported in Brave and Chromium browsers:
Follow instructions here to install Brave browser
Launch Brave browser
$ brave-browser
Click here to browse to the OnlyKey Configuration app on the Chrome Web Store and select ‘Add to Chrome’
Extract and run directly As an alternative you may also extract the .DEB and run the application directly:
$ ar xf OnlyKey*.deb
$ tar xf data.tar.xz
Copy the OnlyKey directory to where you want the app i.e.
$ sudo cp -r opt/OnlyKey/ /opt/
Fedora requires additional dependency
$ sudo dnf install libXScrnSaver
To launch the app run the nw file located in the OnlyKey directory, you may want to create a symlink to launch the nw file.
Step 3 - Customization
You may want to also install the OnlyKey CLI app. Follow instructions here
This permits additional customizations such as scripting to automatically running commands when OnlyKey is inserted.
-
One requirement of TOTP (Time-based One-time Password) is having the correct time. If OnlyKey is used on a system where the OnlyKey app is not running it will display “NOTSET” instead of the OTP code. Because OnlyKey has no battery it requires an app to send it the correct time to be able to generate TOTP codes. If you have OnlyKey command-line utility installed, adding the following to UDEV rule will automatically set the current time on OnlyKey every time you plug it: RUN+=”/usr/local/bin/onlykey-cli settime” Additonal details are provided in the udev rule here - https://github.com/trustcrypto/trustcrypto.github.io/blob/master/49-onlykey.rules
-
Another example is provided for OnlyKey to blink blue whenever the udev rule is run. This is useful for visual verification of LUKS disk decryption, additional details available here