Yubikey
GPG Setup and Tutorials
- Make a key external to the Yubikey device, and back it up because there's no way to extract a key back out from the Yubikey (on purpose).
- Then use
gpg --edit-key
to runkeytocard
several times to move the signature key, encryption key, and authentication key in order. - "After this the keyring is saved. And that point it no longer contains the real secret key, only a pointer indicating that it’s stored on a smart card."
Models
PIV
The YubiKey 4 and 5 series along with the YubiKey NEO support the Personal Identity Verification (PIV) interface specified in NIST SP 800-73 document "Cryptographic Algorithms and Key Sizes for PIV".