Skip to main content

Yubikey

GPG Setup and Tutorials

  • Make a key external to the Yubikey device, and back it up because there's no way to extract a key back out from the Yubikey (on purpose).
  • Then use gpg --edit-key to run keytocard several times to move the signature key, encryption key, and authentication key in order.
  • "After this the keyring is saved. And that point it no longer contains the real secret key, only a pointer indicating that it’s stored on a smart card."

Models

PIV

The YubiKey 4 and 5 series along with the YubiKey NEO support the Personal Identity Verification (PIV) interface specified in NIST SP 800-73 document "Cryptographic Algorithms and Key Sizes for PIV".

SSH

OATH

Passkeys