[TriLUG] Yubikey + GPG

Kevin Howell kevin at kahowell.net
Tue Nov 19 19:08:26 EST 2013


Someone at the Keysigning Workshop asked about using a Yubikey with GPG.
I got to googling and it turns out that while a standard Yubikey can't
be used for this purpose, the Yubikey NEO has an OpenPGP applet that
supports this scenario, if you put it in a CCID emulation mode.
https://www.yubico.com/2012/12/yubikey-neo-openpgp/

There are a few limitations apparently (see
https://github.com/Yubico/ykneo-openpgp/issues), namely that it only
supports 2048bit RSA keys. The easiest/supported usage is to generate a
new key on the card.

Also GPG does not support the key formats the Yubikey NEO uses (which
only apparently breaks importing existing GPG keys), but there are
patches to fix this (see
http://lists.gnupg.org/pipermail/gnupg-devel/2013-August/027874.html).
-- 
Kevin Howell | kevin at kahowell.net | http://www.kahowell.net


More information about the TriLUG mailing list