Yubikey NEO OpenPGP advisory

Peter Lebbing peter at digitalbrains.com
Thu Apr 23 10:36:47 CEST 2015

On 22/04/15 21:06, Werner Koch wrote:
> They probably downplay this bug because of the costs to replace all
> affected Yubikeys.

Oh wait... I somewhat assumed the things were field-upgradeable. I
thought you could pick the applications to load on a multi-application
Yubikey. In that case you can just download a new version of the app on
your Yubikey and you're good to go (although it'd lose the keys
currently on there).

If already deployed Yubikeys are not updatable, that changes things in
my eyes. I don't think I'd still use such a device as OpenPGP card.


I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

More information about the Gnupg-users mailing list