mls at bjoern-kahl.de
Sun Oct 23 00:16:57 CEST 2016
Am 20.10.16 um 19:46 schrieb lists at michel-messerschmidt.de:
>> Are there any new options that weren't listed already?
> Although I had very good experience with the SPR 532 (and a lot of trouble with another Cyberjack reader, the Comfort IIRC), the yubikey token has a better trade-off between usability and security for me.
> Mainly because its usable on mobile devices through openkeychain, but good support of 4k RSA keys is also welcome. Lack of a pin-pad is the main drawback. Tamper resistance and firmware source may be other discussion topics.
Not sure the YubiKey4 is a good choice to start with. I bought one
specifically for use with GnuPG (and for its U2F support). I had a
lot of troubles getting my YubiKey on it. It finally worked using a
recent Ubuntu, but on my Macbook with MacOS "El Capitan" I am unable
to access the keys. I only get "card error". Digging deeper with
dtruss (kind of "strace") I got as far as that scdaemon gets a "pcsc:
I /think/ it worked exactly once. But then I played a bit with the
PIV applet on the YubiKey (using yubico's piv-tool), and since then
I can not get to the OpenPGP applet on the YubiKey. Only the PIV
works (I see my x509 certificates in there in Keychain and can used
in Safari to authenticate to for example StartSSL.com)
(Any hints to get PIV and OpenPGP work side-by-side are most welcome.)
If adding the YubiKey, then there should be a warning not to never
play with the PIV applet on it.
| Bjoern Kahl +++ Siegburg +++ Germany |
| "mls at -my-domain-" +++ www.bjoern-kahl.de |
| Languages: German, English, Ancient Latin (a bit :-)) |
More information about the Gnupg-users