"gpg --card-edit" with multiple card readers (Yubikey)

Michael Richardson mcr+ietf at sandelman.ca
Mon Jul 17 19:36:02 CEST 2023

Andrew Gallagher <andrewg at andrewg.com> wrote:
    >> Juanjo via Gnupg-users <gnupg-users at gnupg.org> wrote:
    >>> This may be a good starting point:
    >>> https://github.com/drduh/YubiKey-Guide
    >> "Keys stored on YubiKey are non-exportable (as opposed to file-based
    >> keys that are stored on disk) and are convenient for everyday use. "
    >> In my case, I want the same key on multiple devices, which 3 to 5 core
    >> members of an open source project will hold.  (I am also considering
    >> if we want a higher security key which would be secret split across
    >> those keys, but we aren't building a CA here, but..)
    >> Is that possible with these devices?
    >> In some cases keys can be transfered in an encrypted form for another
    >> device, but not recovered by outsiders.

    > This is not possible with a Yubikey. If you want the same (sub)keys on
    > multiple devices you must generate them on your laptop and copy them to
    > each device in turn, remembering not to delete until you’re done.

okay, so in this case we are using the Yubikey only as a storage, equivalent
essentially to a USB storage?  Or does it still do crypto on the device?

Michael Richardson <mcr+IETF at sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 515 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230717/8b0213b0/attachment.sig>

More information about the Gnupg-users mailing list