"gpg --card-edit" with multiple card readers (Yubikey)
Michael Richardson
mcr+ietf at sandelman.ca
Mon Jul 17 19:36:02 CEST 2023
Andrew Gallagher <andrewg at andrewg.com> wrote:
>> Juanjo via Gnupg-users <gnupg-users at gnupg.org> wrote:
>>
>>> This may be a good starting point:
>>> https://github.com/drduh/YubiKey-Guide
>>
>> "Keys stored on YubiKey are non-exportable (as opposed to file-based
>> keys that are stored on disk) and are convenient for everyday use. "
>>
>> In my case, I want the same key on multiple devices, which 3 to 5 core
>> members of an open source project will hold. (I am also considering
>> if we want a higher security key which would be secret split across
>> those keys, but we aren't building a CA here, but..)
>>
>> Is that possible with these devices?
>>
>> In some cases keys can be transfered in an encrypted form for another
>> device, but not recovered by outsiders.
> This is not possible with a Yubikey. If you want the same (sub)keys on
> multiple devices you must generate them on your laptop and copy them to
> each device in turn, remembering not to delete until you’re done.
okay, so in this case we are using the Yubikey only as a storage, equivalent
essentially to a USB storage? Or does it still do crypto on the device?
--
Michael Richardson <mcr+IETF at sandelman.ca> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 515 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230717/8b0213b0/attachment.sig>
More information about the Gnupg-users
mailing list