[prev in list] [next in list] [prev in thread] [next in thread]
List: gnupg-users
Subject: Re: "gpg --card-edit" with multiple card readers (Yubikey)
From: Andrew Gallagher via Gnupg-users <gnupg-users () gnupg ! org>
Date: 2023-07-18 9:11:46
Message-ID: D7E4A96A-60DC-4499-A954-6E9C9A7AAC23 () andrewg ! com
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On 17 Jul 2023, at 18:36, Michael Richardson <mcr+ietf@sandelman.ca> wrote:
>
> Andrew Gallagher <andrewg@andrewg.com> wrote:
> > > Juanjo via Gnupg-users <gnupg-users@gnupg.org> wrote:
> > >
> > > "Keys stored on YubiKey are non-exportable (as opposed to file-based
> > > keys that are stored on disk) and are convenient for everyday use. "
> > >
> > > In my case, I want the same key on multiple devices, which 3 to 5 core
> > > members of an open source project will hold. (I am also considering
> > > if we want a higher security key which would be secret split across
> > > those keys, but we aren't building a CA here, but..)
> > >
> > > Is that possible with these devices?
> > >
> > > In some cases keys can be transfered in an encrypted form for another
> > > device, but not recovered by outsiders.
>
> > This is not possible with a Yubikey. If you want the same (sub)keys on
> > multiple devices you must generate them on your laptop and copy them to
> > each device in turn, remembering not to delete until you're done.
>
> okay, so in this case we are using the Yubikey only as a storage, equivalent
> essentially to a USB storage? Or does it still do crypto on the device?
The yubikey performs cryptography on the device, but does have a small amount of \
flash memory to store the private key material. The yubikey does not provide any \
method to copy the private key material back off that storage, it can only be \
overwritten or used by the yubikey's own processor.
A
["signature.asc" (signature.asc)]
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEKR55odxVrielLu+DXB7EBNWQZikFAmS2V1MACgkQXB7EBNWQ
ZikIgg/8C8y5h3FivMdvwoO7+54hT4ng2L3fE0Emeu2OiHqFNUHx2R0EpkAa6Pv3
QaZ+Mr5ZzFEs80PdeU4jVHqL4ff1vmRdnzsCFGO+l3XxvKuOCx4Spf9xJBPjOZRD
E/if9vKA9c8HcZddz1ILhlBcen4yzOGLnPZTbnmDy53IkyTIHvM+TKPemb70NvIn
tj1DXYhnYCdlsmz/Eao6wGMAfUBHSwkBEeGagRAA4retYLtrZ+lvsMcclkHQj8hr
/HN9dZeGWLNvIMpFKaB+BDLwzBsPYcQEgau9vc+lXqlvHlEQcIi7H/1d6alFZ742
/nQnM5SSoD0OBuB3ARla7RofESg5g31AA4FMSYmtNQu/M+WX1eHtSijRkp7DVjaN
dqD5f8NrxL/2X00bhfRBNj0hpQCHxDv2TxTDKItj2scc756AgDTsFc098EEGSKzN
u4i36AxgT+AESkD2oeYUxe+0+cyy67iO8MI2PYujHVKiJkIPc/634jKmcyXlGUmS
10QR4IcS6xK+ht3RlfIdr11AFuVK45IDLTxNGVkBgB14nkp7Izp6I3sivLpIMCrm
JVF015N9/ta0QM7fp9sdrL3HeDEW8AznkwsqLkA1t2QmV14U3FuE8JwHksTWNXRe
JEC3ZYhZ1APM+yoNGw1bbVM4kuv6cZJNaqM70CDbGhhitoHKPtI=
=uYZ2
-----END PGP SIGNATURE-----
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic