Threads for sera

  1. 6

    I had no idea that YubiKeys could store SSH and GPG keys. Currently, my whole digital identity can be trivially bootstrapped from my SSH key and my GPG key:

    1. Install SSH and GPG keys
    2. Use SSH to clone my pass database from
    3. Use GPG to decrypt any password from my pass database
    4. Use GPG + a symmetric key derived from a passphrase I have memorized to get all my financial information

    It would be really nice to back these with a hardware store.

    1. 3

      They only store gpg keys (as a smartcard), but the gpg-agent tool can use gpg keys for ssh (as a drop in replacement for the ssh-agent tool).

      You can use gpg-agent to use any gpg key as an ssh key, not just a smartcard one.

      1. 2

        A great guide to setting up GPG and ssh with a Yubikey can be found here. I found it very helpful.

        1. 2

          Ah, understood. Very cool!

          1. 2

            You may also want to look at pivy which allows SSH key and other signing use of Yubikeys and smart cards without the GPG business!