YubiKey 4 and PGP/GPG
The YubiKey is an OTP/U2F device that fits on a keychain and shows up as an input device. By pressing the button on the YubiKey it outputs a long string that is used for OTP/U2F. It costs about $40 on Amazon and can easily be used with multiple Google or GitHub accounts. The newer versions of the YubiKey support storing PGP keys.
I’ll be using Arch for this guide.
- Install the YubiKey personalization tools
pacman -S yubikey-personalization
- Put the device in CCID mode.
- Next, the card needs to be configured.
- Set both the admin PIN and user PIN
- The card should now have PGP keys.
- Make sure the PGP key exists on the card.
- Also make sure the secret exists.
Now that you have PGP keys you can signup for keybase.io or any other PGP key server.
I recommend that you go back to the
gpg --card-editmenu and set the
urlof your public PGP key.
- Now when you plug your YubiKey into another machine, you can fetch the PGP key off the card like so.