Hi!
I really enjoy using Yubikeys so far but there are a couple of things I'd love to do which I couldn't.
1. I'd like to be able to write keyfiles onto my Yubikey. I use VeraCrypt and I use KeePassX. Both of them can take keyfiles. VeraCrypt can work with them over PKCS #11. I'm not sure if KeePassX can. But it would be great if I could upload keefiles to my Yubikey (or better yet - generate one onboard) and store them there PIN-protected. I guess it just requires another applet like OpenPGP.
2. It would be even better if I could place bootloader and encryption key onto Yubikey and boot my system from there. On Windows machines we use Diskcryptor, which allows one to encrypt every bit of his HDD including MBR. You can then place a bootloader onto a memory stick. You plug it in, power on your machine. It boots from the stick. You enter your password when prompted. Then it decrypts your HDD and you can remove the stick. The rest of booting process goes as usual. Would be great if I could use the same Yubikey for that stuff. It would give the bootloader more protection than a regular USB stick does. And it would eliminate the need to carry another thing on a keyring
