Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 2:09 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 3 posts ] 
Author Message
PostPosted: Sat Sep 16, 2017 6:59 am 
Offline

Joined: Sat Sep 16, 2017 6:04 am
Posts: 2
Hi,
I have transfered with success my pgp keys to my Yubico key 4.
But how to check it ? How to use it ?
Nothing is shown on my Yubico key.
Thx


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Wed Sep 20, 2017 12:30 pm 
Offline

Joined: Thu Sep 07, 2017 5:16 pm
Posts: 9
assuming that you are on windows and that you have installed gpg4win with gpa and kleopatra selected:

in kleopatra you should see your key with a smartcard icon next to it that means that the private key is on the smartcard.
to check the gpg data on yubikey you can use this command (from cmd):
Code:
gpg --card-status

this will tell you if there are keys and their fingerprint.

to use it you can drag&drop a file in kleopatra and it will ask you what to do with it:
-sign
-encrypt
-both
-decrypt
-verify
the same apply if you don't use a yubikey.

make a copy of the private key OFFLINE before moving the key to card (after is no more possible).
keep also a copy of the public key, you will need it.
you can move it to other pc, import it (drag&drop), and issue the above command to let gpg understand that the private key part is on the smartcard.


Top
 Profile  
Reply with quote  
PostPosted: Sun Sep 24, 2017 6:06 pm 
Offline

Joined: Sun Sep 24, 2017 3:10 pm
Posts: 11
Yes this is very good. I agree you should make a backup. I like the idea that it is possible to generate a new key from within the Yubikey 4 it's self, but I like the idea better of making it myself on the computer and making a backup somewhere and then adding it to the Yubikey. I would recommend making a revocation key as well, so if the worst happens and your Yubikey dies, you can always officially revoke and upload your dead public key and make a new key and start over.

I have to say though, the whole experience of setting up this OpenPGP aspect on my Yubikey was painful. Discrepancies between the PIV manager code not matching when I was entering in the pgp commandline etc.

PGP is fantastic, but it really needs to be more user-friendly else it will stay in the hands of us techies, geeks and those who are issued with the capability by their job or something which is just already ready to use.

Now that I have made a new pgp key that is compatible with the YK4 (I never really bothered much with RSA keys before) and gotten it set up in the YK4, it has simplified my decrypting and signing processes and I really like it. I have tested blocking my key by using the wrong pin and have managed to figure out how to get it unblocked by using the admin pin. But I am concerned that if I tested the same thing out by purposefully failing the admin code, that it might kill my ability to ever use my YK4 for openpgp functionality or something. I have no idea (does anyone know what steps are needed if you get the wrong admin pin too many times?)


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: Google [Bot] and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group