pgp-yubikey.md (1705B)
1 --- 2 title: PGP with 2fa usb sticks 3 author: "Linus Behrens" 4 date: 2025-07-05T16:00:00+02:00 5 tags: ['tech', 'security'] 6 header: "/header/linux.jpg" 7 draft: true 8 --- 9 10 ```sh 11 gpg --expert --full-gen-key 12 ``` 13 14 - Enter `RSA` 15 - Enter `4096` 16 - Enter expiration date 17 - Enter user information and email 18 - Enter random input (mouse, keyboard) to gain entropy 19 20 Output: 21 ``` 22 gpg: key <keyID> marked as ultimately trusted 23 ``` 24 25 ## Add authentication key (if not default) 26 27 ```sh 28 gpg --expert --edit-key <keyID> 29 ``` 30 31 ```sh 32 addkey 33 ``` 34 35 - Enter the `passphrase` 36 - Enter `8` for RSA 37 - Enter `S` for disabling "sign" 38 - Enter `E` for disabling "encrypt" 39 - Enter `A` for enabling "authentication" 40 - Enter `Q` for leaving dialoge 41 - Enter key size 42 - Enter same expiration date as before 43 - Enter `Y` to safe the changes 44 45 ## Back pgp-Key up 46 47 ```sh 48 gpg --export-secret-key --armor <KeyID> 49 ``` 50 51 - Store output safe 52 53 ## Add pgp-keys to the YubiKey 54 55 - Insert YubiKey into a USB port 56 57 ```sh 58 gpg --edit-key <KeyID> 59 ``` 60 61 ```sh 62 keytocard 63 ``` 64 65 - Signature subkey: 66 - Enter `keytocard` 67 - Enter `Y` to continue 68 - Enter `1` to move the signature subkey to a slot in the yubikey 69 - Enter `key 1` 70 - Encryption subkey: 71 - Enter `keytocard` 72 - Enter `Y` to continue 73 - Enter `2` to move the encryption subkey to a slot in the yubikey 74 - Enter `key 1` 75 - Enter `key 2` 76 - Authentication subkey 77 - Enter `keytocard` 78 - Enter `3` to move the authentication subkey to a slot in the yubikey 79 - Enter `quit` to leave 80 81 When asked **do not safe** your changes enabling you to copy the key to another Yubikey. 82 83 --- 84 85 [article by yubikey](https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP)