Yubikey

Tue, 10 Oct 2017 00:28:32 +0000

found top level header in "/notes/security/yubikey/" that didn't match meta title ("YubiKey 5 Series" != "Yubikey")

The YubiKey 5 series packs a lot of functionality into a small hardware token. It supports FIDO2/WebAuthn for passwordless authentication, PIV smart card operations, OpenPGP key storage, TOTP and HOTP one-time passwords, and static password slots. Most of what you'd want for day-to-day security lives on one device that fits on your keychain.

This note focuses on the YubiKey 5 series. If you're coming from a YubiKey NEO, check the migration notes at the bottom.

GPG Process Notes

Mon, 09 Oct 2017 23:35:34 +0000

These are my working notes on GnuPG key management, smartcard workflows, and related operational practices. This covers everything from initial key creation through daily use, maintenance, and diagnostics.

Initial Key Creation

Start with a clean GnuPG directory. Modern GnuPG uses the keybox format internally so there's no need to worry about legacy keyring files.

1

rm -rf ~/.gnupg/*

Drop in your preferred gpg.conf from your dotfiles, then begin key generation:

Security on ./Sam_Stelfox.sh

Yubikey

GPG Process Notes

Initial Key Creation