How to Generate GPG Subkeys for Everyday Use

Показать описание

This is a guide to using YubiKey as a SmartCard for storing GPG encryption, signing and authentication keys, which can also be used for SSH. Many of the principles in this document are applicable to other smart card devices.

Keys stored on YubiKey are non-exportable (as opposed to file-based keys that are stored on disk) and are convenient for everyday use. Instead of having to remember and enter passphrases to unlock SSH/GPG keys, YubiKey needs only a physical touch after being unlocked with a PIN code. All signing and encryption operations happen on the card, rather than in OS memory.

Get Tails:
Get a Chaos Key:
Get at least 1 Yubikey:
Get at least 3 USB sticks.

Check out the GPG series by 402 Payment Required:

Listen to WCN Audio Podcasts:

Follow WCN on Twitter:
Follow Max on Twitter:

Contribute to Max’s Bachelor Thesis on Multi Signature in Lightning Network Payments:

Bitcoin to the Max:
Read Rothbard ~ Use Bitcoin:
Open Source Everything:
Hackers Congress Paralelni Polis 2018:
Baltic Honeybadger 2018:
Nodl Personal Bitcoin Assistant:
Bisq Decentralized Exchange:
ColdCard Wallet:
Purism:
Bitcoin Op Tech Newsletter:
Mises University:
Hayek Summer Workshop:

Рекомендации по теме

Комментарии

One thing you did not make clear about expiration dates. An expiration date is not a time machine that goes into the future stops signing signature checking, and encrypting & decrypting from working. We don't have a time machine like that. If you encrypt a file with a key, and then the key expires people post expiration date will still be able to decrypt that file. If expiration date if expired, simply tells people not to encrypt files with that key anymore because there is an increased likelihood that the key is compromised. Similarly with signatures. An expired key is not really prevented from signing and signature checking, the expired signature simply warns people not to trust the result of that key and to start using a newer key.

If one is not careful to explain this, people get the idea that they can use an encryption key with a short expiry date, and thereby prevent the file from being decrypted post expiry date. It does not work that way!

An expiration date is a recommendation to use a newer key after a certain date. It does not control what can or can not happen in the future.

paulelliott

Hi, during the authentication subkey you choosed option S and E and said it did toggled off and for A toggle on, how do you know, for me it seemed to be toggle on for all.

jamescath

How to Generate GPG Subkeys for Everyday Use

How to Generate GPG Subkeys for Everyday Use

Creating and Managing a GPG Key Pair

GnuPG for SSH authentication

Yubikey hands on: how to create, store and use GPG subkeys stored on your Yubikey

Still confused about GPG keys and subkeys

What's the standard (or accepted) method to use several encryption subkeys in GPG?

Yubikey 1 - Securely Generating PGP Keys

Create PGP Keys

gpg subkeys with different keylength

gpg explained

How do I create a GPG key?

Basic File Encryption with GPG key pairs!

How to Setup Your Yubikey with Your GPG Subkeys

GPG/SSH: Making a key a subkey after the fact

Exporting subkeys impossible on Windows GPG

Is it possible to generate GnuPG keys without subkeys? (2 Solutions!!)

Sign files using PGP

Working with GPG

How to strip a subkey from a gpg key?

What is the proper configuration for gpg, ssh, and gpg-agent to use GPG auth subkeys for SSH...

UKNOF34 - An overview of the PGP Key Signing Process

How to have a different pass phrase for a gpg subkey? (2 Solutions!!)

How to renew an expired encryption subkey with gpg?

Using APT keys | GPG and Third Party Keys Explained