Various stuff about Yubikey and GPG.
Install GPG4Win, I'm using v3.1.13
Create a new key, select "RSA and RSA", 4096-bit for both key lengths, no expiry:
gpg --expert --full-gen-key
Make a note of the key fingerprint, e.g. 24615ADD763DEA90 Remember the passphrase entered here.
gpg --expert --edit-key 24615ADD763DEA90
Add the authentication key with addkey
, chose option 8 "RSA (set your own capabilities)", then use s
, e
and a
to toggle Sign and Encrypt off, and Authenticate on.
gpg --expert --edit-key 24615ADD763DEA90
Add the authentication key with addkey
, chose option 8 "RSA (set your own capabilities)", then use s
, e
and a
to toggle Sign and Authentication off, and Encrypt on.
gpg --expert --edit-key 24615ADD763DEA90
Add the authentication key with addkey
, chose option 8 "RSA (set your own capabilities)", then use s
, e
and a
to toggle Encrypt and Authentication off, and Signing on.
gpg --export-secret-key --armor 24615ADD763DEA90 > secret_key_file.asc
Plug in the Yubikey.
gpg --edit-key 24615ADD763DEA90
toggle
keytocard
y
1
Choose the (1) Signature key
and enter the passphrase from the first steps here.
The Admin Pin is the Yubikey Admin PIN, by default 12345678.
Now select Key 1
key 1
keytocard
Choose the (2) Encryption key
and enter the passphrase from the first steps here.
The Admin Pin is the Yubikey Admin PIN, by default 12345678.
Now save
and quit