PGP (GPG) Smart Cards
I bought my first Yubikey 4 a little over a year ago. Let me say, the experience of plugging in a physical USB for two-factor authentication is extremely satisfying. When using a U2F device there are no codes to configure… no apps to run… everything just works.
Smart-card functionality however… is different
If only it was that easy…
Using the PGP function of the smart-card requires you to understand a little more theory… Oh and finding a wonderful step-by-step guide on Github helps a lot.
The end result, however, is definitely worth it. Once configured correctly, you can use your Yubikey to SSH into servers, sign git commits, encrypt emails and files, or if you are daring, fully encrypt your Linux laptop drive. You can’t tell me that isn’t awesome.
After several attempts, I finally got my Yubikey configured the way I wanted using this guide and set all my servers to use my new key. After a week of using this system, I am very satisfied at just how easy it is to swap computers and use my key where ever I go. The fact that my key is unable to leave my smartcard is a huge reassurance as well. That means I don’t have to worry as much about anything other than my PIN or public key being phished. Or… it at least means anyone after my key would have to be very dedicated.
Or… this is a lot more likely…
At the very least, this is a convenient setup I would recommend to anyone who uses PGP or SSH on a regular basis. This is a setup I wanted to try for a long time and I’m so glad I finally did!