Yubikey, PGP and SSH and Chromebooks

https://pgp.mit.edu/pks/lookup?op=get&search=0x9A043EF5DC61A9D5 is where my PGP public key can be found.

Why the sudden interest in PGP?

Basically it enables me to put my secret key on a Yubikey instead of a computer. They secret key is secured by a PIN which can only guessed x times (3 is default), then you have to use a PUK (3 times again), and then it's locked. Only a full reset will get it out of this and that will erase the private key too. That's way better than a passphrase secured private key file on a computer which can be cracked over time, though it might take a long time if the passphrase is a good one.

And the best: It works out-of-the-box with my Chromebook and the Secure Shell App via the Smart Card Connector! It also works on my Linux desktop with Chrome. Windows does not work though as the Smart Card Connector does not work as expected as the Chrome Smart Card Connector does not work on non-Linux.

The links to read (not in any particular order):

  1. https://www.esev.com/blog/post/2015-01-pgp-ssh-key-on-yubikey-neo/
  2. https://chromium.googlesource.com/apps/libapps/+/HEAD/nassh/doc/hardware-keys.md
  3. http://deferred.io/2017/08/03/yubikey4-gpg-ssh-u2f.html
  4. http://www.engineerbetter.com/blog/yubikey-ssh/

While not trivial to set up, it's very rewarding to know to not have a private ssh key on an inherently insecure computer.

Comments