On 01/03/16 00:14, Joshua Terrill wrote: > Thanks for the replies, everyone. So what about a solution like Yubikey > NEO? I read on their site that you can generate a keypair and put it on > the yubikey. But what I'm a little confused about is, once you have the > public and private key on the card, how do you use it to > encrypt/sign/decrypt things? Excuse my lack of knowledge on this. It all > seems pretty cool, and I'm just trying to wrap my head around it.
Only the private keys go on the card. Public keys are intended to be public. ;-) A yubikey Neo will work in the same way as a PGP smartcard, the main difference being that you can directly connect it to a USB port without a smartcard reader. If you have your private subkeys on a smartcard, you can sign and decrypt in the normal fashion so long as the smartcard is plugged in. You don't need the card for encryption or verification, as these are done (by other people!) using your public key. If you run "gpg2 --card-status" when you plug the card in for the first time, gpg will remember to check the card for those subkeys in the future. You will also need a copy of your public key on the same machine - depending on where you generated your private key this may not be automatic. You can fix this by running "gpg2 --card-edit fetch" with the card plugged in. A
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users