On 17 Jul 2023, at 18:36, Michael Richardson <mcr+i...@sandelman.ca> wrote: > > Andrew Gallagher <andr...@andrewg.com> wrote: >>> Juanjo via Gnupg-users <gnupg-users@gnupg.org> wrote: >>> >>> "Keys stored on YubiKey are non-exportable (as opposed to file-based >>> keys that are stored on disk) and are convenient for everyday use. " >>> >>> In my case, I want the same key on multiple devices, which 3 to 5 core >>> members of an open source project will hold. (I am also considering >>> if we want a higher security key which would be secret split across >>> those keys, but we aren't building a CA here, but..) >>> >>> Is that possible with these devices? >>> >>> In some cases keys can be transfered in an encrypted form for another >>> device, but not recovered by outsiders. > >> This is not possible with a Yubikey. If you want the same (sub)keys on >> multiple devices you must generate them on your laptop and copy them to >> each device in turn, remembering not to delete until you’re done. > > okay, so in this case we are using the Yubikey only as a storage, equivalent > essentially to a USB storage? Or does it still do crypto on the device?
The yubikey performs cryptography on the device, but does have a small amount of flash memory to store the private key material. The yubikey does not provide any method to copy the private key material back off that storage, it can only be overwritten or used by the yubikey’s own processor. A
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
