On Monday, 24 February 2025 15:32 Clara Engler via tor-relays wrote: > This made me think about how we could solve that issue by storing the > Ed25519 identity key on a Yubikey and let it sign the relevant > certificates.
Nice feature, has been requested by some in recent years. > In theory, one Yubikey can store up to 17 relay identity keys, before Nitrokey 3 (27 ECC keys) Nitrokey HSM 2 (55 ECC keys) Onlykey Pro is in development. It is intended to offer plenty of storage space for password managers and will probably be able to store many ECC keys. (Will hopefully be released on Kickstarter in a few months) > reaching its limit. Unfortunately, Ed25519 support is rather new in > Yubikeys, so you will probably need a newer one (I developed it with > firmware 5.7). e.g: ed25519-sk key-pair is only supported by new YubiKeys with firmware 5.2.3 https://gist.github.com/boldsuck/905c2c01e596e5673340216089366b76 This is exactly why I don't buy Yubikeys anymore. You don't know what firmware you're getting before you buy it. Firmware can't be updated. Every time I buy one, months later I find that a new feature is missing. :-( Nitro-, Solo-, Onlykeys are open source & fw upgrade able. Backup and upload to new key(s) is possible. -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom!
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ tor-relays mailing list -- tor-relays@lists.torproject.org To unsubscribe send an email to tor-relays-le...@lists.torproject.org
