Highest Voted 'yubikey' Questions - IT Security Stack Exchange

8

votes

1 answer

How to manage employee OpenPGP keys?

I am trying to create a secured policy for storing and maintaining keys between users of my company. I am rather new to OpenPGP and thus need some advice. Currently, the idea is: Generate a master key per user with only the certify capability.…

asked May 26 '16 at 09:42

NewbiZ

183
5

7

votes

3 answers

How to set up two YubiKeys to have the same secret?

A lot of services offer authentication with FIDO2, such as Twitter, but only allow the user to set one "security key". This is problematic in case the key is lost or breaks. The ideal solution would be to allow a user to set up multiple keys,…

yubikey fido2

asked Feb 03 '21 at 11:53

user163495

7

votes

2 answers

How to use YubiKey through GnuPG on remote server?

I'm wondering if it is possible to use a Yubikey to unlock for example a GnuPG key on a server, so can I somehow pass the generated token from the YubiKey over SSH to the server in an easy way?

ssh pgp gnupg server yubikey

asked Jul 28 '17 at 19:42

Ragadabing

213
2
5

7

votes

1 answer

Relative merits of Yubico OTP vs. OATH-HOTP?

What are the pros and cons of using Yubico OTP vs. OATH-HOTP? They both seem very similar.

multi-factor one-time-password yubikey

asked Feb 28 '16 at 07:26

Richard Hansen

376
3
13

7

votes

1 answer

Yubikey: How is the OpenPGP key secured by PIN and passphrase?

Using the Yubikey 4 as an OpenPGP smartcard with GnuPG: How is the user PIN and user passphrase secured? In case a sophisticated attacker with physical access to the Yubikey 4 manages to physicaly extract the private-key under the microscope…

cryptography pgp gnupg smartcard yubikey

asked Jan 03 '16 at 14:16

user3200534

851
8
19

7

votes

1 answer

Are there any risks associated with using a single U2F/FIDO key with multiple sets of credentials?

I recently got a FIDO U2F key (AKA a Yubikey). I currently only use it across a range of services, but could this be a security risk in any way? For example, if I use my U2F key to authenticate on a shady and/or insecure and/or malicious website,…

yubikey u2f fido

asked Oct 30 '15 at 15:32

Jules

1,240
1
10
20

6

votes

1 answer

Best practice of deprecating old OpenPGP subkeys when migrating to a new subkey pair?

I've been using GnuPG with an offline master + online subkey setup for a while now. All my email is signed with the signing-only subkey and encryption is done with the encryption-only subkey. The subkeys are 4096 bits. This setup works well, but I…

encryption public-key-infrastructure key-management gnupg yubikey

asked May 31 '15 at 06:09

Pavel

63
3

6

votes

2 answers

What are the weaknesses of my authentication scheme?

So, recently, after going through some infosec training (FutureLearn's Introduction to Cyber Security, which I heavily recommend as well-explained newbie material), I decided to take the plunge and finally up the security of my authentication in…

authentication password-management password-policy yubikey custom-scheme

asked Nov 06 '14 at 13:33

Hadrien G.

61
2

6

votes

6 answers

When should I issue more than one multi-factor device to a user? Is it OK to give several active tokens vs none at all?

Most of the conventional IT.Sec thinking I've seen says that a user can only have one multi factor authentication device. I'd like to challenge that defacto-thinking and ask if there is ever an occasion where: More than one multifactor device…

authentication multi-factor yubikey hardware-token authenticator

asked Jan 08 '13 at 14:12

makerofthings7

50,090
54
250
536

6

votes

0 answers

How sensitive is the primary key stub of an ed25519 security key (~/.ssh/id_ed25519_sk)?

Now that OpenSSH supports Elliptic curve security keys (since version 8.2), it's possible to generate a ed25519-sk key on a hardware security key: $ ssh-keygen -t ed25519-sk -C comment This generates a public and a private key parts. How sensitive…

ecc yubikey openssh fido ecdsa

asked Jan 04 '22 at 13:15

Petr

495
2
10

6

votes

1 answer

Security risks of selling a used YubiKey / Factory resetting a YubiKey

I am a proud owner of a YubiKey 5 NFC and have been using it for quite some time now. I want to replace it with another YubiKey 5 NFC running a slightly newer firmware. I have utilized almost all features the YubiKey offers including Yubico OTP, PIV…

yubikey

asked Apr 14 '20 at 20:29

jnsp

385
1
9

6

votes

2 answers

How do I back up YubiKey-backed TOTP authentication?

I bought a YubiKey 5 NFC this week and have started using 2FA and U2F where I can but am deathly allergic to the idea of losing access. For backing up U2F access I'm going to buy a second U2F token (probably a YubiKey depending upon the answer to…

oauth backup yubikey totp

asked Feb 14 '19 at 14:19

mas

297
2
9

6

votes

3 answers

Why would it be a good idea for someone to get a YubiKey?

For what uses would it be smart to get a YubiKey?

yubikey u2f

asked Jul 31 '12 at 15:10

Gabriel Fair

1,495
2
13
23

6

votes

1 answer

uploading pkcs12 to yubikey piv slot

i have a id_rsa (private key which is used by me to authentication and encryption together with cert on yubikey piv smardcart provider on slot 9a) now i wish to use this key to create a pkcs12 keystore (private key + self signed cert) to sign jar…

encryption yubikey pkcs11 pkcs12

asked Mar 15 '16 at 16:12

ceph3us

161
1
6

6

votes

1 answer

GnuPG + Yubikey: Can a trojan extract any secret key or sensitive information?

When using GnuPG with a Yubikey 4 on a Laptop for e-mail communication: Can a trojan extract any secret key or sensitive information? If so, what information would that be?

pgp gnupg smartcard yubikey

asked Jan 03 '16 at 01:52

user3200534

851
8
19

Questions tagged [yubikey]