https://whynothugo.nl/tags/yubikey/Recent content in Yubikey on WhyNotHugoHugo -- gohugo.ioenSat, 09 Mar 2024 11:42:44 +0100https://whynothugo.nl/journal/2023/07/13/extending-an-expired-gpg-key/Thu, 13 Jul 2023 00:00:00 +0000https://whynothugo.nl/journal/2023/07/13/extending-an-expired-gpg-key/Slightly over a year ago, I set up a new hardware-backed GPG key on my yubikey device. Today I needed to sign a release, and noticed my key expired two days ago. It’s time to renew it. Possible approaches[permalink] When a key expires, there are three alternatives on how to address this: Generate a new key pair. This requires updating my public key everywhere (e.g.: on services that use my public key, in the README for projects where I sign releases, etc), which is somewhat of a nuisance.https://whynothugo.nl/journal/2023/03/13/using-a-yubikey-for-both-gpg-and-totp/Mon, 13 Mar 2023 18:39:00 +0100https://whynothugo.nl/journal/2023/03/13/using-a-yubikey-for-both-gpg-and-totp/I’ve written before on how I use a Yubikey for hardware-based GPG and 2FA on the web. I also use it for TOTP. That is, the Yubikey itself generates those common “authenticator codes” like many other Authenticator apps. But the secret seed is saved into hardware that does not support revealing it, instead of being handled by a regular app on a network-connected device. A nasty issue I’ve been dealing with is that when I signed something using GPG, the key would no longer work for TOTP unless I killed the gpg-agent.https://whynothugo.nl/journal/2022/07/11/using-a-yubikey-for-gpg/Mon, 11 Jul 2022 00:00:00 +0000https://whynothugo.nl/journal/2022/07/11/using-a-yubikey-for-gpg/I’ve written recently on how I use a Yubikey as a hardware security token for two factor authentication. One item I was missing was GPG, and this was mostly because setting up GPG is a bit tricker to set up and I simply hadn’t had the time. My previous key recently expired, so this is a good time to address that. This article explains the basics of how Yubikey + GPG works, and how to get started.https://whynothugo.nl/journal/2022/05/07/how-i-secure-my-setup-with-a-yubikey/Sat, 07 May 2022 00:00:00 +0000https://whynothugo.nl/journal/2022/05/07/how-i-secure-my-setup-with-a-yubikey/YubiKeys[permalink] I have a pair of YubiKey 5C NFC, which I use for authentication a lot. They’re small USB-C authentication devices which can generate multiple types of keys and are usable for different types of authentication. There's also a USB-A version if USB-C ports aren't your thing. The keys generated on-device cannot be extracted, which means that the only way to steal the keys is to physically steal the device itself.