Subject: Re: wanted: educate us please on key dongles


Am 2017-08-11 14:41, schrieb Jonathan McDowell:
* Yubikey. I'm not sure about this; it's entirely closed these days
I believe. However they're easily available and I understand
they're pretty robust in terms of living on a keyring all the

I bought a YubiKey 4 a couple of years ago, because the YubiKey Neo
had great reviews and was open, and I assumed the 4 would be the
same, plus I wanted something that supported 4096bit RSA, which the
Neo doesn't. Unfortunately I only found out afterwards that the
YubiKey 4 is not open anymore. As I'd already transferred my keys
there, I decided to keep it until it breaks down.

From the pure hardware standpoint I must say that that thing is
_really_ good. I've had it on my "analog" keyring for the last two
years, I've dropped thamy keyring by accident countless times, the
thing has chaffed against the metal keys in there for all that
time - and while it doesn't look quite new anymore, I've never had
any problems with it, it just works. If you want something that is
really sturdy and lasts from a hardware perspective, I can really
recommend it.

The software perspective isn't quite as rosy: the closedness of
the integrated firmware (which also means that there's a lack of
design review) is a definite problem. As you mentioned you can
only store 3 PGP keys on it, one for each type of function
(Encryption, Authentication and Signing), though that is not
something that's unique to this dongle. It does have some other
features that I've never used, so I can't comment on those.

Speed is reasonable, it takes a couple of seconds (< 5, I didn't
benchmark) to perform a RSA4096 signature, which is perfectly
fine. It tames me longer to enter my (long) passphrase.

When it comes to price I paid around 50€ 2 years ago for it. I
consider that to be very reasonable for a dongle.

If the software were open, I could wholeheartedly recommend it
to everyone - functionality-wise the only criticism I have is
the 3 key (or rather 1 key per function) limit.

Setting up the key was relatively simple, I just looked at a
couple of tutorials online to understand the basics and then the
rest was quite trivial. (I did not follow those tutorials
blindly though, I always tried to understand what they told me
to do first.) The main issue was that I needed to add some udev
rules to older versions of Debian because the dongle wasn't
known to them yet. But that was documented somewhere - and with
Stretch I didn't have to do that anymore.

My setup currently looks like this:

- master private key is _not_ on the dongle, but I have two SD
cards that are LUKS-encrypted (with a different password from
the password of the key) that contain the master private key

(plus I have a backup of it somewhere as well, again encrypted)

Whenever I need to perform an action I do this on a live system
without any configured network connection and with no persistent
state anywhere (except for the SD card with the key, plus a
separate USB stick for data exchange)

I rarely do that though, the only instances where I actually
need this is:

- when I need to sign the key of another person

- when I want to change the expiry date of my keys

- separate subkeys for signing and encryption, those private keys
are on the dongle

Very important: I can revoke these subkeys without compromising
the master key. So should I believe that my subkeys could have
been compromised I can easily just revoke these without loosing
the web of trust.

- dongle configured in such a way that I have to reenter the
password for every signature I make (but I do let it remember
the password for the encryption key for a short while out of

- on the computers I use daily the filesystem doesn't contain any
private keys, but only stubs for the subkeys so that GnuPG
automatically tells me to insert the key

Not saying this is the best possible setup, but I found it to be
a reasonable compromise between security and usability. (Of course,
if someone has any additional suggestions, I'll gladly listen.)

The main caveat I have at the moment is the lack of automation for
the master key management. Especially if Iwant to update the master
key itself (and not just the subkeys or sign a third-party key) I
currently need to manually copy the modified key back to my second
SD card (which I have in case the first one breaks down) somehow,
which is quite tedious.


Programming list archiving by: Enterprise Git Hosting