752 sats \ 4 replies \ @bataroot 27 Sep 2023 \ on: Hardware Signer for PGP keys? bitcoin
I am using a Nitrokey Pro to store my signing, encryption, and authentication subkeys, they were generated from a master key created on TailsOS and backed up on an encrypted Veracrypt disk stored on a USB key in my safe. (something like this: https://sunknudsen.com/privacy-guides/how-to-generate-and-air-gap-pgp-private-keys-using-gnupg-tails-and-yubikey)
All said and done, it works, but is a pain in the ass :) Honestly, I only use my keys to sign git commits and encrypt files to share with my web of trust network (who also have to be properly set using arcane instructions)
If only there was a better way to generate, backup, recover, and use those keys, in the same way that we manage our BTC wallets. I'll definitely keep an eye on this thread ;)
write
preview
5 sats \ 1 reply \ @pillar OP 27 Sep 2023
Thanks a lot. This definitely feels a lot more serious and appropriate for important keys. But yeah, I agree with you, the setup is truly daunting.
Just to confirm: with this, are you able to sign stuff on your mac by having your Yubikey plugged in?
reply
0 sats \ 0 replies \ @bataroot 27 Sep 2023
I don't use a Mac but Linux, and yes, I can sign and encrypt/decrypt. Also, I use Nitrokey instead of Yubikey, but it's the same principle...
reply
0 sats \ 0 replies \ @davidw 20 Jan
Thanks for sharing this. Epic efforts for the setup. Might just check-out the Nitrokey
reply
0 sats \ 0 replies \ @03365d6a53 27 Sep 2023
Didn't know you could recover keys onto a Nitrokey!
Thanks for sharing
reply