pull down to refresh
752 sats \ 4 replies \ @bataroot 27 Sep 2023 \ on: Hardware Signer for PGP keys? bitcoin
I am using a Nitrokey Pro to store my signing, encryption, and authentication subkeys, they were generated from a master key created on TailsOS and backed up on an encrypted Veracrypt disk stored on a USB key in my safe. (something like this: https://sunknudsen.com/privacy-guides/how-to-generate-and-air-gap-pgp-private-keys-using-gnupg-tails-and-yubikey)
All said and done, it works, but is a pain in the ass :) Honestly, I only use my keys to sign git commits and encrypt files to share with my web of trust network (who also have to be properly set using arcane instructions)
If only there was a better way to generate, backup, recover, and use those keys, in the same way that we manage our BTC wallets. I'll definitely keep an eye on this thread ;)
Thanks a lot. This definitely feels a lot more serious and appropriate for important keys. But yeah, I agree with you, the setup is truly daunting.
Just to confirm: with this, are you able to sign stuff on your mac by having your Yubikey plugged in?
reply
I don't use a Mac but Linux, and yes, I can sign and encrypt/decrypt.
Also, I use Nitrokey instead of Yubikey, but it's the same principle...
reply
reply
Didn't know you could recover keys onto a Nitrokey!
Thanks for sharing
reply