
Yubico with new 4096-bit keys and gpg-agent for ssh authentication - kn9
https://trmm.net/Yubikey
======
deno
Nitrokey[1] is about the same price as Yubico but has _open source firmware &
hardware_. You might also know them as CryptoStick[2].

[1] [https://www.nitrokey.com/](https://www.nitrokey.com/)

[2] [https://blog.mozilla.org/security/2013/02/13/using-
cryptosti...](https://blog.mozilla.org/security/2013/02/13/using-cryptostick-
as-an-hsm/)

~~~
peterhadlaw
This looks really neat. Anyone also use these? Thoughts? I might get myself
one.

Edit: Also, does this have gpg-agent / ssh support?

~~~
bruo
I tried the pro model but went back to the FST-01 as it was too slow for RSA
4096 and doesn't support curve25519 for sign/auth.

But, yes, it does work with gpg-agent with ssh support.

------
chx
May I offer my article on an excellent password manager complementing the
Yubico devices well? [https://drupalwatchdog.com/blog/2015/6/yubikey-neo-and-
bette...](https://drupalwatchdog.com/blog/2015/6/yubikey-neo-and-better-
password-manager-pass)

------
gruturo
Is there any way to store an ssh _server_ key in it, or an https server's key?
Basically turning this into a mini-HSM ?

~~~
justinjlynn
Yubico have a product specifically for that use case:
[https://www.yubico.com/products/yubihsm/](https://www.yubico.com/products/yubihsm/)

~~~
justinjlynn
My mistake, it doesn't appear to support that functionality. I'll have to look
into it further.

~~~
gruturo
There is also the non-insignificant issue of the $500 price tag. Wouldn't bat
an eyelid if this was for professional/corporate use, but $500 out of my own
pocket for my personal home server is a bit steep.

------
spilk
Just so it's clear, the previous Yubikey NEO also supports gpg-agent for SSH
authentication, not just the new Yubikey 4. I've been using one for months. It
presents a standard smarcard CCID interface and runs an OpenPGP applet.

The source to the actual Javacard applet that implements is available on
Github: [https://github.com/Yubico/ykneo-
openpgp](https://github.com/Yubico/ykneo-openpgp)

------
dbalan
Buy the one with smaller form factor. the device bends with very nominal
pressure and if you are someone as me who works mostly on one device and need
to move around a lot with it - unplugging and replugging the key is very
cumbersome. You can leave the nano one in port and forget it until you need it
in another device. My two cents from using a neo to store production ssh keys.

------
late2part
In the article it's written that the yubikey is tamper proof.

This is not the case. They report their product as tamper evident but not
tamper proof.

------
exabrial
Offtopic question:

Is there any FDE software that supports keeping decryption keys on a network
server? You would still need to enter user authentication to obtain the
decryption key of course.

Use case: We are a HIPAA environment, I want a hard drive to be useless if it
is removed from the building.

~~~
late2part
I recently solved this problem using StrongAuth. We used SED disks instead of
FDE software.

[http://keyappliance.strongauth.com/](http://keyappliance.strongauth.com/)

------
tetraodonpuffer
for folks interested in more on yubikeys and gpg I also would suggest these
two blog posts

[http://viccuad.me/blog/secure-yourself-part-1-airgapped-
comp...](http://viccuad.me/blog/secure-yourself-part-1-airgapped-computer-and-
GPG-smartcards/)

[http://blog.josefsson.org/2014/06/23/offline-gnupg-master-
ke...](http://blog.josefsson.org/2014/06/23/offline-gnupg-master-key-and-
subkeys-on-yubikey-neo-smartcard/)

------
sofaofthedamned
Are the github keys they sold cheaply compatible with 4096 bit keys? I'm
loathe to buy another, considering i've got 3 already...

~~~
speedkills
I picked up two of the github keys. Never did get them working under OS X.
Plug them in and nothing, not recognized by any of their tools, no new
keyboard recognized prompt, nothing. Anyone else have trouble with them on OS
X?

~~~
arnarbi
Does it light up when you try logging in or registering it with
Github/Dropbox/Google in Chrome?

------
beezle
Looked at these last year but opted for smartcard and secure pinpad reader
instead.

~~~
grhmc
Can you provide links to what you chose instead?

~~~
mike-cardwell
I dunno about him, but I do something similar on one of my machines. I use an
SCM SPR-532 USB reader with pinpad and an OpenPGP v2 smart card. More info and
pictures here -
[https://grepular.com/Smart_Cards_and_SSH_Authentication](https://grepular.com/Smart_Cards_and_SSH_Authentication)

~~~
gh02t
Where did you get the PGP card? Did you donate to become a fellow?

I've been thinking about it, but it's a bit confusing figuring out what cards
are compatible and donating to the foundation is nice but a bit expensive.

~~~
mike-cardwell
I got it from kernelconcepts as tokenizerrr said. They seem to have a newer
version of the card now which does 4096, so I might have to buy another. Mine
only does 2048

------
wtbob
I'm surprised that more folks haven't just gone to 8,192-bit keys, out of an
abundance of caution.

~~~
mike-cardwell
4,096 is already an abundance of caution. You might as well say people should
go to 32,768 just to be sure. Then somebody else would come along and say,
"why not 65,536?"

~~~
justinjlynn
Indeed. Mostly, it's just a question of whether or not the software will
support a key of such size. Typically, I would recommend that, unless you've a
good reason to use a smaller key (like support concerns), one should use the
biggest key one possibly can use at the time the key is generated. Though, if
one is doing key rotation as one should be, one can always adjust up as needed
as time goes on.

~~~
garrettr_
Not really, especially in the context of RSA keys, because:

1\. RSA is a slow algorithm and gets slower as you increase the key size.

2\. Increasing the key size gets diminishing returns on the security margin.
Given the performance and compatibility issues, the relatively minor
improvement in security once you go beyond a certain key size is not worth it
(you should switch to a better algorithm instead).

3\. Anything over 4096 (possibly anything over 3072) is overkill anyway - if
you could break a 4096-bit RSA key, you've probably found a fundamental
weakness in RSA that means you should move to a different algorithm entirely.

~~~
justinjlynn
all valid points.

------
exabrial
Does Yubico support ECDSA?

~~~
spilk
I think it supports ECC keys in the PIV applet, but not in the OpenPGP applet.

------
grhmc
> Encrypting by default is a good idea.

I suspect the author intended to say Signing by default is a good idea.

