Thanks Brian, I have a yubikey 4, so this write-up should definitely get me started.
On Jan 07,2017 09:44, Brian Candler wrote: > On 06/01/2017 22:13, Oliver Albertini wrote: > > Forgive me if this is is the wrong place to ask, or if it has already been > > addressed. Also, thanks to the developers of pass, it is a really useful > > program. > > > > What is the best practice for using a yubikey to authenticate gpg in the > > context of pass? > > Which kind of Yubikey do you have? > > I have a Yubikey standard (no longer available). It does OTP in the first > slot. I could use the second slot to store my GPG passphrase as a static > string - but I don't, since I know it :-) Since it just types in the static > string, it would be vulnerable to keyloggers. > > A Yubikey U2F isn't usable for this application as far as I can see. It's > intended for 2FA to web apps. > > A Yubikey 4 or Yubikey Neo has the ability to store your GPG private key, > and decrypt messages inside the key. That would be the strongest solution I > think, but I've not tried it yet. There's a nice writeup here: > > https://malcolmsparks.com/posts/yubikey-gpg.html > > It sounds like the PIN is cached, which is useful for bulk operations like > "pass grep" which has to decrypt all the files in your repo. > > HTH, > > Brian. -- Oliver Albertini _______________________________________________ Password-Store mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/password-store
