You can use models older than Yubikey 4 with gpg, too. The table https://www.yubico.com/products/yubikey-hardware/ has an "OpenPGP" row to indicate whether the key acts as a PGP smartcard; I'd imagine that with the Internet Archive's Wayback Machine you could bring up a table like that also for older models.
I like to use the Yubikey NEO, which is NFC-capable, and works with "Password Manager" app on Android (a `pass` implementation); that way I can conveniently access and sync passwords from my phone with my PC `pass` ones. It works reliably. On Android, I tap the password I want to see; then I get queried for the Yubikey PIN, and have to hold the Yubikey next to the phone. On the PC, I get the standard gpg-agent popup to enter the PIN. That also automatically falls back to an ncurses terminal interface if I'm ssh'd in. The Yubikey Neo doesn't have tap-to-allow-PGP as the Yubikey 4 has; instead it stays "unlocked" for a given amount of time. While this is convenient for batch GPG operations, I also like to pull out the Yubikey whenever I'm done with pass, to make sure it is only physically accessible when I need it. In summary, using the Yubikey with pass is surprisingly easy, on both PC (I mean Linux) and Android. Depending on your Linux distribution, you may have to spend a bit of time to get gpg to work with the Yubikey; but once gpg works with it, pass will work automatically. On Android it worked out of the box for me. In all cases, the nice thing about it is that your private key never leaves the Yubikey (which is the promise of PGP smartcards in general). Hope this helps. On 08/01/17 19:39, Oliver Albertini wrote: > I have a yubikey 4, so this write-up should definitely get me started. _______________________________________________ Password-Store mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/password-store
