Questions tagged [yubikey]
YubiKey is a security key device manufactured by Yubico that supports one-time passwords, public key encryption, and U2F protocol.
54 questions
0
votes
0
answers
83
views
can the persistent storage on tails-os be configured to use yubikey to unlock?
I use tails-os with persistent storage to keep sensitive data secure but relatively easy to access on an airgapped laptop.
I might be pissing up a rope here, but I wonder if it might be possible to ...
- 41
1
vote
0
answers
189
views
No such device with Yubikey GnuPG
I have a yubikey 5 NFC with GPG keys configured that I use for encryption and signing. Usually, this works fine, but sometimes gpg will tell me that no card is connected; if I unplug and replug the ...
- 151
0
votes
1
answer
98
views
Elexlinco NC004 card reader & FIDO2 problem with Yubikey 5C NFC
NFC Smart card reader & Yubikey works fine for OTP usage, example with challenge-response auth for KeppassXC.
Problem with FIDO2, example for Google login.
I've tried in Windows and all works well ...
- 109
2
votes
1
answer
240
views
How to encrypt a file with Yubikey with openssl
I try to encrypt a file with my Yubkey and openssl on linux. My YubiKey is a
idProduct 0x0407 Yubikey 4/5 OTP+U2F+CCID
bcdDevice 5.24
First I extract my Public key from my ...
- 123
1
vote
1
answer
61
views
why won't pass allow entries to be added or edited?
I have been using pass (cli pw manager) for a couple of years now, and I just started using yubikeys.
I have (2) YKs which I configured as duplicates of each other, transferring the same gpg subkeys (...
- 41
0
votes
1
answer
106
views
Why am I seeing output on `gpg --export-secret-key` when my secrets are on my smartcard?
I have a Yubikey with my GPG private keys on it, and public keys in my gpg keyring. I made sure that private keys are not present on my system by running gpg --export-secret-key -a <key id> ...
- 679
0
votes
1
answer
307
views
Can a FIDO2 Security Token be removed after unlocking a LUKS volume at boot?
A FIDO2 security token should be used for decrypting all disks in a linux machine at boot. systemd allows this since version 248.
Can the FIDO2 Security Token be removed after boot when using LUKS for ...
- 241
8
votes
0
answers
8k
views
How to setup passkey authentication in Linux?
I have setup the PAM module pam_u2f.so for FIDO2 as the primary authentication method on my LMDE 5 (based on Debian 11) machine.
Is there a way to integrate passkey support with this PAM module or ...
- 286
0
votes
1
answer
221
views
Yubikey security key for file based container
Does anyone have a solution for using the Yubikey Security Key as a second factor for file-based crypto containers like VeraCrypt or something else? I know the Security Key doesn't allow PGP, but now ...
1
vote
2
answers
4k
views
FIDO2 (YubiKey) to unlock LUKS from command line
Following the example of how to add a FIDO2 key from a YubiKey, but I can't figure out how to use the YubiKey to unlock it form the command line. The instructions talk about unlocking at boot--but ...
- 673
2
votes
2
answers
1k
views
Is there a tool that can perform direct RSA decryption with a Yubikey?
The use case I'm looking for is that I walk up to a headless server and "unlock" it using a hardware key, where scripts on the server recognize that I've plugged it in and automatically use ...
- 953
1
vote
0
answers
65
views
Yubikey PIV not working without OTP
I just started using a Yubikey to do SSH logins by following this guide.
It works fine - but only as long as the Yubikey is able to do OTP. After a few accidental touches on the key spewing a random ...
- 1,020
1
vote
0
answers
387
views
GPG fails to decrypt file with Yubikey private key: No secret key
I'm trying to decrypt a file using GPG. The private key is stored on my Yubikey, but I get the following message from GPG:
shell> gpg --output test-temp --decrypt git-token.gpg
gpg: encrypted with ...
- 11
1
vote
0
answers
169
views
yubikey-agent not running on login
According to man configuration.nix, enabling services.yubikey-agent should start yubikey-agent on login:
services.yubikey-agent.enable
Whether to start yubikey-agent when you log in. Also sets ...
- 1,709
0
votes
1
answer
2k
views
GPG is missing secret key that is expected to be on an OpenPGP card (YubiKey 5)
Hoping the answer https://unix.stackexchange.com/a/613772/320598 will help, I found out that it did not After asking this question, I found a very similar question at https://stackoverflow.com/q/...
- 1,771