yubikey
YubiKey hardware security key management.
Guide: https://github.com/drduh/YubiKey-Guide
OpenPGP: https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP
--- Setup ---
To install required packages (Debian/Ubuntu):
sudo apt -y install \
wget gnupg2 gnupg-agent dirmngr \
cryptsetup scdaemon pcscd \
yubikey-personalization yubikey-manager
--- Card Status & Info ---
To show YubiKey card status:
To edit card settings (PINs, name, URL)
Inside card-edit: enter admin mode
Inside card-edit: change PINs
To check YubiKey firmware and serial number
--- GPG Key Management ---
To move a GPG key to the YubiKey card:
gpg --expert --edit-key <key-id>
keytocard
To list GPG keys
gpg --list-keys
gpg --list-secret-keys
To import a GPG public key
gpg --import <keyfile.gpg>
--- FIDO2 / SSH ---
To list FIDO2 credentials stored on the key:
ykman fido credentials list
To generate a resident SSH key backed by the YubiKey
ssh-keygen -t ed25519-sk -O resident -O verify-required
To load resident SSH keys from the YubiKey
--- OTP ---
To list OTP slots:
To program a static password in slot 2
ykman otp static --generate 2
--- PIV ---
To list PIV certificates:
ykman piv certificates list
--- Lock & Reset ---
To lock the YubiKey OTP applet:
To factory reset all applets