After 26+ years I've realized that GPG is way-overkill for my threat model and have retired my key. We'll see if it sticks but my new workflow works for me. https://chriswiegman.com/2024/01/goodbye-gpg/
Conversation
Notices
-
Embed this notice
Chris Wiegman (chris@mastodon.chriswiegman.com)'s status on Tuesday, 30-Jan-2024 02:33:27 JST Chris Wiegman
-
Embed this notice
feld (feld@bikeshed.party)'s status on Tuesday, 30-Jan-2024 02:33:46 JST feld
@chris I wish we could retire the existed of GPG In conversation permalink -
Embed this notice
Sexy Moon (moon@shitposter.club)'s status on Tuesday, 30-Jan-2024 02:41:19 JST Sexy Moon
@feld @chris isn't it bad to use the same key for signing and authentication, I really don't know but I heard it somewhere. maybe it's good enough. In conversation permalink -
Embed this notice
feld (feld@bikeshed.party)'s status on Tuesday, 30-Jan-2024 03:01:53 JST feld
@Moon @chris that's what subkeys are for. You can can specify which are for encryption, authentication, and signing In conversation permalink -
Embed this notice
Sexy Moon (moon@shitposter.club)'s status on Tuesday, 30-Jan-2024 03:03:54 JST Sexy Moon
@feld @chris ssh keys don't have em do tehy In conversation permalink -
Embed this notice
feld (feld@bikeshed.party)'s status on Tuesday, 30-Jan-2024 03:43:49 JST feld
@Moon @chris no. Here's my Yubikey smartcard with subkeys for reference
> gpg --card-status
Reader ...........: Yubico YubiKey OTP FIDO CCID
Application ID ...: D2760001240100000006179945930000
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: Yubico
Serial number ....: 17994593
Name of cardholder: Mark Felder
Language prefs ...: [not set]
Salutation .......:
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 0 3
Signature counter : 5
KDF setting ......: off
UIF setting ......: Sign=on Decrypt=on Auth=on
Signature key ....: 6907 429F F0F8 CCEB 8F13 FA77 1B66 8B6A 0911 A5FD
created ....: 2022-01-06 16:40:32
Encryption key....: A4F5 F7DA D885 05D7 C975 E428 CFE9 9D11 F228 49E7
created ....: 2022-01-06 16:40:32
Authentication key: DECC EA63 471B 5651 2AFC 799E C853 40EE 4315 994D
created ....: 2022-01-06 16:40:32
General key info..: pub rsa2048/1B668B6A0911A5FD 2022-01-06 Mark Felder <feld@feld.me>
sec> rsa2048/1B668B6A0911A5FD created: 2022-01-06 expires: never
card-no: 0006 17994593
ssb> rsa2048/C85340EE4315994D created: 2022-01-06 expires: never
card-no: 0006 17994593
ssb> rsa2048/CFE99D11F22849E7 created: 2022-01-06 expires: never
card-no: 0006 17994593In conversation permalink Attachments
-
Embed this notice
feld (feld@bikeshed.party)'s status on Tuesday, 30-Jan-2024 04:10:07 JST feld
@chris only the newest Yubikeys support 4096 IIRC In conversation permalink feld likes this. -
Embed this notice
Chris Wiegman (chris@mastodon.chriswiegman.com)'s status on Tuesday, 30-Jan-2024 04:10:09 JST Chris Wiegman
@feld @Moon@shitposter.club For a really good guide on setting it all up, https://github.com/drduh/YubiKey-Guide is about the best there is.
The only think I notice with yours though, Feld, is it looks like you're using only 2048 instead of 4096
In conversation permalink Attachments
-
Embed this notice