I'd love to recommend everyone use the newer elliptic curves available in GPG as they're powered by Libsodium and rapidly becoming a new industry standard. Configuring gpg-agent to act as ssh-agent for remote access.Automatic signing of Git commits with the GPG key.Publication of keys to Keybase and other directories.4096-bit sub-keys for encryption, signing, and authentication.A revocation certificate that will also be kept offline.A 4096-bit master key that will be kept offline.You can also use a Yubikey Neo, but this will only work with 2048-bit keys.
The goal of this walkthrough is to help you configure your GPG identity and port your keys to a secure hardware token - I recommend a Yubkey 4 (as it supports 4096-bit RSA keys). To that end, a version of this article appeared in the March 2018 issue of php, and I have an even longer version I distribute in person to developers. It's a strong way to protect our identities within the various tools we use, and one I recommend for just about any development team. A separate authentication key manages SSH access. A signing key manages email and Git commit signing. A specific encryption key manages email encryption and access to git-crypt-protected credentials. This is the same workflow I use with my team to enforce various cryptographic controls with our projects.
I can use them on multiple devices) while preventing my keys from leaking if anyone accesses my machine without my permission.
Retroshare yubikey portable#
This allows me to keep my keys somewhat portable (i.e. Rather than use GPG and SSH keys housed on individual machines, I embed my GPG private keys on Yubikeys by default.
0 kommentar(er)
