v1.24.0

Yubikey

How to setup Yubikey

Intro

Purchase x2 YubiKeys for redundancy. One key can be used as a backup in case the primary key is lost or damaged. In this example, we will use a YubiKey 5C NFC and YubiKey 5C Nano

Verify

Verify YubiKey by visiting yubico.com/genuine. Select Verify Device to begin the process. Touch the YubiKey when prompted and allow the site to see the make and model of the device when prompted. This device attestation may help mitigate supply chain attacks.

Setup

Install YubiKey Manager and setup PIN/PUK (save them to a password manager)

Applications/FIDO2
  • Change PIN

Applications/PIV
  • Change PIN
  • Change PUK (generate 8 numbers via password manager)
  • Change Management Key (AES256 and protected by pin)

PGP

YubiKey's PGP interface has its own PINs separate from other modules such as PIV

  • Admin PIN (default): 12345678
  • User PIN (default): 123456
gpg --card-edit
admin
passwd
3
1
q