• tux7350@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    8 个月前

    You use a GPG key that you then add to the yubikey. The keys can only be written or deleted off the yubikey, you can’t read the secret once written. Then you can use the GPG key to either encrypt a file or sign it. Check out Pretty Good Privacy and the GnuPrivacy Guard software for more information on how that works.

    I use my yubikey to encrypt files, sign my work in Git, as well as the usual password authenticator stuff. You can still use FIDO, U2F and OTP codes while using the GPG too.

    Check out this awesome guide on how to setup an airgapped computer to generate the GPG key. https://github.com/drduh/YubiKey-Guide