@mcol, I think you were interested in the topic? I'd be glad to exchange view on the subject if you want!

Show thread

@Crocmagnon Yeah just read your post! I really like the idea of yubikeys, even if a big factor is just owning cool devices. I don't fully understand how it works. You gave the example of plugging it into your colleague's computer. Does it not need pre-authorisation to work on it?

@mcol The key is a cryptographic device. It owns the private parts of your keys and they can never leave it. That's also how your credit card works (if it has a chip). With it, you can do anything you could do with a standard key pair. You just can't view the private key.

@mcol And indeed, since we basically use GPG keys with SSH, you'll need a little configuration on any machine you want to use with your key. It's described in the guide I linked: florin.myip.org/blog/easy-mult ("Configure the client system to use the smartcard")

@Crocmagnon Looking at that page it looks more complicated than I had previously thought. Surely any device it is plugged into can read the data stored on it? Or does it act as a its own standalone device (not a storage device) with a standard protocol to talk with clients?

@mcol it doesn’t act like a storage device. When you plug it in, you don’t see a « yubikey » device on which you can drop files. It acts more like a smart card. You can for example use a yubikey to login to you computer. Either as a replacement to your password or as a mandatory second factor.

I don’t know if the protocols they use are standard or proprietary though. I’d say standard but I’m not sure 😊

@Crocmagnon OK, sounds interesting. I'd love it if I can use it for my keepassxc dbus secret service and unlocking my luks hard drive at boot. Perhaps I should look more closely at this...

@mcol Looking forward to hearing from your experience 😉

@Crocmagnon I would be the guy that lost all my keys, 100% guarantee.

@basil haha I thought I’d be that guy too but I attached my daily driver to my keychain so I’m pretty much guaranteed not to forget it anywhere (or I’m in much bigger troubles) 😄

The others are older models that I don’t use daily anymore so I just keep them at home. One of them is registered as a backup key on all of my online services where I set up 2FA with the main key.

Sign in to participate in the conversation

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.