Implement importing private keys to the YubiKey #3
Conversation
This comes in two varieties:
1. Randomly generating a new key on the computer and then importing it.
This option prints the newly generated key to stderr in hex form.
2. Accepting a hex input from the user.
The use case I have for those is as follows: I'd like to be able to
generate a private key in a secure environment[1] such that I can both
create a secure backup of it[2] and import it to my YubiKey for day to
day operations, so that if my YubiKey is lost or destroyed[3] I can buy
a new one and keep using my private key or even, in an emergency
scenario, use the private key (again, in a secure environment) to
decrypt some data in software directly if needed.
I hope the warnings mentioning risks associated with importing keys are
appropriate, I'd like the potential users of this to understand them.
This has been tested with YubiKey 4.
[1] Ideally trusted hardware, air-gapped, booted from a live CD etc.
[2] Encrypted using a strong passphrase, stored in a safe place
[3] Granted, if the YubiKey is actually *lost* a key rotation is
probably a good idea anyway.
|
Any updates on this? I'm hesitant to use this software if I can't backup my keys somehow. I'd like to make sure there is a way to access my secrets in the event that I loose or destroy my yubikey. Is there any form of backup for the identity? Or can I copy it to a second yubi? |
|
I don't think this is a good idea. I have 3 yubikeys, each with it's own key and all my secrets are encrypted with 2 or all 3 recipients I have one stored in a vault (like you would for your gpg recovery key) and the other two for backup. I think this is better approach as the key never leaves the yubikeys |
|
Yubikeys aren't cheap, I know, but I think that if we start exporting keys into and out of the Yubikeys we defeat all the good work done by Age/Rage/age-yubikey-plugin |
Not sure I agree, that might be personal preference. For my GPG keys (which I use on the yubikey aswell) I have generated them on a air-gapped machine from a live CD and saved them in plain old paper form among other backups securely. I don't thing having a backup of your key in non-yubikey form is a bad idea if done correctly. |
|
I'm also very interested in this feature. Is there a particular reason for this PR to not get merged? |
This comes in two varieties:
This option prints the newly generated key to stderr in hex form.
The use case I have for those is as follows: I'd like to be able to
generate a private key in a secure environment[1] such that I can both
create a secure backup of it[2] and import it to my YubiKey for day to
day operations, so that if my YubiKey is lost or destroyed[3] I can buy
a new one and keep using my private key or even, in an emergency
scenario, use the private key (again, in a secure environment) to
decrypt some data in software directly if needed.
I hope the warnings mentioning risks associated with importing keys are
appropriate, I'd like the potential users of this to understand them.
This has been tested with YubiKey 4.
[1] Ideally trusted hardware, air-gapped, booted from a live CD etc.
[2] Encrypted using a strong passphrase, stored in a safe place
[3] Granted, if the YubiKey is actually lost a key rotation is
probably a good idea anyway.