undefined | Better HN

0 pointsvladvasiliu2y ago0 comments

But that means you have to go out of state to enroll the keys you have in storage there. Not exactly practical.

Although I think that for the general (ie not ultra-critical) U2F use-case, not having all the keys enrolled is acceptable, if you're able to log back in without them, say by using codes stored encrypted with the GPG keys of all the others.

0 comments

sneak2y ago

Oh, only the computer (and keychain) keys are used for U2F. There is one 24/7 resident in each computer (the C Nano variant) and an extra on my keyring. Each of these also has a PGP key.

The 4 in the vaults are only used for PGP.

I have a script that will PGP encrypt a file to all 10 of the Yubikeys. I keep track of all of the fingerprints and pubkeys in spreadsheet.

j / k navigate · click thread line to collapse

0 comments

sneak2y ago

Oh, only the computer (and keychain) keys are used for U2F. There is one 24/7 resident in each computer (the C Nano variant) and an extra on my keyring. Each of these also has a PGP key.

The 4 in the vaults are only used for PGP.

I have a script that will PGP encrypt a file to all 10 of the Yubikeys. I keep track of all of the fingerprints and pubkeys in spreadsheet.

j / k navigate · click thread line to collapse