OpenPGP is an open standard for signing and encrypting. It enables RSA or ECC sign/encrypt operations using a private key stored on a smartcard (such as YubiKeys), through common interfaces like PKCS#11.
Note |
|
Advantages
PGP has the following advantages:
De facto standard in the Gnu/Linux world and for e-mail encryption.
Flexible. PGP is a crypto toolbox that can be used to perform all common operations.
Usage
The OpenPGP functionality of YubiKeys is typically used through GnuPG so we refer to its documentation for the full reference.
On macOS, GnuPG might not work in conjunction with other software, like OpenSC for example. GPGTools is the recommended alternative.
The default PIN set is ‘123456’ and the default admin PIN is ‘12345678’, these should be changed, see Card edit.
Software with OpenPGP Card support
- See AlsoDevice setup
Thunderbird/Icedove
Android (using NFC)
K-9 Mail
Conversations
Password Store
PGPAuth
Configure the PGP features of a YubiKey
YubiKeys can be configured and used with any application with support for OpenPGP Card:
YubiKey firmware
The OpenPGP support in the YubiKey NEO is provided by the open source ykneo-openpgp applet.
Important | SecurityAdvisory 2015-04-14 |