Closed mainrs closed 3 months ago
The age-plugin-yubikey that provides support for yubikeys to the age encryption utility uses completely different keys, which are stored in your PIV slots. These are distinct from your OpenPGP slots and don't interfere with each other. You will essentially create a new private/public key pair just for age. In theory it would be possible to use gpg
to store the secrets in the repository and use age
just on the hosts, but that isn't what this library does. We use age encrypted secrets everywhere.
If you want to use your yubikey to store your secrets in your repository, then this project will be able to provide that by using an age identity on your yubikey. If you actually want to use your PGP identity then I fear this isn't possible with this project.
he age-plugin-yubikey that provides support for yubikeys to the age encryption utility uses completely different keys, which are stored in your PIV slots.
I see, thank you! I was trying to make sense of all of this and figuring out how it ties together with the Yubikey PGP slot. So basically I have to generate one pub/priv key pair and put it into the PIV slot. And said key pair will be used by age
. It that right?
Sorry to bother you. I am confused on how to use this. I have a YubiKey with my PGP identity on it. I also use the PGP identity for SSH login. So I basically have a single private/public keypair.
I wanted to encrypt Wireguard credentials for one of my hosts to store them securely in my repository. The rekeying seemed nice, since I rotate the credentials every month.
It this setup even possible with this library? I remember reading somewhere that YubiKeys are not always supported. I followed this guide for the PGP identity. You basically create a certify key that you use to issue subkeys for authentication, encryption and signing.