Collaborate Disseminate
I was looking at YubiKeys and noticed that they sell FIPS certified keys alongside non-FIPS certified keys. Both seem to have the same feature sets, but the FIPS certified keys are more expensive. This question’s answer suggests to me that… Continue reading When is FIPS certification important?
My understanding is that an ED25519-sk SSH key generated by OpenSSH generates a private key stub that lives on your host machine. This stub is just a reference to the actual private key that lives on the actual hardware key itself.
My unde… Continue reading Can someone with access to only my Yubikey gain access to my server that has SSH access via an ED25519-sk keypair?
I bought a new Yubikey, and am currently setting it up to use on my desktop PC. Previously the PC was secured with password only, and I’d like to use the Yubikey as an alternative: instead of using the password, I could instead use the Yub… Continue reading Security of using Yubikey to derive Diceware password?
I recently set up two yubikeys based on this guide. I also set it up so gpg-agent is my ssh-agent, so I can use the keys for ssh. For some reason, even without me taking any action after plugging in the key (or rebooting, or coming back fr… Continue reading How to figure out what is requesting access to my yubikey?
I’m having the same issue of this fellow user.
I have a certificate stored in the Windows user personal store and in a YubiKey. When I plug the YubiKey, the Certificate Propagation Service discovers the certificates in the PIV applet and a… Continue reading Windows Certificate Propagation Service configuration
I’ve heard that hardware keys like Yubikey are phishing resistant. But I do not understand where a phished man-in-the-middle attack, which tries to "forward" the whole communication, fails in that scenario.
I’m imagining the atta… Continue reading How are hardware keys phishing resistant to man-in-the-middle attacks?
I’ve heard that hardware keys like Yubikey are phishing resistant. But I do not understand where a phished man-in-the-middle attack, which tries to "forward" the whole communication, fails in that scenario.
I’m imagining the atta… Continue reading How are hardware keys phishing resistant to man-in-the-middle attacks?
I did a lot of research on how to securely create, use and backup android signing keys (when using Google Play Signing is not an option). The best option seams to be a Yubikey or a Nitrokey HSM 2 and use their pkcs11 capability [0].
Backin… Continue reading How to create, use and backup android signing keys without trusting the computer?
I am doing remote devevelop on a remote dev machine. From the remote machine, I need to SSH to other servers and services like the Github. Everything is on the Internet. My desktop is much more secure than the remote dev machine and so I d… Continue reading Securely SSH a server from an intermediary remote machine (possibly with Yubikey)
I was wondering if it’s possible to only store and read a ssh private key on a yubikey and not read the private key the yubikey generated from a client computer?
Currently the only way it seems to work is that I store the private key on cl… Continue reading Reading SSH private key physically stored on yubikey to remote into external PC