SSH authentication with GPG failing with a new Yubikey with the same gpg keys as the old one

I have a MacBook M1 on which I have been using a Yubikey 5 to authenticate SSH logins to various systems. I recently got a Yubikey 5C so I wouldn’t have to use adapters. I moved my keys over to it using the backup I created when I set up m… Continue reading SSH authentication with GPG failing with a new Yubikey with the same gpg keys as the old one

Is there a way to store a verification-hash of a secret on a ‘consumer HSM’ like Yubikey or another WebAuthn device?

Context: I’m trying to design an SRS solution for your personal secrets – "Anki for passwords." (This is mostly a learning-exercise, to help me develop my intuition for writing secure(-ish?) code, and to explore the problem-spac… Continue reading Is there a way to store a verification-hash of a secret on a ‘consumer HSM’ like Yubikey or another WebAuthn device?

When hardening my SSH key, why would I use yubikey-agent instead of the built-in `-sk` key type native to OpenSSH?

OpenSSH 8.2 added -sk key types that allow for FIDO/U2F hardware authenticators (like a YubiKey, etc.)
yubikey-agent allows for the same functionality, except it (a) requires an additional client on top of OpenSSH, and (b) is scoped to onl… Continue reading When hardening my SSH key, why would I use yubikey-agent instead of the built-in `-sk` key type native to OpenSSH?

How do I hide OpenPGP key fingerprints from smartcard info (specifically YubiKey)?

My YubiKey stores my OpenPGP subkeys for signing, encryption and authentication with SSH, emails, code signing, etc. However, it also implements WebAuthn (not all sites enforce PIN checks), PIV and TOTP.
Anyone with the device can simply p… Continue reading How do I hide OpenPGP key fingerprints from smartcard info (specifically YubiKey)?