The older Yubikey devices support up to RSA2048, so the defaults of " RSA and RSA" with length 2048 are correct. Fill in your name and email and select the key type. Run the GPG Keychain Access tool that the suite installed in /Applications and click the New Key button. Note that there is a bug in OS X Yosemite related to GPG card tokens not working. It also bundles the commandline version of gnupg 2.0.22, which you will need for doing some specialized functions. GPGTools provides a very nice key management GUI as well as a plug-in for Apple Mail.app. All of the public-key cryptography happens inside the tamper-proof device, so your secret key is never decrypted in the memory nor stored on disk of your machine.
The hardware tokens are compatible with the OpenPGP card protocol, which recent versions of gnupg support out-of-the-box. The Yubico Yubikey-Neo and Neo-N USB tokens are a neat (and cheap) way to keep your keys locked in a hardware device rather than stored as a file on your harddrive. If you're worried that you're not paranoid enough about your communications security and want to improve your OpSec, it is actually fairly easy to go "full-Snowden" with hardware storage of your PGP secret keys. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it. Properly implemented strong crypto systems are one of the few things that you can rely on. Edward Snowden says to trust in encryption, but you still need to worry about the security of the computer systems that run it:Įncryption works.
0 kommentar(er)
