Yubikeys are now supported
Jesse Keating
jkeating at redhat.com
Fri Oct 8 22:02:33 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/8/10 2:48 PM, Paul Wouters wrote:
> On Fri, 8 Oct 2010, Nathanael D. Noblet wrote:
>
>> On 10/07/2010 10:58 PM, Paul Wouters wrote:
>>> One usage of yubikey I would like very much is as storage for the AES
>>> encryption key for disk encryption. I'd prefer the disk crypto key to
>>> not be on the disk at all, protected by just a passphrase. It would be
>>> nice to have it on a yubikey instead.
>>
>> I just ordered a yubikey for this express purpose, we have a product
>> under development that has an encrypted partition that gets decrypted by
>> a key on a USB thumbdrive - not the best... When I saw these I
>> immediately thought I should see about getting them used to unlock
>> encrypted partitions!... I'll keep you informed.
>
> Note that yubikeys are not (yet) usable for this. You cannot request the
> AES key from it (AFAIK), only an OTP. And the OTP can also not be used to unlock
> an AES key on the harddisk because it is different for each activation.
>
> Paul
Can't you use one of the slots on newer yubikeys for a static (long)
passphrase?
- --
Jesse Keating
Fedora -- Freedom² is a feature!
identi.ca: http://identi.ca/jkeating
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkyvlPcACgkQ4v2HLvE71NUU6QCfVhnyXcanEfFYtfezMSMP/Vp1
Xd8AnjTo9+aJRsY3v+Sb5UmJ3LgY1lDl
=HbZS
-----END PGP SIGNATURE-----
More information about the devel
mailing list