Yubikeys are now supported

Jesse Keating jkeating at redhat.com
Fri Oct 8 22:02:33 UTC 2010

Hash: SHA1

On 10/8/10 2:48 PM, Paul Wouters wrote:
> On Fri, 8 Oct 2010, Nathanael D. Noblet wrote:
>> On 10/07/2010 10:58 PM, Paul Wouters wrote:
>>> One usage of yubikey I would like very much is as storage for the AES
>>> encryption key for disk encryption. I'd prefer the disk crypto key to
>>> not be on the disk at all, protected by just a passphrase. It would be
>>> nice to have it on a yubikey instead.
>> I just ordered a yubikey for this express purpose, we have a product
>> under development that has an encrypted partition that gets decrypted by
>> a key on a USB thumbdrive - not the best... When I saw these I
>> immediately thought I should see about getting them used to unlock
>> encrypted partitions!... I'll keep you informed.
> Note that yubikeys are not (yet) usable for this. You cannot request the
> AES key from it (AFAIK), only an OTP. And the OTP can also not be used to unlock
> an AES key on the harddisk because it is different for each activation.
> Paul

Can't you use one of the slots on newer yubikeys for a static (long)

- -- 
Jesse Keating
Fedora -- Freedom² is a feature!
identi.ca: http://identi.ca/jkeating

Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


More information about the devel mailing list