top | item 46027318 (no title) doublepg23 | 3 months ago Do you have a good guide/video/write up on this?I’ve been putting off remaking my GPG and SSH keys using a Yubikey. discuss order hn newest atrettel|3 months ago This guide [1] mostly follows the practices the previous poster outlined.[1] https://github.com/drduh/YubiKey-Guide johnisgood|3 months ago At https://github.com/drduh/YubiKey-Guide?tab=readme-ov-file#co..., these options are not the most secure one. personal-cipher-preferences CHACHA20 AES256 AES192 personal-digest-preferences BLAKE2B SHA512 SHA384 SHA256 personal-compress-preferences Uncompressed personal-aead-preferences OCB EAX default-preference-list BLAKE2B SHA512 SHA384 SHA256 CHACHA20 AES256 AES192 Uncompressed OCB EAX cert-digest-algo BLAKE2B s2k-digest-algo BLAKE2B s2k-cipher-algo CHACHA20 s2k-count 65011712 charset utf-8 no-comments no-emit-version no-greeting keyid-format 0xlong list-options show-uid-validity verify-options show-uid-validity with-fingerprint require-cross-certification require-secmem no-symkey-cache armor use-agent throw-keyids weak-digest SHA1 RIPEMD160 MD5 disable-cipher-algo 3DES CAST5 IDEA BLOWFISH TWOFISH CAMELLIA128 CAMELLIA192 CAMELLIA256 disable-pubkey-algo RSA1024 trust-model tofu+pgp keyserver hkps://keys.openpgp.org keyserver-options no-honor-keyserver-url keyserver-options include-revoked keyserver-options auto-key-retrieve force-mdc require-compliance compliance de-vs These are the most secure options (correct me if I am wrong). The only drawback you may encounter is that you need GnuPG 2.3+, and some compatibility tradeoffs. load replies (1)
atrettel|3 months ago This guide [1] mostly follows the practices the previous poster outlined.[1] https://github.com/drduh/YubiKey-Guide johnisgood|3 months ago At https://github.com/drduh/YubiKey-Guide?tab=readme-ov-file#co..., these options are not the most secure one. personal-cipher-preferences CHACHA20 AES256 AES192 personal-digest-preferences BLAKE2B SHA512 SHA384 SHA256 personal-compress-preferences Uncompressed personal-aead-preferences OCB EAX default-preference-list BLAKE2B SHA512 SHA384 SHA256 CHACHA20 AES256 AES192 Uncompressed OCB EAX cert-digest-algo BLAKE2B s2k-digest-algo BLAKE2B s2k-cipher-algo CHACHA20 s2k-count 65011712 charset utf-8 no-comments no-emit-version no-greeting keyid-format 0xlong list-options show-uid-validity verify-options show-uid-validity with-fingerprint require-cross-certification require-secmem no-symkey-cache armor use-agent throw-keyids weak-digest SHA1 RIPEMD160 MD5 disable-cipher-algo 3DES CAST5 IDEA BLOWFISH TWOFISH CAMELLIA128 CAMELLIA192 CAMELLIA256 disable-pubkey-algo RSA1024 trust-model tofu+pgp keyserver hkps://keys.openpgp.org keyserver-options no-honor-keyserver-url keyserver-options include-revoked keyserver-options auto-key-retrieve force-mdc require-compliance compliance de-vs These are the most secure options (correct me if I am wrong). The only drawback you may encounter is that you need GnuPG 2.3+, and some compatibility tradeoffs. load replies (1)
johnisgood|3 months ago At https://github.com/drduh/YubiKey-Guide?tab=readme-ov-file#co..., these options are not the most secure one. personal-cipher-preferences CHACHA20 AES256 AES192 personal-digest-preferences BLAKE2B SHA512 SHA384 SHA256 personal-compress-preferences Uncompressed personal-aead-preferences OCB EAX default-preference-list BLAKE2B SHA512 SHA384 SHA256 CHACHA20 AES256 AES192 Uncompressed OCB EAX cert-digest-algo BLAKE2B s2k-digest-algo BLAKE2B s2k-cipher-algo CHACHA20 s2k-count 65011712 charset utf-8 no-comments no-emit-version no-greeting keyid-format 0xlong list-options show-uid-validity verify-options show-uid-validity with-fingerprint require-cross-certification require-secmem no-symkey-cache armor use-agent throw-keyids weak-digest SHA1 RIPEMD160 MD5 disable-cipher-algo 3DES CAST5 IDEA BLOWFISH TWOFISH CAMELLIA128 CAMELLIA192 CAMELLIA256 disable-pubkey-algo RSA1024 trust-model tofu+pgp keyserver hkps://keys.openpgp.org keyserver-options no-honor-keyserver-url keyserver-options include-revoked keyserver-options auto-key-retrieve force-mdc require-compliance compliance de-vs These are the most secure options (correct me if I am wrong). The only drawback you may encounter is that you need GnuPG 2.3+, and some compatibility tradeoffs. load replies (1)
atrettel|3 months ago
[1] https://github.com/drduh/YubiKey-Guide
johnisgood|3 months ago