zhenech
The year is 2026 and using GnuPG for storing an SSH key on a Yubikey still has the best UX?! What have we done wrong?!
Jan 31 at 4:21pmWeb
Show threadStefan EissingFeb 1

@zhenech @jpmens There is a Black UX Curse on everything tied to encryption.

Let‘s Encrypt is the exception to this. SSH took second place, followed by…nothing, basically.

Just look at the passkeys desaster…🤷🏻‍♂️

Show threadAntonis CharitonFeb 2
@zhenech I still vote for https://github.com/FiloSottile/yubikey-agent
GitHub - FiloSottile/yubikey-agent: yubikey-agent is a seamless ssh-agent for YubiKeys.

yubikey-agent is a seamless ssh-agent for YubiKeys. - FiloSottile/yubikey-agent

GitHub
Show threadzhenechFeb 2

@antonis The one not packaged in Fedora and not working with newer Yubikeys out of the box¹?

¹: https://github.com/FiloSottile/yubikey-agent/issues/153

Setup fails with changed defaults in recent Yubikeys · Issue #153 · FiloSottile/yubikey-agent

More recent Yubikey firmwares seem to default to AES instead of 3DES for the PIV management key, which causes the key generation to fail with a nondescript error message ‼️ The default Management K...

GitHub
Show threadGötz SalzmannFeb 7
@zhenech wrong! Only if you want to store an RSA key. Give Fido keys a try: https://developers.yubico.com/SSH/Securing_SSH_with_FIDO2.html
Securing SSH with FIDO2

Show threadzhenechFeb 7
@gtz42 Where did I say it's the only option?
Show threadGötz SalzmannFeb 7
@zhenech you did not. All I was trying to say / saying is that Fido2 keys have better UX than GnuPG card. (But they don‘t work with RSA)
Show threadzhenechFeb 7
@gtz42 They don't.