This is a cheatsheet for some of the most important (to me) gpg commands. Also some notes on the various YubiKey auth possibilities and standards.
Tools
https://developers.yubico.com/Software_Projects/YubiKey_Device_Configuration/
- Yubikey Manager (ykman)
- Yubikey CLI (ykpersonalize)
- Yubico PIV tool (yubico-piv)
Guides
https://github.com/drduh/YubiKey-Guide
List connected YubiKeys
ykman listListing the keys on the smartcard
gpg --card-editEncryption (asymmetric)
Encrypt
gpg --output doc.gpg --encrypt --recipient stefan.weisser@googlemail.com doc.txtDecrypt
gpg --output doc.txt2 --decrypt doc.gpgEncryption (symmetric)
Encrypt
gpg --output doc.gpg --symmetric doc.txtDecrypt
gpg --output doc.txt2 --decrypt doc.gpgYubiHSM2
Hardware module.
YubiHSM Auth
YubiHSM Auth is a command-line tool for the YubiKey HSM Auth application. This is used for storing the authentication keys of a YubiHSM in a YubiKey.
PKCS#11
OATH
HOTP TOTP
OTP
Requires YubiCloud to verify
PIV
PIV, or FIPS 201, is a US government standard. It enables RSA or ECC sign/encrypt operations using a private key stored on a smartcard (such as the YubiKey), through common interfaces like PKCS#11.
YubiKey 4 and 5 have 24 slots for storing certificates.
PIV slots explained:
https://developers.yubico.com/PIV/Introduction/Certificate_slots.html
YubiKey and OpenPGP
Default User PIN and Admin PIN for OpenPGP: 123456 and 12345678