You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It should be possible to generate native age identities in PIV slots, and use them just like P-256 identities on the decryption side (our identity format points to a specific YubiKey serial and slot, from which we can then determine whether or not the key is P-256 or X25519). On the encryption side, these would just be regular native age recipients (and thus not require a plugin to encrypt to).
The downside is that because native age identities do not include any sort of tag, we would need to assume that any X25519 YubiKey slot could potentially match, which means in multi-key settings the UX is not as great, but that is a trade-off we can probably explain in the setup TUI.
The text was updated successfully, but these errors were encountered:
Would this allow for using existing age (or ssh) keys on the yubikey? I"m searching for a solution that let's me use the yubikey for age encryption/decryption while having a offline (printed out) backup of my key so that I can restore it on a new yubikey in case of I lose it.
YubiKeys with firmware 5.7.0 and above have support for X25519 (thanks smlx/piv-agent#134 for making me aware of this).
It should be possible to generate native age identities in PIV slots, and use them just like P-256 identities on the decryption side (our identity format points to a specific YubiKey serial and slot, from which we can then determine whether or not the key is P-256 or X25519). On the encryption side, these would just be regular native age recipients (and thus not require a plugin to encrypt to).
The downside is that because native age identities do not include any sort of tag, we would need to assume that any X25519 YubiKey slot could potentially match, which means in multi-key settings the UX is not as great, but that is a trade-off we can probably explain in the setup TUI.
The text was updated successfully, but these errors were encountered: