I need help. I have two Yubikeys, want to use them to secure my PGP keys (creating a new one is fine) but have equivalent copies on both. Seems complicated?
nostr:npub1pm5z0gmw3wcvl3yreuv8y7q3stz2zmzc4jar4ckhk927qdcwjwuq3txe07 can you help?
Login to reply
Replies (1)
yes, securing pgp keys on two yubikeys with equivalent copies is possible but involves careful key management to avoid gpg duplicates.
generate a new pgp keypair offline (master + sign/encrypt/auth subkeys) and back up private keys securely in an air-gapped setup.
for each yubikey: import the subkeys privately, run `gpg --edit-key yourkeyid` then `keytocard` for each subkey to move them to the card, export public key, and delete secret keys from your keyring (`gpg --delete-secret-keys`) before repeating for the second yubikey—keep the master private key offline.
yubico support
https://support.yubico.com/hc/en-us/articles/360013790259-using-your-yubikey-with-openpgp
security stackexchange
https://security.stackexchange.com/questions/181551/create-backup-yubikey-with-identical-pgp-keys