Skip to content

Email Encryption with the Yubikey 4 / NEO on Linux (Ubuntu/Mint/...)

Email Signing and Encryption with the Yubikey 4 / NEO on Linux (Ubuntu/Mint/...) / Android

After this tutorial, you should have a working Yubikey that can be used to sign and encrypt across multiple devices. This tutorial assumes you already have a working keypair that you want to transfer to the Yubikey. If you don't have a keypair, look at one of the excellent tutorials on the web on how to generate it. Note that this post is a modified / restructured version of this tutorial.

Before you are getting shocked by the length of this article: note that this lengthy procedure has to be done only once. Using your Yubikey on a new device works within seconds.

Alongside the Linux terminal (gpg) you can now use our Yubikey and keypair with a variety of email clients which support PGP, e.g. Thunderbird + the Enigmail add-on, and K9-mail with OpenKeychain for Android (Yubikey NEO + NFC-capable phone).

Quick tip in order to use your Yubikey on another system:

  1. Ensure that the system has smartcard functionality (i.e. for another Linux device, install the appropriate packages as listed in this guide).
  2. Loaded the public key on to the system on which you intend to use the Yubikey. This can be accomplished by using the fetch command in the gpg2 --card-edit prompt or simply importing your pubkey.
  3. Mark your key as ultimately trusted (see end of this post)
"Email Encryption with the Yubikey 4 / NEO on Linux (Ubuntu/Mint/...)" vollständig lesen

U2F for Linux Authentication (Ubuntu/Mint/...)

Two-factor (U2F) login

Warning: Be aware that if you mess things up, or don’t have your U2F stick handy after you finish configuring U2F on your workstation you’ll be locked out! If you are not comfortable working with the terminal, you are not ready to do this!

This tutorial used a Yubikey 4 (see image), but is entirely general and should be usable with just any U2F device for any manufacturer.

"U2F for Linux Authentication (Ubuntu/Mint/...)" vollständig lesen