Email Signing and Encryption with the Yubikey 4 / NEO on Linux (Ubuntu/Mint/...) / Android
After this tutorial, you should have a working Yubikey that can be used to sign and encrypt across multiple devices. This tutorial assumes you already have a working keypair that you want to transfer to the Yubikey. If you don't have a keypair, look at one of the excellent tutorials on the web on how to generate it. Note that this post is a modified / restructured version of this tutorial.
Before you are getting shocked by the length of this article: note that this lengthy procedure has to be done only once. Using your Yubikey on a new device works within seconds.
Alongside the Linux terminal (gpg) you can now use our Yubikey and keypair with a variety of email clients which support PGP, e.g. Thunderbird + the Enigmail add-on, and K9-mail with OpenKeychain for Android (Yubikey NEO + NFC-capable phone).
Quick tip in order to use your Yubikey on another system:
- Ensure that the system has smartcard functionality (i.e. for another Linux device, install the appropriate packages as listed in this guide).
- Loaded the public key on to the system on which you intend to use the Yubikey. This can be accomplished by using the fetch command in the gpg2 --card-edit prompt or simply importing your pubkey.
- Mark your key as ultimately trusted (see end of this post)