Generating new GPG subkeys on a Yubikey 5C

Hardware

  • Yubikey 5C Nano -  Firmware v5.2.4
  • GPG v2.2.20

Introduction

For a few years now, I've managed a Yubikey w/ dedicated signing, encryption, and authentication subkeys generated from my private GPG master key. I recently caught my Yubikey 4C while walking w/ my laptop and ended up snapping it in half.

The following post is my write up of how I generated new subkeys onto a new Yubikey 5C for my existing GPG key. If you're looking to setup a Yubikey for the first time, I would reccomend skipping this post and heading over to https://github.com/drduh/YubiKey-Guide which is how I originally setup my configuration.

The following post assumes you can boot into a secure environment with access to your master GPG key.

Key Revocation

I ensured that I had revoked all of the subkeys currently attached to my master key. Since I had physically destroyed the Yubikey, I didn't want anyone thinking they should use any of the existing subkeys. I won't go through all of those steps here.  The result was that they key looks pretty messy (a few initial revocations from mistakes I made):

❯ gpg --list-secret-keys
/Users/ghavil/.gnupg/pubring.kbx
--------------------------------
sec   rsa4096/0x6E8D620B2B9BDBEC 2014-04-16 [C] [expires: 2022-01-01]
      Key fingerprint = 80E8 A472 707A E395 AB58  1CE5 6E8D 620B 2B9B DBEC
uid                   [ultimate] Jared Ledvina <jared@techsmix.net>
uid                   [ultimate] Jared Ledvina <geekatcomputers@gmail.com>
uid                   [ultimate] Jared Ledvina <jfledvin@mtu.edu>
uid                   [ultimate] Jared Ledvina <jaredl@palantir.com>
uid                   [ultimate] Jared Ledvina <jaredledvina@gmail.com>
ssb   rsa4096/0x1AF23FB82304DD5A 2014-04-16 [E] [revoked: 2016-04-26]
ssb#  rsa2048/0x0BF7D9035BCBF7BD 2015-08-10 [S] [revoked: 2016-04-26]
ssb#  rsa4096/0x5E6420CCAE8307DA 2015-10-05 [E] [revoked: 2016-04-26]
ssb#  rsa4096/0xA4E1A0B0F7205C80 2016-04-26 [A] [revoked: 2018-05-14]
ssb#  rsa4096/0x4E36408752D40FC5 2016-04-26 [S] [revoked: 2018-05-14]
ssb#  rsa4096/0x0CC93FAFA4EB2144 2016-04-26 [E] [revoked: 2018-05-14]
ssb#  rsa4096/0x573405E68BB44A0C 2018-05-14 [E] [revoked: 2019-12-19]
ssb#  rsa4096/0xE892006E1BB9180C 2018-05-14 [S] [revoked: 2019-12-19]
ssb#  rsa4096/0xC4D35571016D842E 2018-05-14 [A] [revoked: 2019-12-19]

Reset the new Yubikey

Previously, I had attempted to set this up already. So, to start off, I made sure to full reset the Yubikey 5C. The output of that process is shown below:

> gpg --expert --card-edit

gpg/card> admin
Admin commands are allowed

gpg/card> factory-reset
gpg: OpenPGP card no. D1230001230123450000123456789000 detected

gpg: Note: This command destroys all keys stored on the card!

Continue? (y/N) y
Really do a factory reset? (enter "yes") yes

gpg/card> list

Reader ...........: Yubico YubiKey OTP FIDO CCID
Application ID ...: D1230001230123450000123456789000
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: Yubico
Serial number ....: 18365472
Name of cardholder: [not set]
Language prefs ...: [not set]
Salutation .......:
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 0 3
Signature counter : 0
KDF setting ......: off
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]

Enable KDF for Pin Authentication

I then made sure to enable KDF for pin authentication going forward. This configures the Yubikey to store a hash of the pins such that we no longer transfer the PINs in plaintext to the Yubikey. See the OpenPGP Smart Card v3.4 spec here https://gnupg.org/ftp/specs/OpenPGP-smart-card-application-3.4.pdf for details under the '4.3.2 Key derived format' section. The output of this process is shown below:

gpg/card> kdf-setup

gpg/card> list

Reader ...........: Yubico YubiKey OTP FIDO CCID
Application ID ...: D1230001230123450000123456789000
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: Yubico
Serial number ....: 18365472
Name of cardholder: [not set]
Language prefs ...: [not set]
Salutation .......:
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 0
KDF setting ......: on
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]

Prepare the new Yubikey

With those settings configured, let's edit and configure the user, admin, and reset PINs. Make sure to generate these in a secure way and save them safely for future use. There's a maxium PIN length of 127 for each PIN as show in gpg --card-status.  The following is a capture of what I saw in my terminal for this process.

❯ gpg --card-edit --expert

Reader ...........: Yubico YubiKey OTP FIDO CCID
Application ID ...: D1230001230123450000123456789000
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: Yubico
Serial number ....: 18365472
Name of cardholder: [not set]
Language prefs ...: [not set]
Salutation .......:
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 0 3
Signature counter : 0
KDF setting ......: off
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]

gpg/card> admin
Admin commands are allowed

gpg/card> passwd
gpg: OpenPGP card no. D1230001230123450000123456789000 detected

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

Your selection? 1
PIN changed.

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

Your selection? 3
PIN changed.

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

Your selection? 4
Reset Code set.

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

Your selection? Q

Configure user settings

I took a second to quickly configure a few user settings on the card as well:

gpg/card> login
Login data (account name): jledvina

gpg/card> lang
Language preferences: en

gpg/card> login
Login data (account name): jledvina

gpg/card> salutation
Salutation (M = Mr., F = Ms., or space): M

gpg/card> url
URL to retrieve public key: https://keybase.io/jledvina/pgp_keys.asc

Configure the Yubikey to generate ECC Curve 25519 keys

The Yubikey 5C supports have OpenPGP keys generated as ECC keys. To enable that, I simply changed the key attribute setting to use ECC and for my use case, selected the Curve 25519 (ed25519) elliptic curve.  More details can be found in this support article:

YubiKey 5.2.3 Enhancements to OpenPGP 3.4 Support
Introduction With the release of the YubiKey 5Ci device with firmware 5.2.3, Yubico offers support for the latest OpenPGP Smart Card 3.4 functionality, offering advancements in OpenPGP functionality. These enhancements allow users an expanded en...

Below is the output from when I ran through this process:

gpg/card> key-attr
Changing card key attribute for: Signature key
Please select what kind of key you want:
   (1) RSA
   (2) ECC
Your selection? 2
Please select which elliptic curve you want:
   (1) Curve 25519
   (3) NIST P-256
   (4) NIST P-384
   (5) NIST P-521
   (6) Brainpool P-256
   (7) Brainpool P-384
   (8) Brainpool P-512
   (9) secp256k1
Your selection? 1
The card will now be re-configured to generate a key of type: ed25519
Note: There is no guarantee that the card supports the requested size.
      If the key generation does not succeed, please check the
      documentation of your card to see what sizes are allowed.
Changing card key attribute for: Encryption key
Please select what kind of key you want:
   (1) RSA
   (2) ECC
Your selection? 2
Please select which elliptic curve you want:
   (1) Curve 25519
   (3) NIST P-256
   (4) NIST P-384
   (5) NIST P-521
   (6) Brainpool P-256
   (7) Brainpool P-384
   (8) Brainpool P-512
   (9) secp256k1
Your selection? 1
The card will now be re-configured to generate a key of type: cv25519
Changing card key attribute for: Authentication key
Please select what kind of key you want:
   (1) RSA
   (2) ECC
Your selection? 2
Please select which elliptic curve you want:
   (1) Curve 25519
   (3) NIST P-256
   (4) NIST P-384
   (5) NIST P-521
   (6) Brainpool P-256
   (7) Brainpool P-384
   (8) Brainpool P-512
   (9) secp256k1
Your selection? 1
The card will now be re-configured to generate a key of type: ed25519

gpg/card>

Generating the new sub GPG keys

Finally, we have a fully prepared Yubikey and are ready to generate the subkeys on the card. For my use-case, I'm going to generate 3 new subkeys, one for encryption, another for authentication, and a third for signing. These usage settings are shown as [E], [A], and [S] respectively in the output below. Additionally, my master key is configured with [C] or certify, which only allows it to delegate these three usages to other keys and not be used itself for those processes.

Below is the output from when I went through this process:

❯ gpg --list-secret-keys 
/Users/ghavil/.gnupg/pubring.kbx
--------------------------------
sec   rsa4096/0x6E8D620B2B9BDBEC 2014-04-16 [C] [expires: 2022-01-01]
      Key fingerprint = 80E8 A472 707A E395 AB58  1CE5 6E8D 620B 2B9B DBEC
uid                   [ultimate] Jared Ledvina <jared@techsmix.net>
uid                   [ultimate] Jared Ledvina <geekatcomputers@gmail.com>
uid                   [ultimate] Jared Ledvina <jfledvin@mtu.edu>
uid                   [ultimate] Jared Ledvina <jaredl@palantir.com>
uid                   [ultimate] Jared Ledvina <jaredledvina@gmail.com>
ssb   rsa4096/0x1AF23FB82304DD5A 2014-04-16 [E] [revoked: 2016-04-26]
ssb#  rsa2048/0x0BF7D9035BCBF7BD 2015-08-10 [S] [revoked: 2016-04-26]
ssb#  rsa4096/0x5E6420CCAE8307DA 2015-10-05 [E] [revoked: 2016-04-26]
ssb#  rsa4096/0xA4E1A0B0F7205C80 2016-04-26 [A] [revoked: 2018-05-14]
ssb#  rsa4096/0x4E36408752D40FC5 2016-04-26 [S] [revoked: 2018-05-14]
ssb#  rsa4096/0x0CC93FAFA4EB2144 2016-04-26 [E] [revoked: 2018-05-14]
ssb#  rsa4096/0x573405E68BB44A0C 2018-05-14 [E] [revoked: 2019-12-19]
ssb#  rsa4096/0xE892006E1BB9180C 2018-05-14 [S] [revoked: 2019-12-19]
ssb#  rsa4096/0xC4D35571016D842E 2018-05-14 [A] [revoked: 2019-12-19]


~
❯ gpg --expert --edit-key 0x6E8D620B2B9BDBEC
gpg (GnuPG) 2.2.20; Copyright (C) 2020 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

sec  rsa4096/0x6E8D620B2B9BDBEC
     created: 2014-04-16  expires: 2022-01-01  usage: C
     trust: ultimate      validity: ultimate
The following key was revoked on 2016-04-26 by RSA key 0x6E8D620B2B9BDBEC Jared Ledvina <jared@techsmix.net>
ssb  rsa4096/0x1AF23FB82304DD5A
     created: 2014-04-16  revoked: 2016-04-26  usage: E
The following key was revoked on 2016-04-26 by RSA key 0x6E8D620B2B9BDBEC Jared Ledvina <jared@techsmix.net>
sub  rsa2048/0x0BF7D9035BCBF7BD
     created: 2015-08-10  revoked: 2016-04-26  usage: S
The following key was revoked on 2016-04-26 by RSA key 0x6E8D620B2B9BDBEC Jared Ledvina <jared@techsmix.net>
sub  rsa4096/0x5E6420CCAE8307DA
     created: 2015-10-05  revoked: 2016-04-26  usage: E
The following key was revoked on 2018-05-14 by RSA key 0x6E8D620B2B9BDBEC Jared Ledvina <jared@techsmix.net>
sub  rsa4096/0xA4E1A0B0F7205C80
     created: 2016-04-26  revoked: 2018-05-14  usage: A
The following key was revoked on 2018-05-14 by RSA key 0x6E8D620B2B9BDBEC Jared Ledvina <jared@techsmix.net>
sub  rsa4096/0x4E36408752D40FC5
     created: 2016-04-26  revoked: 2018-05-14  usage: S
The following key was revoked on 2018-05-14 by RSA key 0x6E8D620B2B9BDBEC Jared Ledvina <jared@techsmix.net>
sub  rsa4096/0x0CC93FAFA4EB2144
     created: 2016-04-26  revoked: 2018-05-14  usage: E
The following key was revoked on 2019-12-19 by RSA key 0x6E8D620B2B9BDBEC Jared Ledvina <jared@techsmix.net>
sub  rsa4096/0x573405E68BB44A0C
     created: 2018-05-14  revoked: 2019-12-19  usage: E
The following key was revoked on 2019-12-19 by RSA key 0x6E8D620B2B9BDBEC Jared Ledvina <jared@techsmix.net>
sub  rsa4096/0xE892006E1BB9180C
     created: 2018-05-14  revoked: 2019-12-19  usage: S
The following key was revoked on 2019-12-19 by RSA key 0x6E8D620B2B9BDBEC Jared Ledvina <jared@techsmix.net>
sub  rsa4096/0xC4D35571016D842E
     created: 2018-05-14  revoked: 2019-12-19  usage: A
[ultimate] (1). Jared Ledvina <jared@techsmix.net>
[ultimate] (2)  Jared Ledvina <geekatcomputers@gmail.com>
[ultimate] (3)  Jared Ledvina <jfledvin@mtu.edu>
[ultimate] (4)  Jared Ledvina <jaredl@palantir.com>
[ultimate] (5)  Jared Ledvina <jaredledvina@gmail.com>

gpg> addcardkey
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]

Please select the type of key to generate:
   (1) Signature key
   (2) Encryption key
   (3) Authentication key
Your selection? 1
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 1y
Key expires at Mon Apr 26 00:17:14 2021 EDT
Is this correct? (y/N) y
Really create? (y/N) y

sec  rsa4096/0x6E8D620B2B9BDBEC
     created: 2014-04-16  expires: 2022-01-01  usage: C
     trust: ultimate      validity: ultimate
The following key was revoked on 2016-04-26 by RSA key 0x6E8D620B2B9BDBEC Jared Ledvina <jared@techsmix.net>
ssb  rsa4096/0x1AF23FB82304DD5A
     created: 2014-04-16  revoked: 2016-04-26  usage: E
The following key was revoked on 2016-04-26 by RSA key 0x6E8D620B2B9BDBEC Jared Ledvina <jared@techsmix.net>
sub  rsa2048/0x0BF7D9035BCBF7BD
     created: 2015-08-10  revoked: 2016-04-26  usage: S
The following key was revoked on 2016-04-26 by RSA key 0x6E8D620B2B9BDBEC Jared Ledvina <jared@techsmix.net>
sub  rsa4096/0x5E6420CCAE8307DA
     created: 2015-10-05  revoked: 2016-04-26  usage: E
The following key was revoked on 2018-05-14 by RSA key 0x6E8D620B2B9BDBEC Jared Ledvina <jared@techsmix.net>
sub  rsa4096/0xA4E1A0B0F7205C80
     created: 2016-04-26  revoked: 2018-05-14  usage: A
The following key was revoked on 2018-05-14 by RSA key 0x6E8D620B2B9BDBEC Jared Ledvina <jared@techsmix.net>
sub  rsa4096/0x4E36408752D40FC5
     created: 2016-04-26  revoked: 2018-05-14  usage: S
The following key was revoked on 2018-05-14 by RSA key 0x6E8D620B2B9BDBEC Jared Ledvina <jared@techsmix.net>
sub  rsa4096/0x0CC93FAFA4EB2144
     created: 2016-04-26  revoked: 2018-05-14  usage: E
The following key was revoked on 2019-12-19 by RSA key 0x6E8D620B2B9BDBEC Jared Ledvina <jared@techsmix.net>
sub  rsa4096/0x573405E68BB44A0C
     created: 2018-05-14  revoked: 2019-12-19  usage: E
The following key was revoked on 2019-12-19 by RSA key 0x6E8D620B2B9BDBEC Jared Ledvina <jared@techsmix.net>
sub  rsa4096/0xE892006E1BB9180C
     created: 2018-05-14  revoked: 2019-12-19  usage: S
The following key was revoked on 2019-12-19 by RSA key 0x6E8D620B2B9BDBEC Jared Ledvina <jared@techsmix.net>
sub  rsa4096/0xC4D35571016D842E
     created: 2018-05-14  revoked: 2019-12-19  usage: A
ssb  ed25519/0x45EAE797D5DD3BA4
     created: 2020-04-26  expires: 2021-04-26  usage: S
     card-no: 0006 10975302
[ultimate] (1). Jared Ledvina <jared@techsmix.net>
[ultimate] (2)  Jared Ledvina <geekatcomputers@gmail.com>
[ultimate] (3)  Jared Ledvina <jfledvin@mtu.edu>
[ultimate] (4)  Jared Ledvina <jaredl@palantir.com>
[ultimate] (5)  Jared Ledvina <jaredledvina@gmail.com>

gpg> addcardkey
Signature key ....: 9C2D 9836 233B 1257 B907  3989 45EA E797 D5DD 3BA4
Encryption key....: [none]
Authentication key: [none]

Please select the type of key to generate:
   (1) Signature key
   (2) Encryption key
   (3) Authentication key
Your selection? 2
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 1y
Key expires at Mon Apr 26 00:19:01 2021 EDT
Is this correct? (y/N) y
Really create? (y/N) y

sec  rsa4096/0x6E8D620B2B9BDBEC
     created: 2014-04-16  expires: 2022-01-01  usage: C
     trust: ultimate      validity: ultimate
The following key was revoked on 2016-04-26 by RSA key 0x6E8D620B2B9BDBEC Jared Ledvina <jared@techsmix.net>
ssb  rsa4096/0x1AF23FB82304DD5A
     created: 2014-04-16  revoked: 2016-04-26  usage: E
The following key was revoked on 2016-04-26 by RSA key 0x6E8D620B2B9BDBEC Jared Ledvina <jared@techsmix.net>
sub  rsa2048/0x0BF7D9035BCBF7BD
     created: 2015-08-10  revoked: 2016-04-26  usage: S
The following key was revoked on 2016-04-26 by RSA key 0x6E8D620B2B9BDBEC Jared Ledvina <jared@techsmix.net>
sub  rsa4096/0x5E6420CCAE8307DA
     created: 2015-10-05  revoked: 2016-04-26  usage: E
The following key was revoked on 2018-05-14 by RSA key 0x6E8D620B2B9BDBEC Jared Ledvina <jared@techsmix.net>
sub  rsa4096/0xA4E1A0B0F7205C80
     created: 2016-04-26  revoked: 2018-05-14  usage: A
The following key was revoked on 2018-05-14 by RSA key 0x6E8D620B2B9BDBEC Jared Ledvina <jared@techsmix.net>
sub  rsa4096/0x4E36408752D40FC5
     created: 2016-04-26  revoked: 2018-05-14  usage: S
The following key was revoked on 2018-05-14 by RSA key 0x6E8D620B2B9BDBEC Jared Ledvina <jared@techsmix.net>
sub  rsa4096/0x0CC93FAFA4EB2144
     created: 2016-04-26  revoked: 2018-05-14  usage: E
The following key was revoked on 2019-12-19 by RSA key 0x6E8D620B2B9BDBEC Jared Ledvina <jared@techsmix.net>
sub  rsa4096/0x573405E68BB44A0C
     created: 2018-05-14  revoked: 2019-12-19  usage: E
The following key was revoked on 2019-12-19 by RSA key 0x6E8D620B2B9BDBEC Jared Ledvina <jared@techsmix.net>
sub  rsa4096/0xE892006E1BB9180C
     created: 2018-05-14  revoked: 2019-12-19  usage: S
The following key was revoked on 2019-12-19 by RSA key 0x6E8D620B2B9BDBEC Jared Ledvina <jared@techsmix.net>
sub  rsa4096/0xC4D35571016D842E
     created: 2018-05-14  revoked: 2019-12-19  usage: A
ssb  ed25519/0x45EAE797D5DD3BA4
     created: 2020-04-26  expires: 2021-04-26  usage: S
     card-no: 0006 10975302
ssb  cv25519/0x5421DA1B61AD8D4C
     created: 2020-04-26  expires: 2021-04-26  usage: E
     card-no: 0006 10975302
[ultimate] (1). Jared Ledvina <jared@techsmix.net>
[ultimate] (2)  Jared Ledvina <geekatcomputers@gmail.com>
[ultimate] (3)  Jared Ledvina <jfledvin@mtu.edu>
[ultimate] (4)  Jared Ledvina <jaredl@palantir.com>
[ultimate] (5)  Jared Ledvina <jaredledvina@gmail.com>

gpg> addcardkey
Signature key ....: 9C2D 9836 233B 1257 B907  3989 45EA E797 D5DD 3BA4
Encryption key....: 84A7 3CA8 0F7A 41E6 93C9  0ECF 5421 DA1B 61AD 8D4C
Authentication key: [none]

Please select the type of key to generate:
   (1) Signature key
   (2) Encryption key
   (3) Authentication key
Your selection? 3
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 1y
Key expires at Mon Apr 26 00:19:55 2021 EDT
Is this correct? (y/N) y
Really create? (y/N) y

sec  rsa4096/0x6E8D620B2B9BDBEC
     created: 2014-04-16  expires: 2022-01-01  usage: C
     trust: ultimate      validity: ultimate
The following key was revoked on 2016-04-26 by RSA key 0x6E8D620B2B9BDBEC Jared Ledvina <jared@techsmix.net>
ssb  rsa4096/0x1AF23FB82304DD5A
     created: 2014-04-16  revoked: 2016-04-26  usage: E
The following key was revoked on 2016-04-26 by RSA key 0x6E8D620B2B9BDBEC Jared Ledvina <jared@techsmix.net>
sub  rsa2048/0x0BF7D9035BCBF7BD
     created: 2015-08-10  revoked: 2016-04-26  usage: S
The following key was revoked on 2016-04-26 by RSA key 0x6E8D620B2B9BDBEC Jared Ledvina <jared@techsmix.net>
sub  rsa4096/0x5E6420CCAE8307DA
     created: 2015-10-05  revoked: 2016-04-26  usage: E
The following key was revoked on 2018-05-14 by RSA key 0x6E8D620B2B9BDBEC Jared Ledvina <jared@techsmix.net>
sub  rsa4096/0xA4E1A0B0F7205C80
     created: 2016-04-26  revoked: 2018-05-14  usage: A
The following key was revoked on 2018-05-14 by RSA key 0x6E8D620B2B9BDBEC Jared Ledvina <jared@techsmix.net>
sub  rsa4096/0x4E36408752D40FC5
     created: 2016-04-26  revoked: 2018-05-14  usage: S
The following key was revoked on 2018-05-14 by RSA key 0x6E8D620B2B9BDBEC Jared Ledvina <jared@techsmix.net>
sub  rsa4096/0x0CC93FAFA4EB2144
     created: 2016-04-26  revoked: 2018-05-14  usage: E
The following key was revoked on 2019-12-19 by RSA key 0x6E8D620B2B9BDBEC Jared Ledvina <jared@techsmix.net>
sub  rsa4096/0x573405E68BB44A0C
     created: 2018-05-14  revoked: 2019-12-19  usage: E
The following key was revoked on 2019-12-19 by RSA key 0x6E8D620B2B9BDBEC Jared Ledvina <jared@techsmix.net>
sub  rsa4096/0xE892006E1BB9180C
     created: 2018-05-14  revoked: 2019-12-19  usage: S
The following key was revoked on 2019-12-19 by RSA key 0x6E8D620B2B9BDBEC Jared Ledvina <jared@techsmix.net>
sub  rsa4096/0xC4D35571016D842E
     created: 2018-05-14  revoked: 2019-12-19  usage: A
ssb  ed25519/0x45EAE797D5DD3BA4
     created: 2020-04-26  expires: 2021-04-26  usage: S
     card-no: 0006 10975302
ssb  cv25519/0x5421DA1B61AD8D4C
     created: 2020-04-26  expires: 2021-04-26  usage: E
     card-no: 0006 10975302
ssb  ed25519/0x3FD2E89E60CC0EB7
     created: 2020-04-26  expires: 2021-04-26  usage: A
     card-no: 0006 10975302
[ultimate] (1). Jared Ledvina <jared@techsmix.net>
[ultimate] (2)  Jared Ledvina <geekatcomputers@gmail.com>
[ultimate] (3)  Jared Ledvina <jfledvin@mtu.edu>
[ultimate] (4)  Jared Ledvina <jaredl@palantir.com>
[ultimate] (5)  Jared Ledvina <jaredledvina@gmail.com>

Enabling Touch Policies

In addition to the ECC key support, we can also configure a variety of touch policies for the OpenPGP Yubikey application similar to the existing touch policy support for the PIV application. However, as of April 26, 2020, ykman has not had a release that includes an essential fix for our setup. Currently, if you use ykman to set the touch policies with KDF for Pin Authentication enabled, it will fail saying invalid Admin pin. https://github.com/Yubico/yubikey-manager/pull/325 was merged to add support so, make sure to install ykman from the latest master or patch it w/ that change.

Once you have that change, here's the output from when I configured my signing, encryption, and authentication keys to require touch but to cache that touch for 15 seconds.  I also used the -fixed version which locks this configuration in place until the key slot is fully reset such that it can't be disabled in the future. I find that the 15 second cached option to be a better balance between UX and security for myself. When performing larger git rebase's, having the touch cached is significantly easier to work with. Similarly, if you need to quickly SSH to mutliple hosts, 15 seconds is typically plenty of time to do that withouth having to touch the Yubikey for each operation.  

❯ ykman openpgp set-touch sig cached-fixed
Enter admin PIN:
Set touch policy of signature key to cached-fixed? [y/N]: y

❯ ykman openpgp set-touch aut cached-fixed
Enter admin PIN:
Set touch policy of authentication key to cached-fixed? [y/N]: y

❯ ykman openpgp set-touch enc cached-fixed
Enter admin PIN:
Set touch policy of encryption key to cached-fixed? [y/N]: y

❯ ykman openpgp info
OpenPGP version: 3.4
Application version: 5.2.4

PIN tries remaining: 3
Reset code tries remaining: 3
Admin PIN tries remaining: 3

Touch policies
Signature key           Cached (fixed)
Encryption key          Cached (fixed)
Authentication key      Cached (fixed)
Attestation key         Off

There's a variety of modes you can set, and they can be individually applied to each subkey. The ykman help text has more details:

❯ ykman openpgp set-touch -h
Usage: ykman openpgp set-touch [OPTIONS] KEY POLICY

  Set touch policy for OpenPGP keys.

  KEY     Key slot to set (sig, enc, aut or att).
  POLICY  Touch policy to set (on, off, fixed, cached or cached-fixed).

  The touch policy is used to require user interaction for all operations using the private key on the YubiKey. The touch policy is set indivdually for each key slot. To see the current touch policy,
  run

      $ ykman openpgp info

  Touch policies:

  Off (default)   No touch required
  On              Touch required
  Fixed           Touch required, can't be disabled without a full reset
  Cached          Touch required, cached for 15s after use
  Cached-Fixed    Touch required, cached for 15s after use, can't be disabled
                  without a full reset

Options:
  -a, --admin-pin TEXT  Admin PIN for OpenPGP.
  -f, --force           Confirm the action without prompting.
  -h, --help            Show this message and exit.

Generating attestation certificates

The next new feature of the Yubikey 5 series is support for attestation certificates for their OpenPGP application. Previously, this was only supported via the PIV application but, they have exampled support. Yubico has a ton of detail about attestation documented here https://developers.yubico.com/PGP/Attestation.html

The following is how I generated attestation certificates for each of my signing, encryption, and authentication GPG subkeys. The output of the process is saved below:

❯ ykman openpgp attest sig yubikey-5c-attestation-signing.cert
Enter PIN:

❯ ykman openpgp attest enc yubikey-5c-attestation-encryption.cert
Enter PIN:

❯ ykman openpgp attest aut yubikey-5c-attestation-authentication.cert
Enter PIN:

❯ ls yubikey-5c-attestation*
yubikey-5c-attestation-authentication.cert yubikey-5c-attestation-encryption.cert     yubikey-5c-attestation-signing.cert

Verifying attestation certificates

While the practical uses are currently limited, you can verify the attestation certificates from above with the following setup.

  1. Securely download a copy of the Yubico OPGP CA: https://developers.yubico.com/PGP/opgp-attestation-ca.pem
  2. Export your Yubikey's OpenPGP attestation certificate with: ykman openpgp export-certificate att yubikey-5c-attestation.cert
  3. Append your Yubikey's attestation certificate with the Yubico OPGP CA: cat opgp-attestation-ca.pem yubikey-5c-attestation.cert > yubikey-attestation-ca-combined.cert
  4. Run the following series of commands to verify each of the generated attestation certificates for your signing, encryption, and authentication keys.
❯ openssl verify -CAfile ./yubikey-attestation-ca-combined.cert ./yubikey-5c-attestation-signing.cert
./yubikey-5c-attestation-signing.cert: OK

❯ openssl verify -CAfile ./yubikey-attestation-ca-combined.cert ./yubikey-5c-attestation-encryption.cert
./yubikey-5c-attestation-encryption.cert: OK

❯ openssl verify -CAfile ./yubikey-attestation-ca-combined.cert ./yubikey-5c-attestation-authentication.cert
./yubikey-5c-attestation-authentication.cert: OK

If you get the output OK, that's stating that the generated attestation certificate for each key has been signed by your Yubikey's attestation key, which was signed by the Yubico OPGP CA.

Now that we have shown that the certificates are cryptographically verified to be "legit", we can leverage our subkey attestation certificates to verify the status of each key.

Yubico has OID registered as 1.3.6.1.4.1.41482. The first portion, 1.3.6.1.4.1 is the general private orginization OID and 41482 is the ID assigned to Yubico. You can verify this on https://www.iana.org/assignments/enterprise-numbers/enterprise-numbers. Amusingly, I have a registered OID for TechsMix things:

44798
  TechsMix Networks
    Jared Ledvina
      jared&techsmix.net

It's these x509 extensions that we'll be interested in. Yubico provides a table on https://developers.yubico.com/PGP/Attestation.html for understanding their extensions.

  1. TODO - We need to use the X509 Extensions to verify this.... openssl appears to not be decoding them correctly for me though....

Conclusion

That's all there is to it! While putting this all together took a while, in the end, the entire process was fairly straight forward. Hopefully, the above is a helpful reference for folks who also are looking at generate GPG subkeys on a new Yubikey 5C.

I may have a future update to this post revoking and replacing the encryption [E] key with another key type. The above causes it to be generated as a cv25519 key  which is ed25519 but for encryption operations. I expect there to be some compatibility issues with it in the future. However, it seems like RFC 7748 was completed back in 2016:

RFC 7748 - Elliptic Curves for Security
Elliptic Curves for Security (RFC 7748, January 2016)

My updated GPG key can be found on Keybase: https://keybase.io/jledvina/ and should be replicating to a GPG keyserver near you shortly.

Enjoy!

unsplash-logoChris Ried unsplash-logoMarkus Winkler