What is PGP?

OpenPGP is an open standard for signing and encrypting. It enables RSA or ECC sign/encrypt operations using a private key stored on a smartcard (such as YubiKeys), through common interfaces like PKCS#11.

Note	ECC keys are supported on YubiKey 5 devices with firmware version 5.2.3 or higher. PGP is not used for web authentication.

Advantages

PGP has the following advantages:

De facto standard in the Gnu/Linux world and for e-mail encryption.
Flexible. PGP is a crypto toolbox that can be used to perform all common operations.

Usage

The OpenPGP functionality of YubiKeys is typically used through GnuPG so we refer to its documentation for the full reference.

On macOS, GnuPG might not work in conjunction with other software, like OpenSC for example. GPGTools is the recommended alternative.

The default PIN set is ‘123456’ and the default admin PIN is ‘12345678’, these should be changed, see Card edit.

Software with OpenPGP Card support

GnuPG
SSH
PAM
Firefox/Iceweasel
Thunderbird/Icedove
Apple Mail / GPGTools
Android (using NFC)
- OpenKeychain
- K-9 Mail
- Conversations
- Password Store
- PGPAuth
More…

Configure the PGP features of a YubiKey

YubiKeys can be configured and used with any application with support for OpenPGP Card:

YubiKey firmware

The OpenPGP support in the YubiKey NEO is provided by the open source ykneo-openpgp applet.

Important

SecurityAdvisory 2015-04-14
Yubico has learned of a security issue with the OpenPGP Card applet project that is used in the YubiKey NEO. This vulnerability applies to you only if you are using OpenPGP, and you have the OpenPGP applet version 1.0.9 or earlier.