I recently bought a Yubikey 4 with the intent of playing around with it, setting up SSH to let me use it for authentication, and maybe even using it to sign some things in git. I forgot the part where that meant using gpg again...
Thus begins today's story...
Basically, I created a master key and three subkeys by following the guide presented here, and put the subkeys into my Yubikey. This of course took an immensely large amount of time because I wasn't doing anything else with the system I generated the keys on, and so gpg felt there wasn't enough entropy; wiggling the mouse helped, but only so much.
Once the keys were created and added to the Yubikey, I went to bed, and took the Yubikey to work with me the next day. It took a good hour or so, but I got SSH to let me authenticate connections to GitHub using the authentication key on the Yubikey, and signed a test commit with git using the signing key. Everything looked good, and I went back to doing actual work.
Moving forward a few days... I had originally created all four keys with no expiration dates, figuring that I'm not doing anything that exciting, and I have a revocation cert, so who cares? But I changed my mind and decided to add expiration dates one year from now (that was this morning, feel free to look up the now-useless keys on your favorite keyserver). After about 20 minutes, it appeared as though I had accidentally added the master key's secret key onto the Yubikey (I hadn't, I just thought I had), had factory-restored the Yubikey to get the secret key off of it, and then somehow got gpg into a state where it refused to add the subkeys back onto the Yubkey.
Lucky for me, I managed to also ruin the backup copy of everything while I was at it. This being why I haven't revoked the old keys. But hey, on the bright side, the private keys don't exist anywhere anymore!
After turning off the computer, going to get lunch, and coming back, I did what
any sensible person would do: started over. Luckily I had just done everything,
so while re-building my keys I had history 0 | less
open in a tmux pane and
scrolled to the relevant section of my command history, and I had other things
to do, so gpg felt I generated entropy at a much higher rate this time. Given
what I've heard about /dev/random
vs /dev/urandom
, it sounds like gpg is
just playing security-theater with me, but whatever, I got my new keys
generated.
At any rate, in case anyone is interested, the new key's fingerprint and public key are below (feel free to let me know if I messed it up somehow). The original commit creating this blog post is signed, and I've wiped out my keybase.io account and updated it to use my new public key as given below (and re-verified myself in the appropriate places).
I know, this wasn't even remotely worth reading just to be given the public key of some random person you don't know, whose code you don't care about, etc. Sorry not-sorry?
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFd39E8BEADaX5R+Nj1PK3YQxKvv3djQyzaOJYlFa4sDn5Mz3G+/2Rlxu3Fk
NMLoD90V+xOMJMy8qmeRHhoi73CDrHnxw/kLsVGYa4Y9KU3/0GhVwKdKQSdXGO4C
erEWxm0wpNVhOE4fMm7vwCQ1j+Cg1oloZtL9VDkZSdRZNJFjYqDBJMUTv7DXuOOu
0sp6ms3nopLLZRYLu9dNskFmmFzgGoburJigUqkTNpY48MyTdM7PEeGEacHChMcy
zIzW7pd9SXqyUJUlxHRjLVaSgzcUNewxFF+yaGwFWBYCVf6qaWtfahcAo2jwToVx
BBeysyd+M94gFt737j/pR5ikw499JtxQO7+WNRY8rlpMHmvYyfl4VZXG37Z3Daeq
9FFHQ+L4p2d0AM1O95btzZh3IZZZyPdDfaobjImHbaRtAMeM3ZnAImfTnmw0aX02
JygWCi1zWgxkHqmGnrePSlGihG5G+AneI8EPhfjpAAYqVDePuRH3W1HOAqkNsPOo
bFxr2ADmUFVRWIvkaCTt4HhRl0OYBUi5ysVpDmWpVRoFqbZzkyFFCFtXBC8PAUIf
gy7SnFF7CFyw9KUQ3CeCSOKXpqCuONmMh6xyVEU7KqpwZsd0k2iK8Xb0E8XBcmaW
ozZmZIpVKB2GGDmVNlw6p2w9k4EObBZO7lJttYoVohb4oOvG7rkAe3P4FwARAQAB
tDNBbnRob255IFBlcmV6IChhbWF6aW5nYW50KSA8YW50aG9ueUBhbWF6aW5nYW50
LmNvbT6JAjEEEwEKABsFAld39E8CGwMCCwkCFQoFFgIDAQACHgECF4AACgkQemAU
4xZdThUXcRAA2kaBJ33hqC08sA5LTOniI83m6Hz4sAw1t7qFbhB7PnIALMgJ3Gys
nT1lhkRKtRzOmOOd+M+Q1GjwS5u1GYOS0NWCjRC+t1ddeF64OXCFxOiB93f06REf
8NJtmSqy/epBaZzR4Xtjec8kyJizc2sTIFsQ3oUxZUJd/a/52IgsmNEmgnfU9X5h
k6RWUremRTm01StWs66MXDJMW7UmD/MnVTazP/Bu+w5Foe8iZfU8YIHFvhJ18gmQ
+pZQbNHoNqtQkU6rv7FCRRzBPEe4CsCdaOiJhtooJKQZUXE7Cy2E6bqHMaVRZtDF
FabQkiDLmqIfb76Xj9GeNas2U3L6jHsDZjH/zSJG8F+LNPUL/AA3o721PB8QT1DY
03DhYKpGdwCk6w2VWU8SDiJ2LuE4LrV0AxFaxYPmKblWrpSuqs3HxC/suXDpVpGf
sv8/o06YiaSXdOjuneODH0qyWfNIu5V9NM6qwRtxnVA+808gt6FOlaUWv0MjoNdD
6Y0nZB9b4uoshGmYtG032xjYeIb80wjvQ+9WqKYNIeGNvsgEJt0NAElhoaFd9sBS
jZrfVQ54HbxMZFN3qYqShh3l3UEE49N7SqKitfQT9+s01X46iVVInrjeGi+JvaNl
xpB4hdDA7nvN6+niz3GIPRuq+pbFUyXulI1u2sHSwGLnirlYRByUORW0JEFsaXNv
biBQZXJleiA8YWxpc29uQGFtYXppbmdhbnQuY29tPokCSAQTAQoAMhYhBOuvHZy5
dRXsS6XzNHpgFOMWXU4VBQJi8s1CAhsDAgsJAhUKBRYCAwEAAh4BAheAAAoJEHpg
FOMWXU4VLeoP/jXsgTrLZYyJgNKjtpE+gZfFzsH+IlKQexNkK+dhPHnktfr26OUE
/usOXX4q/jHVv5y0gzBo/JS0A8mzgcYobPWFWCJYK5ED//qvFbWLXcEBDlGvD9e6
TSLuE9v0oryKm6tYvBOUmbsYMRIP/VQ2kebMFlL6cISHOgOBxkX4ShmP6gMVlySQ
qtvugJYehSgNx2/QqcfOpMOjiIaTHV+8gsJLwBxR9tEFaBpJ/EtVfYxEX9XJ+Mv5
lth4WPSRKND65OUb6QqtQjsVEHGT/yG1TjN2r4P1PH8xJ2/QjPgzWDkZ0ZqYnutE
kFOvo5+UkEPLepW9lorkneV3oOuUIKBJHEhSRuQ95d9bMrnsLVZ5eOuW02K0OCXD
ctjS8Flxf/EaHZqB5CAgSp4Y69IagQvEZ5ZWZ2xDMixRunxb3JnU/+UyGVqdl/Qc
n4ggjZ70BLRWxN6PWAS9oqLbB9pOBR6mUO+Wmic6cqwIVBpDm1353aBr51HmFPxV
Hs8Lp2gOp3I/+uiOUCkD1nDOMHYlUXY5pG3zGn+eggRLPuD7QH66Q3dzZ7kbkHcr
073de1jU7CdPJN5kYyy41LUXLPXHmtv/0ondkcOS4rda6+m6J3bofkfZenIfr5up
r3EaNTlsq0y+uReRiBPpQJXPJgnPlfrb7sQHJ2Bk4jtAnmNtkTrw9DjHuQINBFd3
91cBEADBCVR7XT5FLW1GH2hg+dOFpnoap2YcubgD+x/JBQW3d485WLCcX9RgvgeA
mcyPtVBZKW9gl6WSwwc+j0qYJI1XwLRy/DVzqp+rTBQk4Ghkg/HXflazhR+ZhHS9
91/6KClYdyDXgfwx6Aa4YQZCq69DXa10Q1Kp1iQQJFJxZJf0JTePokEDnnNtRYW/
Te2RUUMfwu+T7hp/zK+T7u2GEALKsi0Q6o7yrDfDeR/oK7+XAJKA5TMqDF5xQpWt
tWavyx9T1eM/Og1WFNavfBZvdz+q1/x7iHFYHD2LWohpmemJR2F+Joa7wzDuU5lF
EOUqJdHoda97/ixkcEAfXVQiUs0EU+sDCUaoiKwknp3c+sigyuuxr6i3+tBXKa5d
yGyDIOZ6EdKbj/8eMjQphgOKfwJugiur967tmL/2QX2dqCqWmi9prqYZ04TAKjGb
8K6eWq+WU8qO4cXcKetqv3lID6k5S27knmssPBPrtNuUehvw4OdKsimZ4vo5Bq4E
xp58G+NfJ3tkmfCe3mf1PuFezjOcUmZ1Hdad9xF5VlV8y6AuoYA01G2NN6yskO9F
qXe4qx1EvhixW02yINAzKUFLz37rN35QkzXtVKw5vMSDbcAS2BkioSae7QJeVOA3
+E1dLVZtDPSvy5Wuq8qVSGj3A9CfMV5qamPWF+8U2E3cJO4fewARAQABiQQ+BBgB
CgAJBQJXd/dXAhsCAikJEHpgFOMWXU4VwV0gBBkBCgAGBQJXd/dXAAoJEDiL7Ccz
l8xE5HgP/iToSxlJwg142WQHuhkzBSGv/n9H8QL3Rm0I3Se3orZk8u94WL5vg9vq
mFyJzFMlkasWd08n9IkFcHMFbNG4kjFE6ycremGXj5TmatljKKiOwqsfFA0Rj0Sc
zNOX4/1pBRAoEb/Il2+JPWY6+NgTYUVZQoGAZxhxfVDbQKZNeOQvefejy+CinYrW
QT1s+EDtiIYllc2tLKUBmtmdY8FQsv0oeD+7d0fqFhrAp2wYp3fLYPHdDdiLzpyc
/+jX0p6w1TjCzc4f+3RGXGqLURVmc8/vGex0hXs4O3q4jJsXeOfXcqxUZ0vt4N7D
FIaa8fpa7M9uOCH2Df5bFz7WQnIuJMCZiNLMImug9tYt5vbahCGJebsIVE45/6ud
nyxxT5pehM/U/tmIRyXyYfv7pjiymR3Hx5bqqvCNWB4ZnZxrZA8EfQzGncsxt8M3
BUDe53DQ9tIJewGX3B29v3jGsjWhdirfNobnS4ZjRuj8ipLMcg+yRs2zWtYcQlGY
PbiAll5tZMF92iy7D3oqPF3pmyFlepTLOxQmikNObfN7pGmz2hwqD3TjtsiaM1//
ezmxeedcMWgmvwn59RllSBhl3zvTbUTVPPKJ+DxPqEelalbQ2k4T/ImoPEWEewde
MD5WK/aYCnS3MO4Sr+iq4+oGkmM3Iv7e0NleHkunGY8yLlzOT50mXysQAMy6I9XT
yvLOEFgs45ML5SCzjVO2yju4wor1cBWgdA4L2x8D+1A4bs1mU5fvmplVTWRwXPYq
EJNyPXWBLRq4BwVUJXAR2AMdSLqyYivi3bjLKQmdrlAKt8OYbkC5ls9oYIoBPx+F
YKEQkczSXAKytrZF4qyYJTLQIYUY0lMdeMMBqKaDIkZ/8PLvHbbcU29DYb2wrkEX
p35jj03r85JcgZTSckbu1m59o4uU3Sr4u8pixR6DEPX1Vs9OHHybIN648U+4ZihA
J98z/WwGVd64KXPMBZGNJwor+Z9HiqsxlS8+nLHu9j/ifkgJJlHZKstjlalHKXoq
zZb/UYP18AXsTuU5mIlbUtDfDiHK05Bg2P7t8nuI0HJKxHbE34wop0uQWyy2nEyC
PXSQKPrQzHawzvvgC0kB5c0hNh5lB4eMFn4HID+7MU2FvP7rJygMyGbrx+/a4hbs
6jx309BUuLpqPg45cU7ylazU7zz+0/DK3mDTG9dqE/FpySv05xQancyjI8LKumeY
NlClIjGEfaMLc5h3q6lhTo20h6rWkBs9igR2mzwtRjZUvM2E2DJpGJxOhTz/juev
LfCFMMyQHNwQ0iX2Q2PpqN+3KfeOpI8AjejTfmmRM1RvN7Y4M+ja0aQ7+92Ix/RI
+mI1/kaUABEPj5W7dn9oFEysGqjmjIh9bcAcuQINBFd3+SUBEACar8EHdtZFSR1E
WtQvYJmYtzA9QnPU4iol4szcDpi1D1XFGCofSRI6zRf5d5EGKqKM2PCxwUnZct+n
oTNEV37QkksgHO+zJm4Lg52G2lam6wOnmbdNtv24ZSOgt4r1clGLYaE1Q/NbZckP
o/l7sjEWVdnOOVWX3lwn4t9O8JpfQ0dgZhv/4HS6KryxeN/9YhdcuyhaYGHHb7QB
hOCQCldyKbyAscOv4XIyTB6acDYQ1k6ypCLOlww31qWXEHCepr7YQtHsMzf4BDl0
eWGOoxReBF45vHsvh39nRplJM+7gfnRah1HKUNImmGqwVilNMo0ML9WQcs4tdWjR
51OaFDaQaIjeB9MY6Ccck95njWM3ucLeWqGc/Ig8tPV7s9dQv7SGcImEGmF6a1ty
htOhRe9MdNUTfFl0of/8ocS8Em2muO0/jh27Mu9ZDw6cCHoBoOtwfB4W48Bamwrs
OVQjEi/08lAw/Wxrxqpl37f49X5GQ2ZWxrFpgP75u4bFJuEk2p211GdySRaLoq+S
n3qXKYVCzmMQBOFOoyxVsSWEIEWMHSz6+Yz+UBorKXQbvyCy9IDpz31OYu9G/3Z9
GeZJVNYrpVO3jvcO5sP4bmg0fnlRS5npztFKd6B1AVjF+msju4jcBkGqqAoWfaKU
+IlWkbezOLP1Ws21fJ8UyvZC23g2SQARAQABiQIfBBgBCgAJBQJXd/klAhsMAAoJ
EHpgFOMWXU4V1IMP/3YFyG9wVjieFqimrZKJhW+ygn3oLlkmGyIUnYMiMCFYUBXa
CxPGHnD8sMVbrllyLYbas/EauCjM9gtXdZ4BFdK3TcBXZK0QZGu3KNHLZUcp/XFF
Op2YGcqDHzDbjOhsGjgPd+BSWBgAh0El19G3CxOpO0f1Yr1WoQgvbvsu5bFdUK3y
Hd0K/EIFRCe6XvYMP5Yw3mnkh5NCoCUZAlZYBbLW4Jxz2gaXRvEmyLTvgh1RAZPV
xjigPOO12E3L8LEIoKY7cG6dj+0135encHwleyvhpgTphZ8qaiBTaSLV1uQMFb7h
dqPqzockult0fTpeOXUgG8FkQ1J1cRDmEZgwGocem326n2f1/Y38UX40dk26cgn+
wjWLO3Js1vOdtF9r9unf8mzjxmoZ9THMFV/uz6J13P4Hki45Ovv1I8uQbJWKsz4r
WHa2yTObratBQnQEwqLzL6G4odRcj1xPVdgmv2FATpTt9X7G7nyMmaPL0cI/MCv5
Kb+k5cNi6Z6yQLMiMncVPfnHzuYa5POThOWhz0WIqINi9mjkVNMSf4ZfJmSyDFg7
8tscQ/Zpg8XXHYDIlZmpMD4DYrv3dSSdsd3dtjYEcNqXF5BCDeK439Fh/i5evVsU
6KC0id3VidfIMal/eMTMl3IdB9eOmgp0cCHr4cqpVTPXOvSiol19tkpmboUguQIN
BFd3+ykBEACq/1/TMCTZw1C7GmZF+2etxSLPlEfIOiQaMuv7SNFW9TG60+vVkll4
ylTZdcSPUYt4JHyOrr1GahxTidVKpYUUX6oiY0YWTZqw6D002MYTjFL4D+cSd4qD
SOrtKOWGaEmud7T9kvmlLnwxDpJn2MVPdbiUQ8oXs+oqYpFHYLitQim69Whz4AWp
ExQcfcaSlKiLj4ztov6EHTSiosHOWugfF4aC1QG5Gr5Je2mRwlpx/v3vT73kJPZl
7+wpn5bY/Nd3PNQmJRoSx12B1ABi0WUppy77CB3X+Ce9znv34SyWS7hM9pD0VSdE
KQgNAn2Wceifoh3aNDjzq516VIVJ/Ky1zpjTy2Td7S1zYNBvThdXOFFugjXyj2XS
ZT2YrEIDXZTeU0iISPV1JD5nqMrgZrxNIQI3akdkN1xT9aodPWeHuv9A30raVnEg
z9ydzKKRUI3snEPGKR3Q6Klf0k/Tlnh4pltAYVJYt1f2+IMr8OX4usapi6jF0l8+
Bz6lSAmVSm0Sel8G6cwHmudS705MXdOObiR9z+liksQuoLy1R73/m/Tp7IAkbthz
uOog0H3fFCvVcTduKx3cqWbf7ci2/M1l5qE/QetDLyTEAB7srwa6dWeRD4eoKaza
YkLEpDamfKe25WSFOiyr5GyS+o6HpUJVuX4DB6+01tFvDAFprGahywARAQABiQIf
BBgBCgAJBQJXd/spAhsgAAoJEHpgFOMWXU4VrJwQAKUe3MKuZ7j06nzPSdxgc1bL
kKl6CNkdikNU4oeKWoSHDosYPdlovWcND9zLVPicqWWXVEaXfYaBbeKvoD5XSzNt
IAsq/h1qY0bhXnAcu2nSPL0uTq3CGmOP/ES/+GcPO3lqZjz5uWrpY130SFePuLtE
1T6vmumAFVCmCPR5voiuLnMUNfPflhG/jRToTWRm65nugRV8WAF0QMm3+S/Xi/xK
vTesazUjGtsPak53kZ9O0FxJvxyHqVrIwkdeNGyu+8ABK2HpPzmQr/6QFgUv8kcX
h3krpWTsHjKvyZhr6KVfj0pkz49xY4qz4wbOr65iMVUC3ebyrxEGnlMo0smyZsCj
yy6CUct3T82g8kk6h9aJAngv1tG7RVY1Rm4sjGPD2zulOU7KPrRitEgwEdzSLWsV
y9u98l+F3urt1qayU7vw8qJOSBWhI+K6wXdvBFs0n0+QAobp8VMuyQc5W+wmBgxQ
Xs3c4wUpzpQywYDi2/iFacT2UEXl5jnM3l8z4OuLlupaZoO0MoG/w1BQrlRKrI7N
2xsntSw/IAGo3AamXF4wggkutQwkotJfI0sBNqPuS2Ae86DfDA+v4rtGULgyVaTO
VU69mva4bit+wCcKzoAto3ngSEuViUdS/i8npyICpvfAFMKG4EMYWWc3otGzkVel
QMZZtDdReV5jY4qwI6eF
=kOvM
-----END PGP PUBLIC KEY BLOCK-----