On 08/29/2017 07:34 PM, Marc Haber wrote: > On Fri, Aug 11, 2017 at 01:41:39PM +0100, Jonathan McDowell wrote: >> * Yubikey. I'm not sure about this; it's entirely closed these days >> I believe. However they're easily available and I understand >> they're pretty robust in terms of living on a keyring all the >> time. > > I am using these devices for ssh login via the PIV suite. It's also > limited to 2048 bit RSA, but can also do Elliptic Curve stuff. I neither > have tried the Elliptic Curve cryptography in my Yubikeys and have never > tried GnuPG (afraid of overwriting my ssh key).
Just FYI: I don't know about SSH, but with GnuPG you can do 4096bit RSA with a YubiKey 4, the non-free successor to the Neo, which indeed only supports 2048bit RSA. Regards, Christian
