Yubikey 4 becoming non-free

Michael Kesper mkesper at schokokeks.org
Tue May 24 19:03:27 UTC 2016

Hi all,

Am 24.05.2016 um 19:07 schrieb Florian Snow:
> Moritz Bartl <moritz at headstrong.de> writes:
>> Both the Yubikey4/Neo (Javacard applets) and the OpenPGP Smartcard by
>> Zeitcontrol support up to 4096bit RSA keys.
> The Yubikey Neo support 2048 Bits and that is a key size that I am not
> comfortable with.  It may be ok for now, but my email from now might not
> be safe in a couple of years.  I don't want to risk that.  I have
> recently seen a key with 16K and I thought that might be overkill, but
> then again, better be safe than sorry.

Keep in mind such high key lengths might be a nuisance for other people 

>> Where do you keep your subkeys if you rotate, say, every 6 months?
> I find it an unnecessary hassle to rotate that often.  Also, I decided
> against using subkeys and so I rotate the whole key.  I set the key to
> expire one year after creation and then I decide if it's still safe once
> a year.  If it is, I extend the deadline by another year.

So you're throwing away all your signatures regularly.

Best wishes

More information about the Discussion mailing list