At Sunet, we have heavy OpenPGP usage. But, every time a new employee joins, it takes hours (and sometime days for some remote folks) to have their Yubikey + OpenPGP setup ready.
Tugpgp is a small application built with these specific requirements for creating OpenPGP keys & uploading to Yubikeys as required in Sunet. The requirements are the following:
- It will create RSA 4096 Key
- There will be a primacy key with Signing & Certification capability.
- There will be an encryption and one authentication subkey.
- All keys have 1 year expiry date.
- During the process the secret key will not be written to the disk.
- Encryption & signing has touch policy fixed in the Yubikey (it can not be changed).
- Authentication has touch policy on (means it can be turned off by the user).
- The OTP application in the Yubikey will be disabled at the end.
We have an Apple Silicon dmg and AppImage (for Ubuntu 20.04 onwards) in the release page. This is my first ever AppImage build, the application still needs pcscd running on the host system. I tested it on Debian 11, Fedora 37 with Yubikey 4 & Yubikey 5.
Oh, there is also a specific command line argument if you really want to save the private key :) But, you will have to find it yourself :).
If you are looking for the generic all purpose application which will allow everyone of us to deal with OpenPGP keys and Yubikeys, then you should check the upcoming release of Tumpa, we have a complete redesign done there (after proper user research done by professionals).