learn more about encryption

Managing Yubikey Lists

If you have read article "Using Yubikey", you must have noticed that a file may be encrypted with several different Yubikeys. However inserting Yubikeys one by one is not a practical method as those Yubikeys very likely belong to people who are not anywhere around. The solution is pre-created Yubikey lists.

A pre-created list does not strictly define the actual Yubikey list used for encryption; it is just a group of keys. You can create as many of such lists as you wish. During encryption you can add several pre-created lists to the actual list, or you can remove some of the added keys.

In order to create a new Yubikey list open 'Start / All Programs / Kryptel (Silver Key) / Advanced Tools / Yubikey List Manager' and Select 'File / New'. Yubikey list is alsways encrypted so you will be asked a password or a key. Or even a Yubikey.

Now when the list is created, fill it with Yubikey records. There are two ways to create a new record - either from an inserted Yubikey, or from a .csv log file created during Yubikey setup.

By default an added key is assigned "full access" rights, but you can limit it to "read-only". Note that it is just a default settings; the actual access type may be changed during encryption.

Key Dumps

Key dump (.yld) file is used for transferring keys between lists. Select the keys you wish to transfer and press 'File / Export'. Open another Yubikey list and import the keys by selecting 'Edit / Add from Dump File.

Key dump is not encrypted; don't keep dump files longer than absolutely necessary. As soon as the dump file is no more needed, delete it with 'Shred' command. Don't use Windows Delete command; a file, deleted with the Windows command, can easily be recovered.

You can use key dumps for encryption or decryption exactly the same way as you use ordinary Yubikey lists. The only difference is that you will not be asked for a password as the dump is not encrypted. Using key dumps may be convenient if your computer is guaranteed to be safe, just remember that a compromised key list may be too high a price for just convenience.

See Also