Loading…

		

		
		
		
		
		

	
						
		
			

				
				

					
					
Yubikey

				

				
				

					


	
Managing Yubikey Lists

	
	

	    This is a deprecated feature; see Secure Password Manager
	    for a recommended way of handling Yubikey lists.
	


	

	
		

			If you have read article "Using Yubikey",
			you must have noticed that a file may be encrypted with several different
			Yubikeys. However inserting Yubikeys one by one is not a practical method
			as those Yubikeys very likely belong to people who are not anywhere around.
			The solution is pre-created Yubikey lists.
		


		

			A pre-created list does not strictly define the actual Yubikey list used
			for encryption; it is just a group of keys. You can create as many of such
			lists as you wish. During encryption you can add several pre-created lists
			to the actual list, or you can remove some of the added keys.
		


		

			In order to create a new Yubikey list open Start / All Programs /
			Kryptel (Silver Key) / Advanced Tools / Yubikey List Manager
			and Select File / New. Yubikey list is alsways encrypted
			so you will be asked a password or a key. Or even a Yubikey.
		


		

			Now when the list is created, fill it with Yubikey records. There are two
			ways to create a new record - either from an inserted Yubikey, or from a
			.csv log file created during Yubikey setup.
		

		    
		Example list of Yubikeys

		

			By default an added key is assigned "full access" rights, but you can limit
			it to "read-only". Note that it is just a default settings; the actual access
			type may be changed during encryption.
		



		
Key Dumps


		

			Key dump (.yld) file is used for transferring keys between lists. Select the keys
			you wish to transfer and press File / Export. Open another
			Yubikey list and import the keys by selecting
			Edit / Add from Dump File.
		


		

			Key dump is not encrypted; don't keep dump files longer than absolutely
			necessary. As soon as the dump file is no more needed, delete it with
			Shred command. Don't use Windows Delete command; a file deleted with
			it can easily be recovered.
		


		

			You can use key dumps for encryption or decryption exactly the same way as you
			use ordinary Yubikey lists. The only difference is that you will not be asked
			for a password as the dump is not encrypted. Using key dumps may be convenient
			if your computer is guaranteed to be safe, just remember that a compromised key
			list may be too high a price for just convenience.
		



		
See Also