I am one of those weird people that likes to use GPG Encryption. As a responsible GPG user, I do not keep my signing key or decryption key on my computer. I use a YubiKey 5c to hold those credentials. When I need to sign or decrypt something I plug my YubiKey into the computer and touch the contact to complete whatever task. I like to sign my Git commits so this is a situation I run into often.
Fedora does not support YubiKey smart cards out of the box. If you run
gpg --card-edit with a YubiKey plugged in, you will see the following
After a bit of trial and error and searching around the internet I found that I only needed to install pcsc-lite.
sudo dnf install pcsc-lite
Plug your YubiKey in and run
gpg --card-edit again and you should see the standard
If you have setup your YubiKey correctly you can retrieve your credentials from whichever key server URL you have setup by running
fetch in the card edit prompt.
After you have imported your key, use the standard gpg tooling to set your key trust level.
Confirm that your secret key shows a
Card serial no. by running
gpg --list-secret-keys /home/solenberg/.gnupg/pubring.kbx ---------------------------------- sec> rsa2048 2019-08-15 [SC] [expires: 2021-08-14] AEC23C7473E54DF22982139E0101BF112BD69CF9 Card serial no. = 0000 00000000 uid [ultimate] Ryan James Solenberg <email@example.com> uid [ultimate] Ryan James Solenberg <firstname.lastname@example.org> ssb> rsa2048 2019-08-15 [E] [expires: 2021-08-14]