Where does signing/decrypting take place on a YubiKey 5 for PGP private key?

AlexVal

3/25/24, 5:23 PM

I assume PIV and OpenPGP would work in similar ways. I also assumes that the GPG private key never leaves the Yubikey.

If these assumptions are correct then:

at encryption: a symmetric key is generated and encrypted on the sending computer using the GPG public key, then message is encrypted on the sending computer using symmetric key
at decryption: the symmetric key is decrypted on the yubikey using the GPG private key, then the message is decrypted on the receiving computer using the symmetric key
when signing: the sending computer computes the fingerprint of the message and then the yubikey encrypt it using the GPG private key

Is it the case? And if not, is the Yubikey a bottleneck when dealing with large messages?

351

1 + 0

Score:3

Crypto

knaccc

3/26/24, 12:07 AM

Yes, that's right. It's called a hybrid cryptosystem, and it means that the work for the Yubikey is the same no matter how large the message is.

For encryption, a symmetric key is established for each individual message.

With RSA, this process is called key encapsulation, because a randomly chosen key is encrypted with the recipient's public key.

With elliptic curves, the process is called key exchange. An ephemeral (one-time) key pair is created by the sender, and the one-time public key from this pair is published. The recipient uses EC Diffie-Hellman to discover the symmetric key.

To summarise: Signatures are created by the Yubikey. Encryption only requires the Yubikey to sign the outgoing message. Decryption only requires the Yubikey to recover the encapsulated key or to perform Diffie-Hellman to discover the key.

Note that when signing, you would not use the word 'encrypt' generally to describe the signing process. That is a technical implementation detail that might apply to RSA but not to EC signing.

+ 2

AlexVal

3/26/24, 2:51 AM

Very clear and thanks for the link.

fgrieu

3/26/24, 9:10 AM

Strictly speaking, the Yubikey does not sign the outgoing message, which it can't receive for performance reasons. It receives a hash of that message (what the question calls fingerprint), computed externally. Then there is the question of if the Yubikey yields a signature of the outgoing message, or a signature of the hash of the outgoing message. For ECDSA, if the signature is that of the outgoing message (which I do not know for sure), then the Yubikey can't actually sign per ECDSA, but with a hashless variant thereof. EdDSA has an Ed25519ph variant to solve that issue.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Where does signing/decrypting take place on a YubiKey 5 for PGP private key?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.