It is recommended that if the device is connected to a network, access is limited to internal resources only, and communication to the wider internet is prohibited. The host machine will need to be able to read from either network storage securely or off removable drives. Any physical memory storage holding the Private Key should be treated as a company sensitive document and secured along with other mission-critical documentation, such as in a safe. Once generated, the Public key can be exported to a thumb drive or shared on a network - the Private Key should be kept only on the host computer or on a secured physical memory storage, such as a CD or secured thumb drive. It is recommended to use a clean computer with a fresh install of the OpenPGP application to be the host machine for generating a key pair.
When generating an OpenPGP Public/Private key pair, care should be taken to ensure the Private Key is not exposed to unauthorized entities, and that both the Public and Private Keys are stored so they cannot be deleted or lost. Regardless of the platform OS (Windows, MacOS or Linux), there are best practices to consider for the computer on which the OpenPGP platform will be installed. Customers should check with their IT departments to ensure procedures are not already in place.
This document assumes the customer’s organization does not already have an OpenPGP key policy or HSM. This document will outline the process of installing the necessary software to generate the PGP Public and Private key pairs, the creation of the Key Pairs themselves, and the Decryption of files received from Yubico encrypted with the provided public Key. OpenPGP is an open standard available as free software for Windows, MacOS and Linux. If Custom Configuration is purchased, Yubico will program the YubiKeys in a customer’s order to the customer's specifications, configuring everything from the behavior of the YubiKey to the secret data used to generate and validated One-Time Passwords.įor the secure transfer of YubiKey secrets, Yubico employs a PGP Public/Private Key Pair schema, using Public Encryption keys provided by customers to encrypt secret data before sending it. As an additional service for sizable orders, Yubico offers the option for customers to purchase Custom Configuration for YubiKeys purchased.
0 kommentar(er)
