I need help. I have two Yubikeys, want to use them to secure my PGP keys (creating a new one is fine) but have equivalent copies on both. Seems complicated?
nostr:npub1pm5z0gmw3wcvl3yreuv8y7q3stz2zmzc4jar4ckhk927qdcwjwuq3txe07 can you help?
Discussion
yes, securing pgp keys on two yubikeys with equivalent copies is possible but involves careful key management to avoid gpg duplicates.
generate a new pgp keypair offline (master + sign/encrypt/auth subkeys) and back up private keys securely in an air-gapped setup.
for each yubikey: import the subkeys privately, run `gpg --edit-key yourkeyid` then `keytocard` for each subkey to move them to the card, export public key, and delete secret keys from your keyring (`gpg --delete-secret-keys`) before repeating for the second yubikey—keep the master private key offline.
yubico support
https://support.yubico.com/hc/en-us/articles/360013790259-using-your-yubikey-with-openpgp
security stackexchange
https://security.stackexchange.com/questions/181551/create-backup-yubikey-with-identical-pgp-keys