<rss xmlns:atom="http://www.w3.org/2005/Atom" version="2.0"><channel><title>Hardware-Token - vo.rs</title><link>https://vo.rs/tags/hardware-token/</link><description>Latest from the Hardware-Token desk at vo.rs.</description><generator>Hugo -- gohugo.io</generator><language>en</language><copyright>This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.</copyright><lastBuildDate>Thu, 12 Jun 2025 11:36:00 +0000</lastBuildDate><atom:link href="https://vo.rs/tags/hardware-token/" rel="self" type="application/rss+xml"/><item><title>A Yubikey for SSH, GPG, and Sudo</title><link>https://vo.rs/story/a-yubikey-for-ssh-gpg-and-sudo/</link><description>&lt;p&gt;Every private key on your laptop shares one fatal property: it is a file. Files get copied. If malware runs as your user, or a backup lands somewhere it shouldn&amp;rsquo;t, or someone walks off with the disk, your SSH private key goes with it, and a passphrase only buys you the time it takes to brute-force. The whole class of problem comes from the secret being &lt;em&gt;extractable&lt;/em&gt;. A hardware token removes that property. The private key is generated inside a tamper-resistant chip and physically cannot leave it. The token will &lt;em&gt;use&lt;/em&gt; the key to sign a challenge, but it will never hand the key over, to you or to anyone who steals your machine.&lt;/p&gt;</description><pubDate>Thu, 12 Jun 2025 11:36:00 +0000</pubDate></item></channel></rss>