From a500c8a572b6be615df32afea854ae5759d9dd7d Mon Sep 17 00:00:00 2001
From: ducoterra <git@ducoterra.net>
Date: Thu, 23 Oct 2025 10:39:34 -0400
Subject: [PATCH] add yubikey gpg notes

---
 active/software_gpg/gpg.md | 48 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/active/software_gpg/gpg.md b/active/software_gpg/gpg.md
index c66e8d7..1b661cd 100644
--- a/active/software_gpg/gpg.md
+++ b/active/software_gpg/gpg.md
@@ -12,6 +12,10 @@
   - [Using GPG keys](#using-gpg-keys)
     - [Signing Files](#signing-files)
     - [Encrypting Files](#encrypting-files)
+  - [Yubikey](#yubikey)
+    - [Saving GPG key to card](#saving-gpg-key-to-card)
+    - [Using the GPG key on a Yubikey](#using-the-gpg-key-on-a-yubikey)
+    - [Factory Reset](#factory-reset)
   - [Linux Apps](#linux-apps)
     - [Evolution Email](#evolution-email)
   - [Android Apps](#android-apps)
@@ -187,6 +191,50 @@ gpg -o README.md.gpg --symmetric README.md
 gpg --decrypt README.md.gpg
 ```
 
+## Yubikey
+
+### Saving GPG key to card
+
+<https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP>
+
+```bash
+gpg --edit-key 1234ABC
+
+# Save both the signature and authentication keys
+> keytocard
+
+# Do not save or your key will be deleted locally
+> quit
+```
+
+Check the keys on the yubikey with
+
+```bash
+gpg --card-status
+```
+
+Once your keys have been loaded, change the pin.
+
+```bash
+gpg --change-pin
+```
+
+### Using the GPG key on a Yubikey
+
+<https://github.com/drduh/YubiKey-Guide?tab=readme-ov-file#notes>
+
+Importing the public key and trusting it with ultimate should cause `gpg
+--list-secret-keys` to show your yubikey.
+
+### Factory Reset
+
+```bash
+gpg --edit-card
+
+> admin
+> factory-reset
+```
+
 ## Linux Apps
 
 ### Evolution Email