Pre-Requisites

Carefully follow these instructions before setting up GPG and Yubikeys to remain in a secure state. Failure to follow these instructions may expose private key material to bad actors.

Required Materials:

1. Live USB OS, with persistent storage to setup additional packages. Tails Live USB setup instructions is preferred (most secure), other live USB will work but be less secure. Instructions assume Debian-based system.

2. Hardware-backed Encrypted USB drive Ironkey (most secure), or USB drive with software encryption using VeraCrypt (less secure).

3. Yubikey 5 (or other hardware security key support 4096bit RSA certificates).

4. A complete copy of these instructions or secondary device Internet access.

5. A photo to associate with your GPG master key.

This assumes usage of an Ironkey with Yubikeys on a Debian-base system for configuration.

1. Prep Live USB.

2. Prep Ironkey.

3. Prep Yubikey.

References

1. Yubikey Device Setup

2. GPG Yubikey 5

3. GPG Card Administration