"How many GPG keys can be stored on YubiKeys and Nitrokeys?":

Most security tokens can only store one single private GPG key. This key can contain up to 3 subkeys.

So, if you want to store more than one GPG master key on security tokens, you either need one security token per master key, or you check if hardware security modules are an alternative for you.

It would be more precise to say that the card can store three keys: one for authentication (AUT), one for decryption (DEC) and one for signing (SIG). It does *not* store master/primary key there unless the primary key has one of these capabilities too (AUT/DEC/SIG). The connection of keys to master key is done outside the card, that’s why gpg requires at least public part of master key + subkeys to make keys on the card usable.

The card protocol has one special field for key URL that can be used to fetch the complete public key (via gpg --card-edit and fetch subcommand).


Sign in to participate in the conversation
Mastodon is a microblogging site that federates with most instances on the Fediverse.