GPG
An explanation of the PINs associated to the GPG interface.
Last updated
An explanation of the PINs associated to the GPG interface.
Last updated
GPG is a technology / interface on your Yubikey, which stands for GNU Privacy Guard.
This interface allows you to create and store keys on your Yubikey which can be used for many things.
Sign files with your GPG key to verify you are the person who made them.
Encrypt / Decrypt / Sign emails to other people.
Sign commits you make with the software Github Desktop or Git.
Connect to servers you own with SSH.
You can also do this with PIV, but GPG is another method depending on your setup.
If none of the above tasks sound like something you'd be interested in, then you can just remove GPG from your brain. Forget it exists if that helps keep track of the PINs you have to remember.
There's one more point of confusion to address. If you've spent any time Googling GPG, you'll realize very quickly that there's multiple terms for GPG, including PGP and OpenPGP. The question is What's the difference?
In short, consider them all the same thing, just different words. GPG is free and open-source. Whereas PGP is owned by a company.
Most people just referr to everything as GPG now since it's all compatible. And the general community does not use PGP.
I'll break them down so you are aware.
PGP stands for Pretty Good Privacy and was first to release in 1991 by Phil Zimmermann & Associates and was used to protect files that people posted on the internet such as bulletin boards and old-school ways of sharing files before P2P (peer-2-peer) was a thing. PGP was then sold several times. Symantec bought PGP in 2010, and then Broadcom bought Symantec in 2019. So in short, Symantec is no more, and Broadcom owns PGP now.
OpenPGP stands for Open-source PGP. It was created by one of the original PGP developers, Phil Zimmermann, as a way to employ encryption algorithms without the patent issues PGP had. In 1997, Zimmermann submitted an Open-source PGP standards proposal to the IETF (Internet Engineering Task Force). The acceptance of this standard allowed companies and encryption vendors to provide solutions that were compatible with other OpenPGP software. OpenPGP can be used to describe any software that supports, or is compliant with, the OpenPGP standard.
GPG stands for GNU Privacy Guard, was developed in 1999 as an alternative to PGP encryption. The difference between GPG and PGP is that GPG is completely free and open-source. It is free to download, use, modify, distribute, throw on a bottle rocket and launch into space, and even free to burn onto a CD and toss in some bath water. It allows users to decrypt any PGP or OpenPGP file. GPG is a spinoff of PGP, but free to do whatever you wish with.
Hooray for Open-source!
Now we'll explain the 2 PINs for the GPG interface.
One PIN is called USER PIN and the other is ADMIN PIN.
123456
12345678
Most of the time when GPG asks you for a PIN, it wants the USER PIN. This can be requested by your device anytime you encrypt or decrypt a file. Or when you connect to a SSH server with your GPG key.
The ADMIN PIN is for... admin things. You will be asked for this PIN when you do things like import a new GPG key onto your Yubikey. The admin PIN relates to any time you perform a management task to your Yubikey's GPG interface.
A code that is talked about very little. It does not have a default code already programed and won't until you actually set it.
This code is best described as only being useful if you are setting up a Yubikey for someone as the administrator, and then handing the Yubikey over to another person. The reset code is used to reset a card after too many failed attempts at an incorrect User PIN.
If you are a regular Yubikey user who uses and owns the card, you should never need to worry about this code.