Offline PKI with YubiKeys: A Secure and Practical Guide

Popular：

Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Offline PKI with YubiKeys: A Secure and Practical Guide

2025-03-18

This post details an offline PKI system built using YubiKeys and a Libre Computer Sweet Potato SBC. Three YubiKeys store the root and intermediate CAs, managed via an air-gapped SBC for enhanced security. The author walks through using the `offline-pki` Python application for key management and certificate generation, covering YubiKey reset, root CA generation and replication, and intermediate CA creation. Nix is used for environment setup and deployment, with QEMU VM and SD card images provided for testing and deployment. This system offers a cost-effective PKI solution for security-sensitive environments.

(vincent.bernat.ch)

Development

Doctor Droid: AI-Powered Production Incident Debugging

The Past, Present, and Uncertain Future of Desktop UI Design