From e9c46064512b9173fd043c764b5980126d4f1450 Mon Sep 17 00:00:00 2001
From: Eric Phillips <eric@ewpt3ch.com>
Date: Thu, 6 Apr 2017 22:31:16 -0600
Subject: [PATCH] instructions for managing yubikey openpgp

---
 gpg-yubikey.MD | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 gpg-yubikey.MD

diff --git a/gpg-yubikey.MD b/gpg-yubikey.MD
new file mode 100644
index 0000000..c3d4f67
--- /dev/null
+++ b/gpg-yubikey.MD
@@ -0,0 +1,19 @@
+####How to install and maintain GPG keys on my Yubikey
+From: [PGP and SSH on Yubikey](https://www.esev.com/blog/post/2015-01-pgp-ssh-key-on-yubikey-neo/)
+
+We want to keep out Master Key on a USB drive that a) doesn't leave the house or office and b) is rarely connected to a computer.  You can also use a livecd and airgapped machine for even more security.  I deem for my attack profile that having the Master Key offline most of the time is good enough.  This may change in the future. My USB drive is also used to back up sensitive info so gpg stuff is under gnupg/
+
+```bash
+#Store Master key on USB drive
+mv .gnupg .gnupg.orig
+ln -s /PATHTOUSBDRIVE/gnupg .gnupg
+
+#Check gpg.conf for strong hash and encryption preferences
+cert-digest-algo SHA512
+default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES
+
+#generate a Master key if there isn't one
+
+#if we have a secret key
+
+