We purchased several GPG/PGP compatible yubikey keys (ver 4).
But when used in windows (cleopatra client) we can only write the key on yubikey.
We cannot decrypt files / folders with the key on yubikey. Are there any windows programs with similar features?
That is surprising, yubikeys should be fully supported.
Are you sure that you are using the correct public key?
Yubico has sent me some test yubikeys which are currently in the mail. Once I get them I can test it and might know more. But other Gpg4win developers have tested it already and found no issues. Except that it might be problematic to switch between Yubikey apps. So if you are using yubikey also for something else there might be a conflict.
We have improved that in our current development version but that will be released earliest next spring.
GPG support is present, the key is written on yubikey:
C: \ Users \ Alex> gpg --card-status
Reader …: Yubico Yubikey 4 CCID 0
Application ID …: D2760001240102010006070173010000
Version …: 2.1
Manufacturer …: Yubico
Serial number …: 07017301
…
Signature key …: 4E97 BF2D EB1E D965 A6B2 2CCD B7B4 A709 A38C BFCC
created …: 2019-07-22 09:19:16
But we do not have the ability to use certificates on yubikey to decrypt files / folders in Windows, only certificates in the program itself.
Also, there is no possibility to expand the file / folder if the only certificate is written on yubikey (there are no created certificates in the GPG client).
There is a problem using the mozilla thunderbird extension:
When storing a key on yubikey and sending an encrypted message, despite the smart card is configured to require a PIN each time the key is accessed on it, the PIN is not requested.
How can I make enigmail require a PIN every time I send a message?
Thanks for the answer. But there is one more problem in enigmail for thunderbird:
After exporting the private key (gpg --key-edit ivanov >> cardtokey) to the yubikey smart card, it is not possible to decrypt messages with this key.
Error text:
Enigmail Security Information
Error - the corresponding private key needed for decryption was not found
Note: The message is encrypted for the following User IDs / Keys:
0x2DAFF4050A034472 (ivanov ivanov@telesonik.ru),
0x82FB0004118AE223 (petrov petrov@telesonik.ru)
Both keys (ivanov and petrov) are in the list of keys.
gpg should know where they key truly is, as it leaves a “stub” on the computer, instead of the real key, which is pushed to the smartcard (yubikey). Have you tried asking the Yubikey support?