[trishankdatadog]

Anyway, how to generate GPG keys on YubiKey in ~15m: https://github.com/DataDog/yubikey

[laksdjfkasljdf]

last I checked pgp keys were limited to rsa2048. While the recommendation for the last two years have been rsa4096 (or ed-512 depending who you ask)

Is this still the case? their site only have pgp support as a binary option on the models, no extra info anywhere to be found on their search.

[breser]

Yubikey 4 and newer supports 4096 bit keys with PGP: https://www.yubico.com/products/compare-yubikey-4-neo/ https://www.yubico.com/products/compare-yubikey-5-series/

[laksdjfkasljdf]

where do you see that information on that page?

[crote]

All the way at the bottom of the table, under "Cryptographic Specifications".

Recent versions also have support for plenty of ECC algorithms, see https://www.yubico.com/blog/whats-new-in-yubikey-firmware-5-...

[trishankdatadog]

It's not well-documented, but non-FIPS can support 4096. FIPS goes up to 3072 for, well, FIPS reasons.