Two YubiKeys for disc decryption


I have found the instructions for the full decryption of a YubiKey drive: YubiKey | Qubes OS

Just wondering if I am able to prepare it for two YubiKeys? I want to have a second YubiKey as a backup if the first one gets corrupted.

The setup mentioned in the guide you linked deos NOT offer drive decryption (which is done at boot), but merely two-factor authentication for user login once the drive has already been decrypted.

If you want to use the yubikey to actually decrypt the drive, you’ll need something different, for example:

With this out of the way, the guide specifically answers your question:

If you have multiple YubiKeys for backup purposes (in case a yubikey gets lost, stolen or breaks) you can write the same settings into other YubiKeys. You can choose “Program multiple YubiKeys” in the program, make sure to select Same secret for all keys in this case.

1 Like

I can’t install on dom0 package: “yubikey-luks-enroll”. Dom0 is really limited? Do you know how can I make it?

Need make a command

sudo yubikey-luks-enroll -d /dev/nvme0n1p3 -s 1