Encrypt data anywhere, decrypt data with your hardware key

One of the merits of encrypting your data with OpenPGP using a Yubikey is that the private key to decrypt data is stored offline on the hardware and it will not be hacked online.

Even if your Yubikey is stolen physically, the data should not be decrypted, since the key is protected with a PIN code and it will be unusable if incorrect PIN is entered more than three times. This case the hardware needs to be reset, which results in the removal of the private key from it. So it is important to change the default PIN and back up the private key somewhere safe.

Also, once you register your public key associated with the private key to a keyserver like https://keys.openpgp.org/, you can download it anywhere you want and encrypt data, keeping the private key on your hand. Private key is required only when you decrypt the data.

OpenPGP + Yubikey –> data encryption unhackable yet

It is unfortunate that the whole #OpenPGP ecosystem is centered on communication tools such as email or chat clients, since those applications are either slowly deprecated or implementing another #encryption protocol. But OpenPGP can be used generally to protect your data from being read by someone.

For example, you can install your public key to a remote server and encrypt data with it online, so that actual server owners cannot read, sell, or hand it over to someone else for whatever reason (technically they may do so but the data is encrypted, so they can do nothing but making an educated guess about its content at best). It is also possible to encrypt data on Android thanks to OpenKeychain. Prepare yourself beforehand in case you lose your phone. Unless encrypted, data is available to someone who gains the physical access to it.

Encrypt your data with your public key and decrypt it when you need to do so, using a physical key such as Yubikey. Only you who have the hardware can decrypt the data. If you do not need an access to the data, destroy the hardware and nobody should be able to decrypt it unless the encryption protocol would be deprecated eventually.

Thanks to the developers community OpenPGP implementation is universally available, and its concept of encryption has not been breached yet. If you are worried about privacy of your data, go ahead and protect data by yourself. You are not forced to trust anyone.

YubiKey 4 keychain and YubiKey 4 Nano

Yubico, CC BY-SA 4.0, via Wikimedia Commons