This post demonstrates the procedures of encrypting and decrypting files using Yubikey; GPG4Win/Kleopatra is used in this case. This post assumes you have generated the master key and subkeys in Linux Live USB and imported those keys into Yubikey.
https://ictfella.com/how-to-configure-yubikey-with-gpg-generate-and-import-keys/
Install GPG4Win and verify you Yubikey keys.
Download GPG4Win from the link below and install it on your Windows PC.
https://www.gpg4win.org/download.html
Open up GPG4Win software Kleopatra and go to “Smartcards.”
![](https://ictfella.com/wp-content/uploads/2023/03/kleopatra-smartcards-reload.png)
Plug your Yubikey into the PC, and Click “Reload” if you have followed the process successfully in the previous post, you can see 3x keys listed.
![](https://ictfella.com/wp-content/uploads/2023/03/kleopatra-smartcards-signture-encryption-authentication-1024x534.png)
Import Public Keys
Before you import your public key, ensure your Yubikey is “ plugged “ in. Go to “Certificates” then “Import.”
![](https://ictfella.com/wp-content/uploads/2023/03/kleopatra-certificates-import.png)
Select the public key; if you cannot find the key file, go to the right button corner and select “Any files.”
![](https://ictfella.com/wp-content/uploads/2023/03/gpg4win-public-key-file-type-all-files.png)
Then select “Yes, It’s Mine.”
![](https://ictfella.com/wp-content/uploads/2023/03/mark-down-certificates-kleopatra-yes-it.png)
Once imported, you can see it is “Certified” under User-IDs
![](https://ictfella.com/wp-content/uploads/2023/03/kleopatra-certificates-user-ids-certified-1024x278.png)
Encrypt and Decrypt files
Click “Sign/Encrypt” and select the file.
![](https://ictfella.com/wp-content/uploads/2023/03/kleopatra-sign-encrypt-file-output-files-1024x636.png)
Put your Yubikey PIN number in
![](https://ictfella.com/wp-content/uploads/2023/03/sign-encrypt-files-kleopatra-pin.png)
You will see “Signing and encryption succeeded” and the file is renamed from test.txt to test.txt.gpg
![](https://ictfella.com/wp-content/uploads/2023/03/sign-encrypt-files-kleopatra-encryption-succeeded.png)
To decrypt the file, double-click on the .GPG file, input your Yubikey PIN:
![](https://ictfella.com/wp-content/uploads/2023/03/decrypt-verify-files-kleopatra-unlock-the-card.png)
![](https://ictfella.com/wp-content/uploads/2023/03/decrypt-verify-files-kleopatra-valid-signature.png)
Extra Options
To enable physical touch on Yubikey when encrypting/decrypting your file, download and install Yubikey Manager from the link below.
YubiKey Manager | Yubicohttps://www.yubico.com/support/download/yubikey-manager/
Navigate to your Yubikey Manager folder.
![](https://ictfella.com/wp-content/uploads/2023/03/program-files-yubico-yubikey-manager.png)
Enable touch for Sign or Encrypt
.\ykman.exe openpgp keys set-touch sig on
.\ykman.exe openpgp keys set-touch enc on
![](https://ictfella.com/wp-content/uploads/2023/03/ykman-exe-openpgp-keys-set-touch-sig-on.png)