this post was submitted on 11 Mar 2025
92 points (97.9% liked)

Buy European

3128 readers
3120 users here now

Overview:

The community to discuss buying European goods and services.

Rules

Feddit.uk's instance rules apply:

  • No racism, sexism, homophobia, transphobia or xenophobia
  • No incitement of violence or promotion of violent ideologies
  • No harassment, dogpiling or doxxing of other users
  • Do not share intentionally false or misleading information
  • Do not spam or abuse network features.
  • Alt accounts are permitted, but all accounts must list each other in their bios.

Benefits of buying local:

local investment, job creation, innovation, increased competition, more redundancy.

Matrix Chat

Related Communities:

Buy Local:

!buycanadian@lemmy.ca

!buyafrican@baraza.africa

!buyFromEU@lemm.ee

!buyfromeu@feddit.org

Buying and Selling:!flohmarkt@lemmy.ca

Boycott:!boycottus@lemmy.ca

Stop Publisher Kill Switch in Games Practice!stopkillinggames@lemm.ee

Banner credits: BYTEAlliance

founded 1 month ago
MODERATORS
maam@feddit.uk
alex@jlai.lu
Lazycog@sopuli.xyz
circledot@feddit.org
Valeria@feddit.kyiv.ua
Argyle13@lemmy.world
Sunshine@feddit.is
Sunshine@lemmy.ca
buyeuropean@lemmy.ca
buyeuropean@feddit.org
92
Nitrokey, German alternative to Yubikey (www.nitrokey.com)
submitted 23 hours ago by Blaze@lemmy.dbzer0.com to c/buyeuropean@feddit.uk
18 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[โ€“] MushroomsEverywhere@lemmy.world 3 points 16 hours ago (1 children)

I'm curious,do you use these in your private life? And if so, for what? I only found out about Yubikey recently, when I was handed one by my workplace.

[โ€“] greyfox@lemmy.world 1 points 8 hours ago* (last edited 8 hours ago)

All of the modern yubikeys (and it looks like the nitro keys as well) can have fido2 enabled so that you can use them as a hardware token for sites that support passkeys. I think yubikeys come with only OTP enabled so you need to download their utility to enable the other modes.

If you are a Linux user (that's required to be on Lemmy right?) you can use either the fido2 or ccid (smart card through pkcs11) mode to keep SSH keys protected. The fido2 ssh key type (ed25519-sk) hasn't been around that long so some service might not support it. The pkcs11 version gives you a normal RSA key, but is harder to get setup, and if you want extra security they don't have any way to verify user presence. With fido2 you can optionally require that you must physically touch the key after entering the pin.

There are also pkcs11 and fido2 pam modules so you can use it as a way to login/sudo on your system with an easy to use pin.

And if you have a luks encrypted volume you can unlock that volume with your pin at boot with either pkcs11 or fido2.

Unlocking LUKS2 volumes with TPM2, FIDO2, PKCS#11 Security Hardware on systemd 248

If you are on an Ubuntu based distro initramfs-tools doesn't build the initramfs with the utilities required for doing that. The easiest way to fix that is to switch to dracut.

Dracut is officially "supported" on 24.10 and is planned to be the default for Ubuntu 25.10 forward, but it can work on previous versions as well. For 24.04 I needed hostonly enabled and hostonly_mode set to sloppy. Some details on that in these two links:

https://askubuntu.com/questions/1516511/unlocking-luks-root-partition-with-fido2-yubikey-and-ideally-without-dracut

https://discourse.ubuntu.com/t/please-try-out-dracut/48975

So a single hardware token can handle your passkeys, your ssh keys, computer login, and drive encryption. Basically you will never have to type a password ever again.