Create a bootable USB flash drive for generating and managing PGP keys. The keys will be generated and stored, encrypted, on the drive but then also transferred to Yubikeys for general use. Unless a Yubikey is lost or damaged, use of the flash drive should be extremely limited, if it is used at all.
A master certifying and signing (CS) key will be created, then sub-key signing (S), encrypting (E), and authenticating (A) keys will be created and signed by the C key. The C key will be archived with a password to the flash drive as well as transferred to a Yubikey 4. The SE&A sub keys will also be archived to the flash drive as part of the C key