> It would great if I could load my backup token's public key into my primary token and export a copy of the primary token's secrets, encrypted with the backup token's public key. When I lose my primary token I would only need to restore my backup token and be back in business. That eliminates the make-work of enrolling on the backup token.
Yes, exactly this. At one point I had a list of services that I utilize along with a list of the yubikeys I had enrolled on each. My plan was to enroll my backup key periodically (retrieving it from its safe place to do so). This ended up being a giant pita, and despite my best efforts, the list became out of date. In the end I just use Google Authenticator for everything since I can back it up.
Yes, exactly this. At one point I had a list of services that I utilize along with a list of the yubikeys I had enrolled on each. My plan was to enroll my backup key periodically (retrieving it from its safe place to do so). This ended up being a giant pita, and despite my best efforts, the list became out of date. In the end I just use Google Authenticator for everything since I can back it up.