drduh
a68fa27309
Merge pull request #79 from Wheest/master
...
Agent Forwarding
2018-12-05 17:10:07 +00:00
Wheest
4e23c63bb4
Agent Forwarding
...
Was looking at how to access on remote machines, is a standard ssh workflow, but might be useful to have it here too.
2018-12-05 16:02:37 +00:00
Brice Gagnage
86e03e6d09
final draft
2018-12-04 15:11:13 +01:00
Brice Gagnage
ee30767612
final draft
2018-12-04 15:03:00 +01:00
Brice Gagnage
ffd7b674c8
updated draft
2018-12-04 13:16:18 +01:00
Brice Gagnage
95624e2c48
first draft
2018-12-04 11:39:25 +01:00
Brice Gagnage
1c15d89a54
maow
2018-12-03 17:28:34 +01:00
Brice Gagnage
92467bc126
test
2018-12-03 17:19:45 +01:00
Brice Gagnage
f39b92ae45
test sign
2018-12-03 17:17:09 +01:00
Brice Gagnage
2b5891294a
Update README.md
...
continuing
2018-12-03 15:00:04 +01:00
Brice Gagnage
afc8580b0d
Update README.md
...
test
2018-12-03 13:54:40 +01:00
drduh
d818b03cdc
Grammar and lint. Fix #73 .
2018-11-28 21:38:35 -08:00
Julian Hernandez
857adb26a2
Update live Debian version to 9.6.0
2018-11-28 22:54:41 -05:00
Dino Bajramovic
472d85d12b
fix typo
2018-11-05 20:49:48 +01:00
drduh
f1a97fc6d5
Note about gpg public key
2018-11-01 14:11:52 -07:00
loys ollivier
6f76e6a197
Update README.md
...
gpg option to edit card info is now `--card-edit` and not `--edit-card`
2018-10-29 11:59:29 +01:00
Ian Brown
d02766389d
Add packages to apt-get list to fix gpg --recv and srm commands
...
Two commands mentioned later in the document won't work without two packages that don't come pre-installed with the Debian LiveCD: dirmngr and secure-delete.
2018-10-16 21:00:48 -07:00
drduh
96af4d3b3b
Merge pull request #70 from jwilk-forks/gpg-verify
...
Fix live image integrity check
2018-09-18 19:40:19 -07:00
Jakub Wilk
d7a14b078c
Fix live image integrity check
...
"gpg SHA512SUMS.sign" would do the right thing only if the file actually
contained a detached signature.
Use explicit and robust "gpg --verify SHA512SUMS.sign SHA512SUMS"
instead.
2018-09-18 22:20:40 +02:00
Jakub Wilk
3be71bd253
Fix typos
2018-09-18 21:39:06 +02:00
drduh
27bef99239
Massive style revision and version update
2018-09-09 17:42:45 -07:00
Ben Low
34a5502477
typos
2018-07-19 12:55:33 +10:00
Ben Low
52c8324fa2
Expand on ssh identies usage.
2018-07-19 12:49:22 +10:00
Ben Low
aad57241e9
Fix key label, consistency.
2018-07-18 18:24:06 +10:00
Ben Low
b67776a2b2
Fix TOC, spelling.
2018-07-18 18:22:11 +10:00
Ben Low
d33252848d
Added information on `gpg-agent`.
2018-07-18 18:03:06 +10:00
Jonah Aragon
840b4069f2
Fix "signingkey" typo
2018-07-15 18:43:48 -07:00
Vadim Zendejas
dad5bcd5fc
Added comment on GitHub Authetication for only Windows
2018-07-05 16:50:42 +02:00
Vadim Zendejas
acfdcacec5
Added veracrypt.fr link to pre-compiled execs
...
Added veracrypt.fr link to pre-compiled execs
2018-07-05 12:57:57 +02:00
Mirko Pizii
ad8cf8cd3a
Fix spaces for README
2018-06-21 20:40:24 +02:00
Mirko Pizii
ee8fcb3805
Fix link of summary list
2018-06-21 20:20:16 +02:00
Wheest
ecbe6e7b19
Fixing signature file fetch command for ykpers
2018-06-20 14:48:55 +01:00
drduh
25c8e23b8f
Emphasize live distro to fix #45
2018-06-16 14:06:45 -07:00
drduh
a470da3af7
Update introduction, fix formatting and fix #46
2018-06-16 13:57:52 -07:00
drduh
d07007a368
Fix up some formatting
2018-06-13 19:58:22 -07:00
drduh
254fd2c3d2
Formatting fix.
2018-06-05 10:08:02 -07:00
Jonathan Holtmann
eadd3bb2f5
Fixed menu
2018-06-05 01:10:59 -04:00
Jonathan Holtmann
ba382ce551
Added information on how to perform the YubiKey GPG setup and SSH authentication on Windows devices
2018-06-05 01:01:38 -04:00
drduh
478eb05de2
Mention Purse
2018-06-02 13:41:34 -07:00
drduh
b9cd480f7a
Note on keeping backup mounted for 2xkeys. Fix #44
2018-04-29 18:50:54 -07:00
drduh
fc429bf892
Remove obsolete option, add troubleshooting item
2018-04-29 18:34:59 -07:00
drduh
2cc0f7101e
Additional troubleshooting step and openbsd note
2018-04-29 14:50:06 -07:00
Michael Brown
17581cfd82
Remove outdated config from gpg.conf
...
Removing configuration paramaters no longer supported in GPG 2.X
Related to #28
2018-03-21 01:37:26 -04:00
James Wu
79dac3ec7d
add explicit public key naming for IdentitiesOnly usage
2018-03-14 11:50:04 -07:00
W1lkins
9a21477481
install hopenpgp-tools as it is used in section https://github.com/drduh/YubiKey-Guide\#check-your-work where an apt-get command is listed
2018-03-03 16:12:36 +00:00
Marjan Grabowski
f14d756578
Change rights of 'gpg.conf' to avoid warning
2018-02-26 10:33:42 +01:00
Nick Sandford
71b5e69cf1
Use gpgconf to get the ssh auth sock.
2018-02-25 19:43:36 +11:00
Philipp Eckel
dcadfbdccd
remove not need keyserver certificate, see https://github.com/drduh/YubiKey-Guide/issues/48
2018-02-22 08:18:10 +01:00
Philipp Eckel
161dea9e92
remove outdated use-standard-socket option from SSH config, see here: https://www.gnupg.org/documentation/manuals/gnupg/Agent-Options.html
2018-01-30 22:50:47 +01:00
drduh
e0430a0698
Formatting nit
2018-01-16 10:36:46 -08:00
drduh
5ecf1046a9
Formatting fix
2017-12-21 14:42:54 -08:00
kiralex
02bfc69c2a
Update README.md
2017-12-18 08:52:18 +01:00
kiralex
badf3cc5d9
fix ssh-agent does not work on archlinux
2017-12-18 08:26:33 +01:00
drduh
baf1e6676e
Mention ssh multiplex to ease multiple connections
2017-12-18 03:04:13 +00:00
drduh
e3c0512b21
Describe status if public key not imported, fix #6
2017-12-18 02:47:07 +00:00
drduh
5d452a9190
Reference paper backup instructions, fix #3
2017-12-18 02:44:03 +00:00
drduh
6f199ec00e
Document error from Debian 9
2017-12-14 00:13:24 +00:00
drduh
7c0ea30e53
Document ssh-add error
2017-12-14 00:03:59 +00:00
Philipp Eckel
6dde3bda33
emphasize 2048 bit as the correct key size for the YubiKey Neo
2017-12-12 09:36:44 +01:00
Philipp Eckel
109de3011d
fix exporting KEYID
2017-11-10 11:26:22 +01:00
Ben Low
bcada3f2cc
Whitespace fixes.
2017-10-10 02:08:36 +11:00
Ben Low
a010a2a752
Updated to gpg 2.2.1, and added some macOS references.
2017-10-10 01:53:19 +11:00
Aleksandr Vinokurov
9336fc1317
Replace hkt with gpg to fix unsupported GnuPG 2.1
...
hkt does not support GnuPG 2.1 because it expects gpg pubring.
But the export can be done by gpg itself.
2017-09-23 16:49:48 +02:00
Brendan Rius
c871adc904
Make hkt respect custom $GNUPGHOME
2017-08-13 13:51:15 +02:00
Dawid Łakomski
07752240cb
Add information about composite USB mode on YK with firmware >=3.3
2017-05-12 09:04:23 +02:00
drduh
1ad37577db
Use require-cross-certification option. Fix #14 .
2016-09-25 11:32:16 -04:00
drduh
94ada05473
Plug in YubiKey correctly. Fix #9 .
2016-09-25 11:26:47 -04:00
drduh
ac66a81a35
Merge pull request #24 from wsargent/patch-3
...
Use AES256 for private key password encryption
2016-09-25 11:23:29 -04:00
Will Sargent
8515aaf839
Use AES256 for private key password encryption
...
Adds
```
s2k-cipher-algo AES256
```
to the GPG configuration, per https://pthree.org/2015/11/19/your-gnupg-private-key/
> --s2k-cipher-algo name
> Use name as the cipher algorithm used to protect secret keys. The default cipher is CAST5. This cipher is also used for symmetric encryption with a passphrase if --personal-cipher-preferences and --cipher-algo is not given.
https://www.gnupg.org/documentation/manuals/gnupg-2.0/OpenPGP-Options.html#index-s2k_002dcipher_002dalgo
2016-09-24 10:29:56 -07:00
Will Sargent
ff871a254d
Use signing subkey
...
The signature was made using `0xBECFA3C1AE191D15`, and has to be used with the signing key, not the root key.
I can verify this with my own key -- using the keyid doesn't work:
```
~ echo "$(uname -a)" | gpg --armor --clearsign --default-key 0xB1A9D5A2A605F794
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Linux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJX5aWdAAoJECaAG7YBLqXZi1EP/3R4oOdkXqZXcskwzfjBXa68
oZeKxTB8i74tSPXp0SL26+ULOQ6GRJdIFod2MQtqfjeu6dyNEbIBF1pHWnyLx4Bn
p/+ROoOTiBSFEWPts++yYhmo0tS0cXPv6QPCYqj4mPkJe6u8wVp5hkoyujL/k9bs
cAZSbeyV/hggS0rFTN4/5AeUky4LJPrWYkAiln7D0PVQeZc6DFlDpeup1Az7hWV5
ImRglAfoacNq+0LWslnc51/4knFGC/k4RS/QAyfUNJG/yy/ZZs6FNc7FjyZkw87E
yRqqSPkuL64BmzNxmfKnwgMAesaq8D674lRb7b9TC8sQuuelcbgPkCCDioRmCSWh
+NIe+pwWLIXHSwQntO2FblGFL+IeDYBZy3P5nO+N12EHn2oS2psep04STq5cjRaa
PTMopcDsThzXljn8b6p+Iu2BaFiMkEwpAD8f0knR4DZzorpgMjIV0mEdeDuTzC1L
dPHc7uZsTSSTEgxm7JO8x1h3hfwqX+KvVhmo0SgvwexqsmH7+b6j948RPGSCGBys
wS8HEQgzgznQYSxqnCHvuDT9cIuyuCi9BZfqvRy3NSa+ixKMHJ4n2rFWlw8WbvTm
tKFumm2z3z9JkijzJFj4sHETebaa2ip/TxeQvhFD/jEBB1XaqneDw1UaRll+6auA
K6naZ0LzZx2cOzJpn4xN
=TVTZ
-----END PGP SIGNATURE-----
~
~ gpg
gpg: Go ahead and type your message ...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Linux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJX5aWdAAoJECaAG7YBLqXZi1EP/3R4oOdkXqZXcskLinux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/LinuxwzfjBXa68
oZeKxTB8i74tSPXp0SL26+ULOQ6GRJdIFod2MQtqfjeu6dyNEbIBF1pHWnyLx4Bn
p/+ROoOTiBSFEWPts++yYhmo0tS0cXPv6QPCYqj4mPkJe6u8wVp5hkoyujL/k9bs
cAZSbeyV/hggS0rFTN4/5AeUky4LJPrWYkAiln7D0PVQeZc6DFlDpeup1Az7hWV5
ImRglAfoacNq+0LWslnc51/4knFGC/k4RS/QAyfUNJG
/yy/ZZs6FNc7FjyZkw87E
yRqqSPkuL64BmzNxmfKnwgMAesaq8D674lRb7b9TC8sQuuelcbgPkCCDioRmCSWh
+NIe+pwWLIXHSwQntO2FblGFL+IeDYBZy3P5nO+N12EHn2oS2psep04STq5cjRaa
PTMopcDsThzXljn8b6p+Iu2BaFiMkEwpAD8f0knR4DZzorpgMjIV0mEdeDuTzC1L
dPHc7uZsTSSTEgxm7JO8x1h3hfwqX+K
vVhmo0SgvwexqsmH7+b6j948RPGSCGBys
wS8HEQgzgznQYSxqnCHvuDT9cIuyuCi9BZfqvRy3NSa+ixKMHJ4n2rFWlw8WbvTm
tKFumm2z3z9JkijzJFj4sHETebaa2ip/TxeQvhFD/jEBB1XaqneDw1UaRll+6auA
K6naZ0LzZx2cOzJpn4xN
=TVTZ
-----END PGP SIGNATURE-----
gpg: Signature made Fri 23 Sep 2016 02:58:53 PM PDT
gpg: using RSA key 0x26801BB6012EA5D9
gpg: BAD signature from "Will Sargent <will.sargent@lightbend.com>" [ultimate]
```
but using the signing key does work:
```
✘ ~ echo "$(uname -a)" | gpg --armor --clearsign --default-key 0x26801BB6012EA5D9
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Linux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJX5aagAAoJECaAG7YBLqXZvZwP/21yoEQ3hI9hP0QyrFJu/T/0
sD9Y+DGQHBU5WaII3/iVgBN2V3EQwlzX8dP4/LfTm7NQ0M2flgbPbqf/rUYLQQZg
lO489XbI78kk80b3kDebkautN5rQhkU0ZAy/WfDdKmwGnF1hEXzYqEwI5S0tGddT
cKt0U3cZ0XuOI7pdtSOD423tNV4l45sIAT/ndAsgpbzT0ZTkza65V/RHWqGQDDT1
VB6WKmuqOca1gTDYGlW5yITfOqdWjB30ljLjuOjFJjcOunJQmlSRDMGyjfdzF3ec
X1/+vLKnI0M2ipFaxKTtjdCTo8+26wjExdGca6Sy8v9M0zBjA2vgCGBTwCpXkMQE
4HFZ6N0+6k/3icyNALJhHSRkApNom3ZqINntDNNcN/tyHZVUijb5/hfv7W4D5LSe
8b1/UbF/R46w21sgR4Rzfv5EsbZkkjWx65hTXYWByf4PqZ7NiJJGbETpPC8wSc+4
oZNk9SLZunzE2Gemk2CXu7VXR58BIP014FHjU4FN7k54ZGn7IzU2xfKCZ+se7pFh
SzWIrDhZP5vsbCMbh4HzD4WFPLteNOdV+nkHi4iaSXc7UQfdgZIeKb2ljbjJTmN4
fyi/Zjk0+29pwB+W5iWD4AoKqzSsHMCrK73KRyAHcFaHOHILl8grG0GsfJmPGHCz
Mm3O7IH5is7ZkvOmbUMY
=jQY+
-----END PGP SIGNATURE-----
~ gpg
gpg: Go ahead and type your message ...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Linux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJX5aagAAoJECaAG7YBLqXZvZwP/21yoEQ3hI9hP0QyrFJu/T/0
sD9Y+DGQHBU5WaII3/iVgBN2V3EQwlzX8dP4/LfTm7NQ0M2flgbPbqf/rUYLQQZg
lO489XbI78kk80b3kDebkautN5rQhkU0ZAy/WfDdKmwGnF1hEXzYqEwI5S0tGddT
cKt0U3cZ0XuOI7pdtSOD423tNV4l45sIAT/ndAsgpbzT0ZTkza65V/RHWqGQDDT1
VB6WKmuqOca1gTDYGlW5yITfOqdWjB30ljLjuOjFJjcOunJLinux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
QmlSRDMGyjfdzF3ec
X1/+vLKnI0M2ipFaxKTtjdCTo8+26wjExdGca6Sy8v9M0zBjA2vgCGBTwCpXkMQE
4HFZ6N0+6k/3icyNALJhHSRkApNom3ZqINntDNNcN/tyHZVUijb5/hfv7W4D5LSe
8b1/UbF/R46w21sgR4Rzfv5EsbZkkjWx65hTXYWByf4PqZ7NiJJGbETpPC8wSc+4
oZNk9SLZunzE2Gemk2CXu7VXR58BIP014FHjU4FN7k54ZGn7IzU2xfKCZ+se7pFh
SzWIrDhZP5vsbCMbh4HzD4WFPLteNOdV+nkHi4iaSXc7UQfdgZIeKb2ljbjJTmN4
fyi/Zjk0+29pwB+W5iWD4AoKqzSsHMCrK73KRyAHcFaHOHILl8grG0GsfJmPGHCz
Mm3O7IH5is7ZkvOmbUMY
=jQY+
-----END PGP SIGNATURE-----
gpg: Signature made Fri 23 Sep 2016 03:03:12 PM PDT
gpg: using RSA key 0x26801BB6012EA5D9
gpg: Good signature from "Will Sargent <will.sargent@lightbend.com>" [ultimate]
gpg: aka "Will Sargent <will.sargent@gmail.com>" [ultimate]
Primary key fingerprint: 75E4 E7F9 1D18 D981 3028 64B1 B1A9 D5A2 A605 F794
Subkey fingerprint: ADB3 1ED0 EC01 44AF 8301 320D 2680 1BB6 012E A5D9
```
2016-09-23 15:09:04 -07:00
Will Sargent
e195a60ecc
Add $
2016-09-22 13:00:08 -07:00
Will Sargent
99aef6c70d
Add instructions for installing gnupg-curl
...
Fixes https://github.com/drduh/YubiKey-Guide/issues/5
2016-09-21 15:00:27 -07:00
Will Sargent
678c8a8da7
Prepend $
2016-09-20 12:54:03 -07:00
Will Sargent
9c5c247446
Add key checking
2016-09-20 12:39:35 -07:00
Will Sargent
8f8322a479
Add an extra error condition
2016-09-20 10:18:47 -07:00
Will Sargent
388f1599da
Discuss pinentry-gnome3
2016-09-16 15:47:39 -07:00
Will Sargent
25ec3400e6
Adds explanation of ssh-add -L option
2016-09-16 14:41:01 -07:00
Will Sargent
75c5c07e14
Change link
...
https://rnorth.org/8/gpg-and-ssh-with-yubikey-for-mac is https://rnorth.org/gpg-and-ssh-with-yubikey-for-mac now.
2016-09-16 14:20:11 -07:00
drduh
3964cd9e5f
Followed my own guide to make new keys; refresh
2016-05-25 02:25:07 +00:00
drduh
cb6bfd972e
Merge pull request #1 from victorso/patch-1
...
yubikey tails fix
2016-05-18 13:42:46 -04:00
Victor Fischer Scattone
bce316b45c
Export public key to file
...
The public key must be written on a file.
2016-05-18 14:41:12 -03:00
Victor Fischer Scattone
2de6ad9a99
yubikey tails fix
...
Fix to use the yubikey on Tails
2016-05-18 14:35:42 -03:00
drduh
da1ce278c6
Use variable to store Key ID
2016-05-09 02:47:16 +00:00
drduh
1c16d968e9
Add encrypted USB backup instructions, grammar fixes
2016-04-25 17:49:51 +00:00
drduh
e86af76264
Use IO rediction for revocation certificate step
2016-02-25 15:28:36 -05:00
drduh
c34f78044e
Fix up formatting.
2016-02-01 21:49:46 -05:00
drduh
f4c76ba210
Create local configuration, too
2016-02-01 21:45:34 -05:00
drduh
172a4292a5
Create README.md
2016-01-31 20:58:24 -05:00