drduh
|
254fd2c3d2
|
Formatting fix.
|
2018-06-05 10:08:02 -07:00 |
Jonathan Holtmann
|
eadd3bb2f5
|
Fixed menu
|
2018-06-05 01:10:59 -04:00 |
Jonathan Holtmann
|
ba382ce551
|
Added information on how to perform the YubiKey GPG setup and SSH authentication on Windows devices
|
2018-06-05 01:01:38 -04:00 |
drduh
|
478eb05de2
|
Mention Purse
|
2018-06-02 13:41:34 -07:00 |
drduh
|
b9cd480f7a
|
Note on keeping backup mounted for 2xkeys. Fix #44
|
2018-04-29 18:50:54 -07:00 |
drduh
|
fc429bf892
|
Remove obsolete option, add troubleshooting item
|
2018-04-29 18:34:59 -07:00 |
drduh
|
2cc0f7101e
|
Additional troubleshooting step and openbsd note
|
2018-04-29 14:50:06 -07:00 |
Michael Brown
|
17581cfd82
|
Remove outdated config from gpg.conf
Removing configuration paramaters no longer supported in GPG 2.X
Related to #28
|
2018-03-21 01:37:26 -04:00 |
James Wu
|
79dac3ec7d
|
add explicit public key naming for IdentitiesOnly usage
|
2018-03-14 11:50:04 -07:00 |
W1lkins
|
9a21477481
|
install hopenpgp-tools as it is used in section https://github.com/drduh/YubiKey-Guide\#check-your-work where an apt-get command is listed
|
2018-03-03 16:12:36 +00:00 |
Marjan Grabowski
|
f14d756578
|
Change rights of 'gpg.conf' to avoid warning
|
2018-02-26 10:33:42 +01:00 |
Nick Sandford
|
71b5e69cf1
|
Use gpgconf to get the ssh auth sock.
|
2018-02-25 19:43:36 +11:00 |
Philipp Eckel
|
dcadfbdccd
|
remove not need keyserver certificate, see https://github.com/drduh/YubiKey-Guide/issues/48
|
2018-02-22 08:18:10 +01:00 |
Philipp Eckel
|
161dea9e92
|
remove outdated use-standard-socket option from SSH config, see here: https://www.gnupg.org/documentation/manuals/gnupg/Agent-Options.html
|
2018-01-30 22:50:47 +01:00 |
drduh
|
e0430a0698
|
Formatting nit
|
2018-01-16 10:36:46 -08:00 |
drduh
|
5ecf1046a9
|
Formatting fix
|
2017-12-21 14:42:54 -08:00 |
kiralex
|
02bfc69c2a
|
Update README.md
|
2017-12-18 08:52:18 +01:00 |
kiralex
|
badf3cc5d9
|
fix ssh-agent does not work on archlinux
|
2017-12-18 08:26:33 +01:00 |
drduh
|
baf1e6676e
|
Mention ssh multiplex to ease multiple connections
|
2017-12-18 03:04:13 +00:00 |
drduh
|
e3c0512b21
|
Describe status if public key not imported, fix #6
|
2017-12-18 02:47:07 +00:00 |
drduh
|
5d452a9190
|
Reference paper backup instructions, fix #3
|
2017-12-18 02:44:03 +00:00 |
drduh
|
6f199ec00e
|
Document error from Debian 9
|
2017-12-14 00:13:24 +00:00 |
drduh
|
7c0ea30e53
|
Document ssh-add error
|
2017-12-14 00:03:59 +00:00 |
Philipp Eckel
|
6dde3bda33
|
emphasize 2048 bit as the correct key size for the YubiKey Neo
|
2017-12-12 09:36:44 +01:00 |
Philipp Eckel
|
109de3011d
|
fix exporting KEYID
|
2017-11-10 11:26:22 +01:00 |
Ben Low
|
bcada3f2cc
|
Whitespace fixes.
|
2017-10-10 02:08:36 +11:00 |
Ben Low
|
a010a2a752
|
Updated to gpg 2.2.1, and added some macOS references.
|
2017-10-10 01:53:19 +11:00 |
Aleksandr Vinokurov
|
9336fc1317
|
Replace hkt with gpg to fix unsupported GnuPG 2.1
hkt does not support GnuPG 2.1 because it expects gpg pubring.
But the export can be done by gpg itself.
|
2017-09-23 16:49:48 +02:00 |
Brendan Rius
|
c871adc904
|
Make hkt respect custom $GNUPGHOME
|
2017-08-13 13:51:15 +02:00 |
Dawid Łakomski
|
07752240cb
|
Add information about composite USB mode on YK with firmware >=3.3
|
2017-05-12 09:04:23 +02:00 |
drduh
|
1ad37577db
|
Use require-cross-certification option. Fix #14.
|
2016-09-25 11:32:16 -04:00 |
drduh
|
94ada05473
|
Plug in YubiKey correctly. Fix #9.
|
2016-09-25 11:26:47 -04:00 |
drduh
|
ac66a81a35
|
Merge pull request #24 from wsargent/patch-3
Use AES256 for private key password encryption
|
2016-09-25 11:23:29 -04:00 |
Will Sargent
|
8515aaf839
|
Use AES256 for private key password encryption
Adds
```
s2k-cipher-algo AES256
```
to the GPG configuration, per https://pthree.org/2015/11/19/your-gnupg-private-key/
> --s2k-cipher-algo name
> Use name as the cipher algorithm used to protect secret keys. The default cipher is CAST5. This cipher is also used for symmetric encryption with a passphrase if --personal-cipher-preferences and --cipher-algo is not given.
https://www.gnupg.org/documentation/manuals/gnupg-2.0/OpenPGP-Options.html#index-s2k_002dcipher_002dalgo
|
2016-09-24 10:29:56 -07:00 |
Will Sargent
|
ff871a254d
|
Use signing subkey
The signature was made using `0xBECFA3C1AE191D15`, and has to be used with the signing key, not the root key.
I can verify this with my own key -- using the keyid doesn't work:
```
~ echo "$(uname -a)" | gpg --armor --clearsign --default-key 0xB1A9D5A2A605F794
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Linux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJX5aWdAAoJECaAG7YBLqXZi1EP/3R4oOdkXqZXcskwzfjBXa68
oZeKxTB8i74tSPXp0SL26+ULOQ6GRJdIFod2MQtqfjeu6dyNEbIBF1pHWnyLx4Bn
p/+ROoOTiBSFEWPts++yYhmo0tS0cXPv6QPCYqj4mPkJe6u8wVp5hkoyujL/k9bs
cAZSbeyV/hggS0rFTN4/5AeUky4LJPrWYkAiln7D0PVQeZc6DFlDpeup1Az7hWV5
ImRglAfoacNq+0LWslnc51/4knFGC/k4RS/QAyfUNJG/yy/ZZs6FNc7FjyZkw87E
yRqqSPkuL64BmzNxmfKnwgMAesaq8D674lRb7b9TC8sQuuelcbgPkCCDioRmCSWh
+NIe+pwWLIXHSwQntO2FblGFL+IeDYBZy3P5nO+N12EHn2oS2psep04STq5cjRaa
PTMopcDsThzXljn8b6p+Iu2BaFiMkEwpAD8f0knR4DZzorpgMjIV0mEdeDuTzC1L
dPHc7uZsTSSTEgxm7JO8x1h3hfwqX+KvVhmo0SgvwexqsmH7+b6j948RPGSCGBys
wS8HEQgzgznQYSxqnCHvuDT9cIuyuCi9BZfqvRy3NSa+ixKMHJ4n2rFWlw8WbvTm
tKFumm2z3z9JkijzJFj4sHETebaa2ip/TxeQvhFD/jEBB1XaqneDw1UaRll+6auA
K6naZ0LzZx2cOzJpn4xN
=TVTZ
-----END PGP SIGNATURE-----
~
~ gpg
gpg: Go ahead and type your message ...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Linux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJX5aWdAAoJECaAG7YBLqXZi1EP/3R4oOdkXqZXcskLinux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/LinuxwzfjBXa68
oZeKxTB8i74tSPXp0SL26+ULOQ6GRJdIFod2MQtqfjeu6dyNEbIBF1pHWnyLx4Bn
p/+ROoOTiBSFEWPts++yYhmo0tS0cXPv6QPCYqj4mPkJe6u8wVp5hkoyujL/k9bs
cAZSbeyV/hggS0rFTN4/5AeUky4LJPrWYkAiln7D0PVQeZc6DFlDpeup1Az7hWV5
ImRglAfoacNq+0LWslnc51/4knFGC/k4RS/QAyfUNJG
/yy/ZZs6FNc7FjyZkw87E
yRqqSPkuL64BmzNxmfKnwgMAesaq8D674lRb7b9TC8sQuuelcbgPkCCDioRmCSWh
+NIe+pwWLIXHSwQntO2FblGFL+IeDYBZy3P5nO+N12EHn2oS2psep04STq5cjRaa
PTMopcDsThzXljn8b6p+Iu2BaFiMkEwpAD8f0knR4DZzorpgMjIV0mEdeDuTzC1L
dPHc7uZsTSSTEgxm7JO8x1h3hfwqX+K
vVhmo0SgvwexqsmH7+b6j948RPGSCGBys
wS8HEQgzgznQYSxqnCHvuDT9cIuyuCi9BZfqvRy3NSa+ixKMHJ4n2rFWlw8WbvTm
tKFumm2z3z9JkijzJFj4sHETebaa2ip/TxeQvhFD/jEBB1XaqneDw1UaRll+6auA
K6naZ0LzZx2cOzJpn4xN
=TVTZ
-----END PGP SIGNATURE-----
gpg: Signature made Fri 23 Sep 2016 02:58:53 PM PDT
gpg: using RSA key 0x26801BB6012EA5D9
gpg: BAD signature from "Will Sargent <will.sargent@lightbend.com>" [ultimate]
```
but using the signing key does work:
```
✘ ~ echo "$(uname -a)" | gpg --armor --clearsign --default-key 0x26801BB6012EA5D9
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Linux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJX5aagAAoJECaAG7YBLqXZvZwP/21yoEQ3hI9hP0QyrFJu/T/0
sD9Y+DGQHBU5WaII3/iVgBN2V3EQwlzX8dP4/LfTm7NQ0M2flgbPbqf/rUYLQQZg
lO489XbI78kk80b3kDebkautN5rQhkU0ZAy/WfDdKmwGnF1hEXzYqEwI5S0tGddT
cKt0U3cZ0XuOI7pdtSOD423tNV4l45sIAT/ndAsgpbzT0ZTkza65V/RHWqGQDDT1
VB6WKmuqOca1gTDYGlW5yITfOqdWjB30ljLjuOjFJjcOunJQmlSRDMGyjfdzF3ec
X1/+vLKnI0M2ipFaxKTtjdCTo8+26wjExdGca6Sy8v9M0zBjA2vgCGBTwCpXkMQE
4HFZ6N0+6k/3icyNALJhHSRkApNom3ZqINntDNNcN/tyHZVUijb5/hfv7W4D5LSe
8b1/UbF/R46w21sgR4Rzfv5EsbZkkjWx65hTXYWByf4PqZ7NiJJGbETpPC8wSc+4
oZNk9SLZunzE2Gemk2CXu7VXR58BIP014FHjU4FN7k54ZGn7IzU2xfKCZ+se7pFh
SzWIrDhZP5vsbCMbh4HzD4WFPLteNOdV+nkHi4iaSXc7UQfdgZIeKb2ljbjJTmN4
fyi/Zjk0+29pwB+W5iWD4AoKqzSsHMCrK73KRyAHcFaHOHILl8grG0GsfJmPGHCz
Mm3O7IH5is7ZkvOmbUMY
=jQY+
-----END PGP SIGNATURE-----
~ gpg
gpg: Go ahead and type your message ...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Linux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJX5aagAAoJECaAG7YBLqXZvZwP/21yoEQ3hI9hP0QyrFJu/T/0
sD9Y+DGQHBU5WaII3/iVgBN2V3EQwlzX8dP4/LfTm7NQ0M2flgbPbqf/rUYLQQZg
lO489XbI78kk80b3kDebkautN5rQhkU0ZAy/WfDdKmwGnF1hEXzYqEwI5S0tGddT
cKt0U3cZ0XuOI7pdtSOD423tNV4l45sIAT/ndAsgpbzT0ZTkza65V/RHWqGQDDT1
VB6WKmuqOca1gTDYGlW5yITfOqdWjB30ljLjuOjFJjcOunJLinux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
QmlSRDMGyjfdzF3ec
X1/+vLKnI0M2ipFaxKTtjdCTo8+26wjExdGca6Sy8v9M0zBjA2vgCGBTwCpXkMQE
4HFZ6N0+6k/3icyNALJhHSRkApNom3ZqINntDNNcN/tyHZVUijb5/hfv7W4D5LSe
8b1/UbF/R46w21sgR4Rzfv5EsbZkkjWx65hTXYWByf4PqZ7NiJJGbETpPC8wSc+4
oZNk9SLZunzE2Gemk2CXu7VXR58BIP014FHjU4FN7k54ZGn7IzU2xfKCZ+se7pFh
SzWIrDhZP5vsbCMbh4HzD4WFPLteNOdV+nkHi4iaSXc7UQfdgZIeKb2ljbjJTmN4
fyi/Zjk0+29pwB+W5iWD4AoKqzSsHMCrK73KRyAHcFaHOHILl8grG0GsfJmPGHCz
Mm3O7IH5is7ZkvOmbUMY
=jQY+
-----END PGP SIGNATURE-----
gpg: Signature made Fri 23 Sep 2016 03:03:12 PM PDT
gpg: using RSA key 0x26801BB6012EA5D9
gpg: Good signature from "Will Sargent <will.sargent@lightbend.com>" [ultimate]
gpg: aka "Will Sargent <will.sargent@gmail.com>" [ultimate]
Primary key fingerprint: 75E4 E7F9 1D18 D981 3028 64B1 B1A9 D5A2 A605 F794
Subkey fingerprint: ADB3 1ED0 EC01 44AF 8301 320D 2680 1BB6 012E A5D9
```
|
2016-09-23 15:09:04 -07:00 |
Will Sargent
|
e195a60ecc
|
Add $
|
2016-09-22 13:00:08 -07:00 |
Will Sargent
|
99aef6c70d
|
Add instructions for installing gnupg-curl
Fixes https://github.com/drduh/YubiKey-Guide/issues/5
|
2016-09-21 15:00:27 -07:00 |
Will Sargent
|
678c8a8da7
|
Prepend $
|
2016-09-20 12:54:03 -07:00 |
Will Sargent
|
9c5c247446
|
Add key checking
|
2016-09-20 12:39:35 -07:00 |
Will Sargent
|
8f8322a479
|
Add an extra error condition
|
2016-09-20 10:18:47 -07:00 |
Will Sargent
|
388f1599da
|
Discuss pinentry-gnome3
|
2016-09-16 15:47:39 -07:00 |
Will Sargent
|
25ec3400e6
|
Adds explanation of ssh-add -L option
|
2016-09-16 14:41:01 -07:00 |
Will Sargent
|
75c5c07e14
|
Change link
https://rnorth.org/8/gpg-and-ssh-with-yubikey-for-mac is https://rnorth.org/gpg-and-ssh-with-yubikey-for-mac now.
|
2016-09-16 14:20:11 -07:00 |
drduh
|
3964cd9e5f
|
Followed my own guide to make new keys; refresh
|
2016-05-25 02:25:07 +00:00 |
drduh
|
cb6bfd972e
|
Merge pull request #1 from victorso/patch-1
yubikey tails fix
|
2016-05-18 13:42:46 -04:00 |
Victor Fischer Scattone
|
bce316b45c
|
Export public key to file
The public key must be written on a file.
|
2016-05-18 14:41:12 -03:00 |
Victor Fischer Scattone
|
2de6ad9a99
|
yubikey tails fix
Fix to use the yubikey on Tails
|
2016-05-18 14:35:42 -03:00 |
drduh
|
da1ce278c6
|
Use variable to store Key ID
|
2016-05-09 02:47:16 +00:00 |
drduh
|
1c16d968e9
|
Add encrypted USB backup instructions, grammar fixes
|
2016-04-25 17:49:51 +00:00 |
drduh
|
e86af76264
|
Use IO rediction for revocation certificate step
|
2016-02-25 15:28:36 -05:00 |