Commit Graph

380 Commits

Author SHA1 Message Date
beardedbotanist 93ff1d3595
Adding wget as prerequisite on macOS
When i was following the guide I could not fetch the gpg config because I was missing wget
2022-04-08 14:57:09 -04:00
drduh 4615b5e919
Merge pull request #292 from mpdude/patch-1
Point out that paperkey backups are password-protected
2022-03-16 15:29:42 -07:00
drduh 14e951bb01
Merge pull request #294 from DevSecNinja/patch-1
Add small adjustments after renewing my subkeys
2022-03-16 15:29:16 -07:00
drduh 3f959cfc0d
Merge pull request #308 from okada-h/add-missing-preposition
Add missing preposition ("be able use" -> "be able to use")
2022-03-16 15:28:53 -07:00
drduh 6992c9e115
Merge pull request #295 from pedrohdz-scrap/no-puk
Fixed broken "Change PUK" link
2022-03-16 15:28:39 -07:00
drduh 55be657375
Merge pull request #303 from maxromanovsky/patch-1
Fix for `tr: Illegal byte sequence` on macOS
2022-03-16 15:28:16 -07:00
drduh f9d1571ebc
Merge pull request #310 from dirkjanm/master
Add notes about KDF compatibility (solves #307)
2022-03-16 15:27:59 -07:00
Dirk-jan Mollema 1e3e4bccbc
Add notes about KDF compatibility (solves #307) 2022-02-15 04:19:10 -08:00
Hiroki Okada 543d218b68 Add missing preposition ("be able use" -> "be able to use") 2022-01-28 03:39:57 +09:00
Maksim Ramanouski c69fc7badf
Fix for `tr: Illegal byte sequence` on macOS 2022-01-02 14:04:43 +01:00
Pedro H 33993e767c
Fixed broken "Change PUK" link
Fixed a broken link found in
https://github.com/drduh/YubiKey-Guide/issues/287 and updated the text.
2021-11-13 14:42:05 +01:00
Jean-Paul van Ravensberg 1a955f88aa
Add small adjustments after renewing my subkeys 2021-11-07 13:07:01 +01:00
Matthias Pigulla 76d32d2cd9
Point out that paperkey backups are password-protected
Fixes #263. Really though decision to make whether a paper printout with the password is a good way to go (recoverable but needs a really good place to keep) or not (more protection, but possibly worthless).
2021-10-25 09:31:57 +02:00
drduh fe6434577b
Merge pull request #291 from gaffneyd4/improve-recovery-guide
Added clearer recovery options
2021-10-24 11:08:50 -07:00
drduh 5823d488f3
Merge pull request #290 from NiklasMerz/mac-m1
add pinentry path for M1 macs
2021-10-24 11:08:10 -07:00
drduh 2cbfcfba49
Merge pull request #288 from watermelonpizza/master
Use GPT instead of MBR
2021-10-24 11:07:16 -07:00
drduh 1c1e76623f
Merge pull request #285 from jaeha-choi/master
Add Key Derived Function (KDF) setting
2021-10-24 10:53:28 -07:00
drduh b621273182
Merge pull request #284 from jsoref/grammar
Minor grammar fixes
2021-10-24 10:52:28 -07:00
drduh fcf4f01ff1
Merge pull request #239 from basbebe/temp-folder-prefix-with-date
add prefix and date to temporary folder
2021-10-24 10:49:51 -07:00
Derek Gaffney 248e207527
Add TOC entry, fix link 2021-10-10 08:52:12 -04:00
Wheest 77394c2773
Added clearer recovery options 2021-10-10 08:44:26 -04:00
Niklas Merz 6740fa9a10
add pinentry path for M1 macs
Closes #289
2021-10-05 22:16:36 +02:00
Daniel Miller 3418634c66
Use GPT instead of MBR 2021-10-04 22:10:12 +11:00
basbebe ad09f543af
add prefix and date to temporary folder
This makes identifying the latest version easier when daleing with backups.
2021-09-30 10:46:06 +02:00
Jaeha Choi b59107d413
Add note about KDF 2021-09-06 20:29:32 -07:00
Josh Soref a98866a185
Minor grammar fixes 2021-08-26 00:20:09 -04:00
drduh 31074ac13d Stage alternatives section and cleanup grammar 2021-08-15 17:06:20 -07:00
drduh 569231bf2b Note to permasave password to fix #206 2021-08-15 16:12:36 -07:00
drduh 371d4ec77b Mention the yubikey troubleshooting guide for gpg to fix #217 2021-08-15 15:46:14 -07:00
drduh 7bfae57336 Update filenames to fix #222 2021-08-15 15:42:53 -07:00
drduh a02350f318
Merge pull request #276 from pedrohdz-scrap/clarify.pins-take.2
Clarified PIN config
2021-08-15 15:36:44 -07:00
drduh 92e2a5e8ac
Merge pull request #262 from iandstanley/patch-1
switching between Yubikeys
2021-08-15 15:24:30 -07:00
drduh 8816d9759f
Merge pull request #264 from iandstanley/master
added mention of ssh key support for blue security keys
2021-08-15 15:22:11 -07:00
drduh fce12ceac5
Merge pull request #259 from iandstanley/patch-1
Script to switch between two Yubikeys with identical keys
2021-08-15 15:19:17 -07:00
drduh a12a01c1bc
Merge pull request #268 from reissmann/patch-1
Update nixos LiveCD example
2021-08-15 15:15:16 -07:00
Pedro H 1a83925dda
Expanded on GPG PIN config 2021-08-10 14:37:28 +02:00
Andrew Martinez 87f48f547b
clarify pins, drduh/YubiKey-Guide#248
- define each pin name, default, usage
- call out special admin pin restrictions
2021-08-10 12:50:36 +02:00
Sven Reissmann 23caa2c36b
Update nixos LiveCD example
````nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-kde.nix```` no longer exists. 
Update to ````nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-plasma5.nix````
2021-07-05 10:19:58 +02:00
Ian Stanley 15bb00b428
added mention of ssh key support for blue security keys
As detailed in their recent press release and blog post

https://www.yubico.com/blog/github-now-supports-ssh-security-keys/
2021-06-08 20:59:02 +01:00
Ian Stanley f6818480a5
added to section multiple Yubikeys section re: switching between Yubikeys
section describes the issue and the remedy for GPG stubs only pointing to the Yubikey that was last subject to the keytocard command
2021-06-04 22:47:38 +01:00
drduh 20dd0687cd
Merge pull request #247 from jamesob/jamesob-21-03-pass-trouble
Add note about pass insert error and `trust-key` usage
2021-05-31 16:21:51 +00:00
drduh 21c0e03cd0
Merge pull request #246 from whiskeysierra/patch-1
Update usage of ykman
2021-05-31 16:21:24 +00:00
drduh 6490586595
Merge pull request #232 from captn3m0/warning
[security] Adds warning about PUK being default
2021-05-31 16:19:49 +00:00
drduh 1566801177
Merge pull request #231 from captn3m0/change-puk
Adds instructions on changing the PUK
2021-05-31 16:19:29 +00:00
drduh fbe33ccccd
Merge pull request #258 from vorburger/patch-6
Add hint re. (new) `ssh-keygen -t ed25519-sk`
2021-05-31 16:18:45 +00:00
Ian Stanley ffb29e7f01
Script to switch between two Yubikeys with identical keys
Some GitHub users have asked in the issues why can't I use two Yubikeys (one as a backup). It's a question often asked 

The usual answer given across the web is that you can't as GPG replaces the key with key stubs when you quit and save (if you don't save then the Yubikey appears useless as GPG doesn't delete the keys and carries on using them off the keyring.

If once you have run keytocard to transfer your keys to the Yubikey#1 you QUIT WITHOUT SAVING then you can repeat the whole process again and put in your Yubikey#2 and keytocard again. this time QUIT AND SAVE.

GPG will now replace the keys with a key stub pointing to the Yubikey with the card serial number (see Yubikey serial on back of key) when you try to decrypt/sign/authenticate. The first Yubikey will be ignored despite the fact it has a copy of the Yubikey.

However you can use gpg-connect-agent to force read the Yubikey and repoint the key stubs to the keys on the Yubikey inserted.

Just run the script and insert whichever key you have to have (primary or backup) when prompted 

NB once this script has been run GPG will be pointing the stubs at the recently used Yubikey ... to go back to your first Yubikey again switch Yubikeys and re-run script

Simples :)
2021-05-05 00:42:48 +01:00
Michael Vorburger ⛑️ 49bfbf81ed
Add hint re. (new) `ssh-keygen -t ed25519-sk` 2021-05-01 16:20:32 +02:00
James O'Beirne 47cd085518
Add note about pass insert error and `trust-key` usage
When using a previously provisioned YubiKey on a new computer,
I was met with an "Unusable public key" error when trying to insert
a new password, despite being able to decrypt pass entries.

I tried setting the trust on the key via `gpg --edit-key`, but was
then met with "Need secret key to do this."

I found that the solution is apparently to use the `trust-key`
directive in `~/.gnupg/gpg.conf`, which is not mentioned in the README
at the moment.
2021-03-25 11:40:22 -04:00
Willi Schönborn 592bdc5733
Update usage of ykman
Fixes the following warning:

WARNING: The use of this command is deprecated and will be removed!
Replace with: ykman openpgp keys set-touch
2021-03-24 14:51:38 +01:00
drduh de29a9e45c
Merge pull request #242 from inducer/patch-1
Fix: "quit" to save -> "save" to save
2021-02-11 17:11:41 -08:00