Commit Graph

295 Commits

Author SHA1 Message Date
drduh cf24f034eb
Merge pull request #201 from dragon788/update-python-refs
Python2 is EOL, update packages/references to Py3
2020-11-08 11:36:02 -08:00
dragon788 94a753d4a1
Merge branch 'master' into update-python-refs 2020-09-02 13:57:38 -05:00
drduh 6e2109ea46 Merge branch 'Amolith-master' 2020-08-30 14:19:52 -07:00
drduh 03f0e40558 Merge branch 'master' of https://github.com/Amolith/YubiKey-Guide into Amolith-master 2020-08-30 14:19:41 -07:00
drduh 1698736906
Create FUNDING.yml 2020-08-30 21:06:04 +00:00
drduh d306be5a67
Merge pull request #209 from mirko/master
Add option to retrieve additionaly entropy from YubiKey itself
2020-08-30 14:04:00 -07:00
Mirko Vogt 767b84eb3b Add option to retrieve additionaly entropy from YubiKey itself 2020-08-29 16:24:34 +00:00
Amolith 0e7dabeeeb
change defaults and add info to #Require touch
As mentioned in #197, the previous behaviour would require users to
touch their key any time an authentication, signing, or encryption
operation was performed. In some situations, this behaviour would be
undesirable and the only way to revert it would be fully resetting the
key and starting from scratch. Rather than using `fixed`, this commit
simply turns the feature `on` so the user can change it later if they
wish.

Additionally, a note about the other policies was included so users can
decide for themselves which fits their situation better.
2020-08-26 23:42:53 -04:00
dragon788 9bb54914b4
Merge branch 'master' into update-python-refs 2020-08-23 13:20:03 -05:00
drduh 697a7d8fb9
Merge pull request #203 from bengim/bengim-patch-PyOpenSSL
fixing wrong cryptography version
2020-08-22 14:19:45 -07:00
drduh 2922311fc1
Merge pull request #200 from returntrip/master
Add: notations to be used for identity proofs
2020-08-22 13:58:40 -07:00
bengim 2187610c1d
Update README.md
fixing wrong cryptography version by explicitly installing PyOpenSSL
2020-08-22 19:33:38 +04:00
dragon788 58b7c819d7
Python2 is EOL, update packages/references to Py3 2020-08-21 17:55:28 -05:00
Stefano Figura 8a95de3e3f
Correct spelling 2020-08-14 00:12:06 +02:00
Stefano Figura a2bc415f84
Update wording
Ensure that is clear that we do not need to modify keys or even plug the yubikey
2020-08-14 00:06:37 +02:00
Stefano Figura 8a08a8ac15
Update notation section 2020-08-13 23:51:42 +02:00
Stefano Figura c9ea04db2c
Add notations section 2020-08-13 23:45:18 +02:00
drduh f7561616a5
Merge pull request #199 from b1f6c1c4/patch-1
Fix usage inconsistency
2020-08-11 14:57:57 -07:00
b1f6c1c4 f6f2c26e90
Fix usage inconsistency
Master key shall only be used to certify other keys. The usage indicator in
README.md is inconsistently shown as SC and C.
2020-08-11 02:17:08 -04:00
drduh f83d52d37c
Merge pull request #191 from KenMacD/touch-fixed
Set touch policy to fixed.
2020-05-29 06:27:37 +00:00
Kenny MacDermid 78164e8bfd
Set touch policy to fixed.
Setting the touch policy to `on` does not prevent the policy from
later being turned off again. Setting it to `fixed` is more secure
because it can not be turned off.

If someone wants to disable the touch policy they can always restore
the keys from the backups created in the guide.
2020-05-27 16:39:29 -03:00
drduh a7ef91d4d8
Merge pull request #190 from schmie/add-info-on-PIN-issues-and-debugging-them
Add information on potential PIN issues and how to debug them
2020-05-27 16:34:08 +00:00
Sebastian Schmieschek e1055025fe
Add information on potential PIN issues and how to debug them
I missed the error message when attempting to set a PIN of only 5 characters due
to the UI repeating the options below it.
Pinentry happily stores the bogus PIN and even counts down the retry counter
when entering the correct (default) one. This can be resolved by unblocking the
PIN.
Once I ran the gpg-agent with debug output (a tip found in the added link), the
issue was obvious.
2020-05-27 11:46:19 +01:00
drduh ccb8b0130a Stack rank secure environment and add a few tips 2020-05-25 12:49:07 -07:00
drduh 0bd52ed7d8
Merge pull request #185 from vald-phoenix/fix-borken-anchor
Fix broken anchor
2020-05-24 17:09:09 +00:00
drduh 26883ba160
Merge pull request #189 from mmaeusezahl/fix_revocation_command
Fix order of revocation command
2020-05-24 17:08:54 +00:00
Max Mäusezahl 1cf9656b33
Fix order of revocation command.
According to 'man gpg' the order of arguments should be

gpg [--homedir name] [--options file] [options] command [args]

In this case '--gen-revoke' is the command, '$KEYID' is an argument and
'--output $GNUPGHOME/revoke.asc' is an option. Previously this was
incorrect (option came first) and would spawn an error.
2020-05-24 17:53:56 +02:00
drduh 0f850c5d2b
Merge pull request #187 from mikem/rotate-edit-in-expert-mode
Include --expert when editing master key
2020-05-18 16:33:06 +00:00
Mike Mazur de13c8dba6
Include --expert when editing master key
This is specifically during setup when rotating keys.
2020-05-17 21:00:03 +08:00
Vladyslav Krylasov 4c1d538c60 Fix broken anchor
There are two anchors with the same name and this breaks navigation.
2020-05-04 19:19:02 +01:00
drduh 740f0745f5
Merge pull request #184 from jstelzer/gpg-on-second-computer
Gpg on second computer
2020-05-04 16:55:52 +00:00
Jason Stelzer aea317b527 Clarified wording 2020-05-04 08:28:23 -04:00
Jason Stelzer 07134a4e4f GPG keys on multiple computers
I feel like this took me longer to figure out than it should have.
2020-05-04 08:22:14 -04:00
drduh 93cbbd9d8b Address throw-keyids issue with mailvelope to fix #178 2020-05-03 14:18:29 -07:00
drduh 46d1d89115 Split export pubkey from backup to fix #175 2020-05-03 14:07:35 -07:00
drduh bf38b94a65 Disambiguate backup volume label to fix #176. 2020-05-03 13:45:58 -07:00
drduh aad01ffde4
Merge pull request #180 from vald-phoenix/yubikey-reset-by-ykman
Describe ykman PGP keys reset
2020-05-03 18:12:47 +00:00
drduh 3be47a8c32
Merge pull request #179 from vald-phoenix/multiple-yubikeys
Describe card serial number error
2020-05-03 18:12:28 +00:00
drduh a1a4a303f9
Merge pull request #177 from apiraino/revoke-cert
Add instructions to create a revoke certificate
2020-05-03 18:11:37 +00:00
drduh afd3fafcc5
Merge pull request #170 from murphy83/Abort-Trick
Added some additonal text describing alternatives that may be used
2020-05-03 18:10:49 +00:00
Vladyslav Krylasov 44d76ac5ab Describe card serial number error 2020-04-29 00:52:24 +01:00
Vladyslav Krylasov 6108558645 Describe ykman PGP keys reset 2020-04-28 21:28:44 +01:00
apiraino 2698cecd4c Add instruction to create a revoke certificate 2020-04-28 16:19:18 +02:00
drduh 42085bb86b
Merge pull request #172 from codesections-forks/master
Add steps for renewing (not rotating) sub-keys
2020-04-13 23:14:54 +00:00
Daniel Sockwell b5adb349ad Add steps for renewing (not rotating) sub-keys
As discussed in issue #164, the current section on Rotating Keys
presents two alternatives: replacing the existing keys with a newly
generated key or extending the validity of existing keys by changing
their expiration.  However, it only provides instructions for the
first approach.  This commit adds instructions for renewing sub-keys.

I am far from an expert, and am submitting this change mostly in hopes
that it will provide documentation for the next time I need to renew
my sub-keys.  I would welcome any changes or clarifications others
would care to offer.
2020-03-24 12:42:42 -04:00
Murphy Laptop db1d86cdd8 Added some additonal text describing alternatives that may be used 2020-03-02 21:18:56 +01:00
drduh 2c2cec316c Bump Debian version, license year 2020-02-12 09:38:36 -08:00
drduh 2fc50760db
Merge pull request #160 from rvl/nixos
Add instructions for NixOS
2020-01-22 06:39:14 +00:00
drduh 51ed654e43
Merge pull request #159 from rvl/multiple-yubikeys
Add more detail about what to do with multiple YubiKeys
2020-01-22 06:39:08 +00:00
drduh 4a3647897d
Merge pull request #158 from rvl/primary-user-id
Add information about setting the primary user ID
2020-01-22 06:38:57 +00:00