1
0
mirror of https://github.com/drduh/YubiKey-Guide.git synced 2024-12-22 08:28:55 +00:00
Commit Graph

571 Commits

Author SHA1 Message Date
Jean-Paul van Ravensberg
1a955f88aa
Add small adjustments after renewing my subkeys 2021-11-07 13:07:01 +01:00
Matthias Pigulla
76d32d2cd9
Point out that paperkey backups are password-protected
Fixes #263. Really though decision to make whether a paper printout with the password is a good way to go (recoverable but needs a really good place to keep) or not (more protection, but possibly worthless).
2021-10-25 09:31:57 +02:00
drduh
fe6434577b
Merge pull request #291 from gaffneyd4/improve-recovery-guide
Added clearer recovery options
2021-10-24 11:08:50 -07:00
drduh
5823d488f3
Merge pull request #290 from NiklasMerz/mac-m1
add pinentry path for M1 macs
2021-10-24 11:08:10 -07:00
drduh
2cbfcfba49
Merge pull request #288 from watermelonpizza/master
Use GPT instead of MBR
2021-10-24 11:07:16 -07:00
drduh
1c1e76623f
Merge pull request #285 from jaeha-choi/master
Add Key Derived Function (KDF) setting
2021-10-24 10:53:28 -07:00
drduh
b621273182
Merge pull request #284 from jsoref/grammar
Minor grammar fixes
2021-10-24 10:52:28 -07:00
drduh
fcf4f01ff1
Merge pull request #239 from basbebe/temp-folder-prefix-with-date
add prefix and date to temporary folder
2021-10-24 10:49:51 -07:00
Derek Gaffney
248e207527
Add TOC entry, fix link 2021-10-10 08:52:12 -04:00
Wheest
77394c2773
Added clearer recovery options 2021-10-10 08:44:26 -04:00
Niklas Merz
6740fa9a10
add pinentry path for M1 macs
Closes #289
2021-10-05 22:16:36 +02:00
Daniel Miller
3418634c66
Use GPT instead of MBR 2021-10-04 22:10:12 +11:00
basbebe
ad09f543af
add prefix and date to temporary folder
This makes identifying the latest version easier when daleing with backups.
2021-09-30 10:46:06 +02:00
Jaeha Choi
b59107d413
Add note about KDF 2021-09-06 20:29:32 -07:00
Josh Soref
a98866a185
Minor grammar fixes 2021-08-26 00:20:09 -04:00
apiraino
d25f131c38
linting
Signed-off-by: apiraino <apiraino@users.noreply.github.com>
2021-08-22 21:31:20 +02:00
apiraino
5182d5e3d8
Rewrite keys generation tutorial
The master key is now created with `--batch` and a configuration script.
The subkeys are created with the quick key manipulation
interface (`--quick-add-key`).

Also provided two configuration scripts as templates for a RSA4096 or a
ED25519 master key.

Signed-off-by: apiraino <apiraino@users.noreply.github.com>
2021-08-22 21:31:17 +02:00
drduh
31074ac13d Stage alternatives section and cleanup grammar 2021-08-15 17:06:20 -07:00
drduh
569231bf2b Note to permasave password to fix #206 2021-08-15 16:12:36 -07:00
drduh
371d4ec77b Mention the yubikey troubleshooting guide for gpg to fix #217 2021-08-15 15:46:14 -07:00
drduh
7bfae57336 Update filenames to fix #222 2021-08-15 15:42:53 -07:00
drduh
a02350f318
Merge pull request #276 from pedrohdz-scrap/clarify.pins-take.2
Clarified PIN config
2021-08-15 15:36:44 -07:00
drduh
92e2a5e8ac
Merge pull request #262 from iandstanley/patch-1
switching between Yubikeys
2021-08-15 15:24:30 -07:00
drduh
8816d9759f
Merge pull request #264 from iandstanley/master
added mention of ssh key support for blue security keys
2021-08-15 15:22:11 -07:00
drduh
fce12ceac5
Merge pull request #259 from iandstanley/patch-1
Script to switch between two Yubikeys with identical keys
2021-08-15 15:19:17 -07:00
drduh
a12a01c1bc
Merge pull request #268 from reissmann/patch-1
Update nixos LiveCD example
2021-08-15 15:15:16 -07:00
Pedro H
1a83925dda
Expanded on GPG PIN config 2021-08-10 14:37:28 +02:00
Andrew Martinez
87f48f547b
clarify pins, drduh/YubiKey-Guide#248
- define each pin name, default, usage
- call out special admin pin restrictions
2021-08-10 12:50:36 +02:00
Sven Reissmann
23caa2c36b
Update nixos LiveCD example
````nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-kde.nix```` no longer exists. 
Update to ````nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-plasma5.nix````
2021-07-05 10:19:58 +02:00
Ian Stanley
15bb00b428
added mention of ssh key support for blue security keys
As detailed in their recent press release and blog post

https://www.yubico.com/blog/github-now-supports-ssh-security-keys/
2021-06-08 20:59:02 +01:00
Ian Stanley
f6818480a5
added to section multiple Yubikeys section re: switching between Yubikeys
section describes the issue and the remedy for GPG stubs only pointing to the Yubikey that was last subject to the keytocard command
2021-06-04 22:47:38 +01:00
drduh
20dd0687cd
Merge pull request #247 from jamesob/jamesob-21-03-pass-trouble
Add note about pass insert error and `trust-key` usage
2021-05-31 16:21:51 +00:00
drduh
21c0e03cd0
Merge pull request #246 from whiskeysierra/patch-1
Update usage of ykman
2021-05-31 16:21:24 +00:00
drduh
6490586595
Merge pull request #232 from captn3m0/warning
[security] Adds warning about PUK being default
2021-05-31 16:19:49 +00:00
drduh
1566801177
Merge pull request #231 from captn3m0/change-puk
Adds instructions on changing the PUK
2021-05-31 16:19:29 +00:00
drduh
fbe33ccccd
Merge pull request #258 from vorburger/patch-6
Add hint re. (new) `ssh-keygen -t ed25519-sk`
2021-05-31 16:18:45 +00:00
Ian Stanley
ffb29e7f01
Script to switch between two Yubikeys with identical keys
Some GitHub users have asked in the issues why can't I use two Yubikeys (one as a backup). It's a question often asked 

The usual answer given across the web is that you can't as GPG replaces the key with key stubs when you quit and save (if you don't save then the Yubikey appears useless as GPG doesn't delete the keys and carries on using them off the keyring.

If once you have run keytocard to transfer your keys to the Yubikey#1 you QUIT WITHOUT SAVING then you can repeat the whole process again and put in your Yubikey#2 and keytocard again. this time QUIT AND SAVE.

GPG will now replace the keys with a key stub pointing to the Yubikey with the card serial number (see Yubikey serial on back of key) when you try to decrypt/sign/authenticate. The first Yubikey will be ignored despite the fact it has a copy of the Yubikey.

However you can use gpg-connect-agent to force read the Yubikey and repoint the key stubs to the keys on the Yubikey inserted.

Just run the script and insert whichever key you have to have (primary or backup) when prompted 

NB once this script has been run GPG will be pointing the stubs at the recently used Yubikey ... to go back to your first Yubikey again switch Yubikeys and re-run script

Simples :)
2021-05-05 00:42:48 +01:00
Michael Vorburger ⛑️
49bfbf81ed
Add hint re. (new) ssh-keygen -t ed25519-sk 2021-05-01 16:20:32 +02:00
James O'Beirne
47cd085518
Add note about pass insert error and trust-key usage
When using a previously provisioned YubiKey on a new computer,
I was met with an "Unusable public key" error when trying to insert
a new password, despite being able to decrypt pass entries.

I tried setting the trust on the key via `gpg --edit-key`, but was
then met with "Need secret key to do this."

I found that the solution is apparently to use the `trust-key`
directive in `~/.gnupg/gpg.conf`, which is not mentioned in the README
at the moment.
2021-03-25 11:40:22 -04:00
Willi Schönborn
592bdc5733
Update usage of ykman
Fixes the following warning:

WARNING: The use of this command is deprecated and will be removed!
Replace with: ykman openpgp keys set-touch
2021-03-24 14:51:38 +01:00
drduh
de29a9e45c
Merge pull request #242 from inducer/patch-1
Fix: "quit" to save -> "save" to save
2021-02-11 17:11:41 -08:00
drduh
1d03a5201d
Merge pull request #240 from basbebe/macOS-GUI-setup
Add SSH setup for macOS GUI applications
2021-02-08 22:55:21 -08:00
drduh
3dd82e7675
Merge pull request #243 from berwag/patch-1
Additions to "Required Software"
2021-02-04 23:40:47 -08:00
berwag
fb4d390317
Update README.md 2021-02-04 19:39:15 +01:00
berwag
4370ba86ac
Update README.md
changed wording according to yubischiess' comment
2021-01-28 11:19:53 +01:00
berwag
ed85d93845
Additions to "Required Software"
proposed change according to Issue#215
2021-01-27 20:24:51 +01:00
drduh
fb01a87112
Merge pull request #241 from basbebe/fish-config
add fish config
2021-01-18 11:32:42 -08:00
Andreas Klöckner
d921fa05bb
Fix: "quit" to save -> "save" to save 2021-01-13 11:32:41 -06:00
basbebe
a65cdca19a
add fish config 2021-01-10 20:01:55 +01:00
basbebe
9fe946c8b1
Add SSH setup for macOS GUI applications
On macOS, a LaunchAgent needs to be created to overwrite the system's SSH agent.

see https://github.com/drduh/YubiKey-Guide/issues/229
2021-01-10 19:54:58 +01:00