knowledge/YubiKey-Guide
1
0
Fork 0
mirror of https://github.com/drduh/YubiKey-Guide.git synced 2024-10-31 18:42:30 +00:00
Code Issues Releases Activity
288 Commits 1 Branch 0 Tags 1.2 MiB
1698736906
Commit Graph

288 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
drduh
cd3b89e9a3 Merge pull request #33 from aleksandr-vin/master 
Replace hkt with gpg to fix unsupported GnuPG 2.1
 2017-09-25 09:24:53 -07:00
Aleksandr Vinokurov
9336fc1317 Replace hkt with gpg to fix unsupported GnuPG 2.1 
hkt does not support GnuPG 2.1 because it expects gpg pubring.

But the export can be done by gpg itself.
 2017-09-23 16:49:48 +02:00
drduh
cedcac7a50 Merge pull request #31 from brendan-rius/patch-1 
Make hkt respect custom $GNUPGHOME
 2017-08-14 10:10:12 -07:00
Brendan Rius
c871adc904 Make hkt respect custom $GNUPGHOME 2017-08-13 13:51:15 +02:00
drduh
366830441e Merge pull request #25 from dlakomski/master 
Add information about composite USB mode on YK with firmware >=3.3
 2017-05-12 09:31:52 -07:00
Dawid Łakomski
07752240cb Add information about composite USB mode on YK with firmware >=3.3 2017-05-12 09:04:23 +02:00
drduh
1ad37577db Use require-cross-certification option. Fix #14. 2016-09-25 11:32:16 -04:00
drduh
94ada05473 Plug in YubiKey correctly. Fix #9. 2016-09-25 11:26:47 -04:00
drduh
ac66a81a35 Merge pull request #24 from wsargent/patch-3 
Use AES256 for private key password encryption
 2016-09-25 11:23:29 -04:00
drduh
223ffe9261 Merge pull request #23 from wsargent/patch-2 
Use signing subkey
 2016-09-25 11:22:21 -04:00
Will Sargent
8515aaf839 Use AES256 for private key password encryption 
Adds 

```
s2k-cipher-algo AES256
```

to the GPG configuration, per https://pthree.org/2015/11/19/your-gnupg-private-key/

> --s2k-cipher-algo name
> Use name as the cipher algorithm used to protect secret keys. The default cipher is CAST5. This cipher is also used for symmetric encryption with a passphrase if --personal-cipher-preferences and --cipher-algo is not given.

https://www.gnupg.org/documentation/manuals/gnupg-2.0/OpenPGP-Options.html#index-s2k_002dcipher_002dalgo
 2016-09-24 10:29:56 -07:00
Will Sargent
ff871a254d Use signing subkey 
The signature was made using `0xBECFA3C1AE191D15`, and has to be used with the signing key, not the root key.

I can verify this with my own key -- using the keyid doesn't work:

```
 ~   echo "$(uname -a)" | gpg --armor --clearsign --default-key 0xB1A9D5A2A605F794
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Linux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJX5aWdAAoJECaAG7YBLqXZi1EP/3R4oOdkXqZXcskwzfjBXa68
oZeKxTB8i74tSPXp0SL26+ULOQ6GRJdIFod2MQtqfjeu6dyNEbIBF1pHWnyLx4Bn
p/+ROoOTiBSFEWPts++yYhmo0tS0cXPv6QPCYqj4mPkJe6u8wVp5hkoyujL/k9bs
cAZSbeyV/hggS0rFTN4/5AeUky4LJPrWYkAiln7D0PVQeZc6DFlDpeup1Az7hWV5
ImRglAfoacNq+0LWslnc51/4knFGC/k4RS/QAyfUNJG/yy/ZZs6FNc7FjyZkw87E
yRqqSPkuL64BmzNxmfKnwgMAesaq8D674lRb7b9TC8sQuuelcbgPkCCDioRmCSWh
+NIe+pwWLIXHSwQntO2FblGFL+IeDYBZy3P5nO+N12EHn2oS2psep04STq5cjRaa
PTMopcDsThzXljn8b6p+Iu2BaFiMkEwpAD8f0knR4DZzorpgMjIV0mEdeDuTzC1L
dPHc7uZsTSSTEgxm7JO8x1h3hfwqX+KvVhmo0SgvwexqsmH7+b6j948RPGSCGBys
wS8HEQgzgznQYSxqnCHvuDT9cIuyuCi9BZfqvRy3NSa+ixKMHJ4n2rFWlw8WbvTm
tKFumm2z3z9JkijzJFj4sHETebaa2ip/TxeQvhFD/jEBB1XaqneDw1UaRll+6auA
K6naZ0LzZx2cOzJpn4xN
=TVTZ
-----END PGP SIGNATURE-----
 ~  
 ~  gpg
gpg: Go ahead and type your message ...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Linux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJX5aWdAAoJECaAG7YBLqXZi1EP/3R4oOdkXqZXcskLinux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/LinuxwzfjBXa68
oZeKxTB8i74tSPXp0SL26+ULOQ6GRJdIFod2MQtqfjeu6dyNEbIBF1pHWnyLx4Bn
p/+ROoOTiBSFEWPts++yYhmo0tS0cXPv6QPCYqj4mPkJe6u8wVp5hkoyujL/k9bs
cAZSbeyV/hggS0rFTN4/5AeUky4LJPrWYkAiln7D0PVQeZc6DFlDpeup1Az7hWV5
ImRglAfoacNq+0LWslnc51/4knFGC/k4RS/QAyfUNJG
/yy/ZZs6FNc7FjyZkw87E
yRqqSPkuL64BmzNxmfKnwgMAesaq8D674lRb7b9TC8sQuuelcbgPkCCDioRmCSWh
+NIe+pwWLIXHSwQntO2FblGFL+IeDYBZy3P5nO+N12EHn2oS2psep04STq5cjRaa
PTMopcDsThzXljn8b6p+Iu2BaFiMkEwpAD8f0knR4DZzorpgMjIV0mEdeDuTzC1L
dPHc7uZsTSSTEgxm7JO8x1h3hfwqX+K
vVhmo0SgvwexqsmH7+b6j948RPGSCGBys
wS8HEQgzgznQYSxqnCHvuDT9cIuyuCi9BZfqvRy3NSa+ixKMHJ4n2rFWlw8WbvTm
tKFumm2z3z9JkijzJFj4sHETebaa2ip/TxeQvhFD/jEBB1XaqneDw1UaRll+6auA
K6naZ0LzZx2cOzJpn4xN
=TVTZ
-----END PGP SIGNATURE-----
gpg: Signature made Fri 23 Sep 2016 02:58:53 PM PDT
gpg:                using RSA key 0x26801BB6012EA5D9
gpg: BAD signature from "Will Sargent <will.sargent@lightbend.com>" [ultimate]
```

but using the signing key does work:

```
 ✘  ~   echo "$(uname -a)" | gpg --armor --clearsign --default-key  0x26801BB6012EA5D9
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Linux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJX5aagAAoJECaAG7YBLqXZvZwP/21yoEQ3hI9hP0QyrFJu/T/0
sD9Y+DGQHBU5WaII3/iVgBN2V3EQwlzX8dP4/LfTm7NQ0M2flgbPbqf/rUYLQQZg
lO489XbI78kk80b3kDebkautN5rQhkU0ZAy/WfDdKmwGnF1hEXzYqEwI5S0tGddT
cKt0U3cZ0XuOI7pdtSOD423tNV4l45sIAT/ndAsgpbzT0ZTkza65V/RHWqGQDDT1
VB6WKmuqOca1gTDYGlW5yITfOqdWjB30ljLjuOjFJjcOunJQmlSRDMGyjfdzF3ec
X1/+vLKnI0M2ipFaxKTtjdCTo8+26wjExdGca6Sy8v9M0zBjA2vgCGBTwCpXkMQE
4HFZ6N0+6k/3icyNALJhHSRkApNom3ZqINntDNNcN/tyHZVUijb5/hfv7W4D5LSe
8b1/UbF/R46w21sgR4Rzfv5EsbZkkjWx65hTXYWByf4PqZ7NiJJGbETpPC8wSc+4
oZNk9SLZunzE2Gemk2CXu7VXR58BIP014FHjU4FN7k54ZGn7IzU2xfKCZ+se7pFh
SzWIrDhZP5vsbCMbh4HzD4WFPLteNOdV+nkHi4iaSXc7UQfdgZIeKb2ljbjJTmN4
fyi/Zjk0+29pwB+W5iWD4AoKqzSsHMCrK73KRyAHcFaHOHILl8grG0GsfJmPGHCz
Mm3O7IH5is7ZkvOmbUMY
=jQY+
-----END PGP SIGNATURE-----
 ~  gpg
gpg: Go ahead and type your message ...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Linux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJX5aagAAoJECaAG7YBLqXZvZwP/21yoEQ3hI9hP0QyrFJu/T/0
sD9Y+DGQHBU5WaII3/iVgBN2V3EQwlzX8dP4/LfTm7NQ0M2flgbPbqf/rUYLQQZg
lO489XbI78kk80b3kDebkautN5rQhkU0ZAy/WfDdKmwGnF1hEXzYqEwI5S0tGddT
cKt0U3cZ0XuOI7pdtSOD423tNV4l45sIAT/ndAsgpbzT0ZTkza65V/RHWqGQDDT1
VB6WKmuqOca1gTDYGlW5yITfOqdWjB30ljLjuOjFJjcOunJLinux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
QmlSRDMGyjfdzF3ec
X1/+vLKnI0M2ipFaxKTtjdCTo8+26wjExdGca6Sy8v9M0zBjA2vgCGBTwCpXkMQE
4HFZ6N0+6k/3icyNALJhHSRkApNom3ZqINntDNNcN/tyHZVUijb5/hfv7W4D5LSe
8b1/UbF/R46w21sgR4Rzfv5EsbZkkjWx65hTXYWByf4PqZ7NiJJGbETpPC8wSc+4
oZNk9SLZunzE2Gemk2CXu7VXR58BIP014FHjU4FN7k54ZGn7IzU2xfKCZ+se7pFh
SzWIrDhZP5vsbCMbh4HzD4WFPLteNOdV+nkHi4iaSXc7UQfdgZIeKb2ljbjJTmN4
fyi/Zjk0+29pwB+W5iWD4AoKqzSsHMCrK73KRyAHcFaHOHILl8grG0GsfJmPGHCz
Mm3O7IH5is7ZkvOmbUMY
=jQY+
-----END PGP SIGNATURE-----

gpg: Signature made Fri 23 Sep 2016 03:03:12 PM PDT
gpg:                using RSA key 0x26801BB6012EA5D9
gpg: Good signature from "Will Sargent <will.sargent@lightbend.com>" [ultimate]
gpg:                 aka "Will Sargent <will.sargent@gmail.com>" [ultimate]
Primary key fingerprint: 75E4 E7F9 1D18 D981 3028  64B1 B1A9 D5A2 A605 F794
     Subkey fingerprint: ADB3 1ED0 EC01 44AF 8301  320D 2680 1BB6 012E A5D9
```
 2016-09-23 15:09:04 -07:00
drduh
97c39f90b0 Merge pull request #20 from wsargent/patch-1 
Add instructions for installing gnupg-curl
 2016-09-22 16:03:52 -04:00
Will Sargent
e195a60ecc Add $ 2016-09-22 13:00:08 -07:00
Will Sargent
99aef6c70d Add instructions for installing gnupg-curl 
Fixes https://github.com/drduh/YubiKey-Guide/issues/5
 2016-09-21 15:00:27 -07:00
drduh
aa76300eac Merge pull request #17 from wsargent/patch-1 
Add key checking
 2016-09-20 15:54:36 -04:00
Will Sargent
678c8a8da7 Prepend $ 2016-09-20 12:54:03 -07:00
Will Sargent
9c5c247446 Add key checking 2016-09-20 12:39:35 -07:00
drduh
e6a7604e3b Merge pull request #16 from wsargent/patch-1 
Add an extra error condition
 2016-09-20 13:51:45 -04:00
Will Sargent
8f8322a479 Add an extra error condition 2016-09-20 10:18:47 -07:00
drduh
28ec429082 Merge pull request #13 from wsargent/patch-2 
Discuss pinentry-gnome3
 2016-09-16 19:44:53 -04:00
Will Sargent
388f1599da Discuss pinentry-gnome3 2016-09-16 15:47:39 -07:00
drduh
1694113b2c Merge pull request #12 from wsargent/patch-1 
Adds explanation of ssh-add -L option
 2016-09-16 17:42:32 -04:00
Will Sargent
25ec3400e6 Adds explanation of ssh-add -L option 2016-09-16 14:41:01 -07:00
drduh
b6bf3ee41b Merge pull request #10 from wsargent/patch-1 
Change rnorth link
 2016-09-16 17:21:16 -04:00
Will Sargent
75c5c07e14 Change link 
https://rnorth.org/8/gpg-and-ssh-with-yubikey-for-mac is https://rnorth.org/gpg-and-ssh-with-yubikey-for-mac now.
 2016-09-16 14:20:11 -07:00
drduh
3964cd9e5f Followed my own guide to make new keys; refresh 2016-05-25 02:25:07 +00:00
drduh
cb6bfd972e Merge pull request #1 from victorso/patch-1 
yubikey tails fix
 2016-05-18 13:42:46 -04:00
drduh
45d2b41a83 Merge pull request #2 from victorso/patch-2 
Export public key to file
 2016-05-18 13:41:55 -04:00
Victor Fischer Scattone
bce316b45c Export public key to file 
The public key must be written on a file.
 2016-05-18 14:41:12 -03:00
Victor Fischer Scattone
2de6ad9a99 yubikey tails fix 
Fix to use the yubikey on Tails
 2016-05-18 14:35:42 -03:00
drduh
da1ce278c6 Use variable to store Key ID 2016-05-09 02:47:16 +00:00
drduh
1c16d968e9 Add encrypted USB backup instructions, grammar fixes 2016-04-25 17:49:51 +00:00
drduh
e86af76264 Use IO rediction for revocation certificate step 2016-02-25 15:28:36 -05:00
drduh
c34f78044e Fix up formatting. 2016-02-01 21:49:46 -05:00
drduh
f4c76ba210 Create local configuration, too 2016-02-01 21:45:34 -05:00
drduh
172a4292a5 Create README.md 2016-01-31 20:58:24 -05:00
drduh
6f1fcddea1 Initial commit 2016-01-31 20:56:50 -05:00