1
0
mirror of https://github.com/drduh/YubiKey-Guide.git synced 2024-11-14 00:14:05 +00:00
Commit Graph

355 Commits

Author SHA1 Message Date
apiraino
5182d5e3d8
Rewrite keys generation tutorial
The master key is now created with `--batch` and a configuration script.
The subkeys are created with the quick key manipulation
interface (`--quick-add-key`).

Also provided two configuration scripts as templates for a RSA4096 or a
ED25519 master key.

Signed-off-by: apiraino <apiraino@users.noreply.github.com>
2021-08-22 21:31:17 +02:00
drduh
31074ac13d Stage alternatives section and cleanup grammar 2021-08-15 17:06:20 -07:00
drduh
569231bf2b Note to permasave password to fix #206 2021-08-15 16:12:36 -07:00
drduh
371d4ec77b Mention the yubikey troubleshooting guide for gpg to fix #217 2021-08-15 15:46:14 -07:00
drduh
7bfae57336 Update filenames to fix #222 2021-08-15 15:42:53 -07:00
drduh
a02350f318
Merge pull request #276 from pedrohdz-scrap/clarify.pins-take.2
Clarified PIN config
2021-08-15 15:36:44 -07:00
drduh
92e2a5e8ac
Merge pull request #262 from iandstanley/patch-1
switching between Yubikeys
2021-08-15 15:24:30 -07:00
drduh
8816d9759f
Merge pull request #264 from iandstanley/master
added mention of ssh key support for blue security keys
2021-08-15 15:22:11 -07:00
drduh
fce12ceac5
Merge pull request #259 from iandstanley/patch-1
Script to switch between two Yubikeys with identical keys
2021-08-15 15:19:17 -07:00
drduh
a12a01c1bc
Merge pull request #268 from reissmann/patch-1
Update nixos LiveCD example
2021-08-15 15:15:16 -07:00
Pedro H
1a83925dda
Expanded on GPG PIN config 2021-08-10 14:37:28 +02:00
Andrew Martinez
87f48f547b
clarify pins, drduh/YubiKey-Guide#248
- define each pin name, default, usage
- call out special admin pin restrictions
2021-08-10 12:50:36 +02:00
Sven Reissmann
23caa2c36b
Update nixos LiveCD example
````nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-kde.nix```` no longer exists. 
Update to ````nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-plasma5.nix````
2021-07-05 10:19:58 +02:00
Ian Stanley
15bb00b428
added mention of ssh key support for blue security keys
As detailed in their recent press release and blog post

https://www.yubico.com/blog/github-now-supports-ssh-security-keys/
2021-06-08 20:59:02 +01:00
Ian Stanley
f6818480a5
added to section multiple Yubikeys section re: switching between Yubikeys
section describes the issue and the remedy for GPG stubs only pointing to the Yubikey that was last subject to the keytocard command
2021-06-04 22:47:38 +01:00
drduh
20dd0687cd
Merge pull request #247 from jamesob/jamesob-21-03-pass-trouble
Add note about pass insert error and `trust-key` usage
2021-05-31 16:21:51 +00:00
drduh
21c0e03cd0
Merge pull request #246 from whiskeysierra/patch-1
Update usage of ykman
2021-05-31 16:21:24 +00:00
drduh
6490586595
Merge pull request #232 from captn3m0/warning
[security] Adds warning about PUK being default
2021-05-31 16:19:49 +00:00
drduh
1566801177
Merge pull request #231 from captn3m0/change-puk
Adds instructions on changing the PUK
2021-05-31 16:19:29 +00:00
drduh
fbe33ccccd
Merge pull request #258 from vorburger/patch-6
Add hint re. (new) `ssh-keygen -t ed25519-sk`
2021-05-31 16:18:45 +00:00
Ian Stanley
ffb29e7f01
Script to switch between two Yubikeys with identical keys
Some GitHub users have asked in the issues why can't I use two Yubikeys (one as a backup). It's a question often asked 

The usual answer given across the web is that you can't as GPG replaces the key with key stubs when you quit and save (if you don't save then the Yubikey appears useless as GPG doesn't delete the keys and carries on using them off the keyring.

If once you have run keytocard to transfer your keys to the Yubikey#1 you QUIT WITHOUT SAVING then you can repeat the whole process again and put in your Yubikey#2 and keytocard again. this time QUIT AND SAVE.

GPG will now replace the keys with a key stub pointing to the Yubikey with the card serial number (see Yubikey serial on back of key) when you try to decrypt/sign/authenticate. The first Yubikey will be ignored despite the fact it has a copy of the Yubikey.

However you can use gpg-connect-agent to force read the Yubikey and repoint the key stubs to the keys on the Yubikey inserted.

Just run the script and insert whichever key you have to have (primary or backup) when prompted 

NB once this script has been run GPG will be pointing the stubs at the recently used Yubikey ... to go back to your first Yubikey again switch Yubikeys and re-run script

Simples :)
2021-05-05 00:42:48 +01:00
Michael Vorburger ⛑️
49bfbf81ed
Add hint re. (new) ssh-keygen -t ed25519-sk 2021-05-01 16:20:32 +02:00
James O'Beirne
47cd085518
Add note about pass insert error and trust-key usage
When using a previously provisioned YubiKey on a new computer,
I was met with an "Unusable public key" error when trying to insert
a new password, despite being able to decrypt pass entries.

I tried setting the trust on the key via `gpg --edit-key`, but was
then met with "Need secret key to do this."

I found that the solution is apparently to use the `trust-key`
directive in `~/.gnupg/gpg.conf`, which is not mentioned in the README
at the moment.
2021-03-25 11:40:22 -04:00
Willi Schönborn
592bdc5733
Update usage of ykman
Fixes the following warning:

WARNING: The use of this command is deprecated and will be removed!
Replace with: ykman openpgp keys set-touch
2021-03-24 14:51:38 +01:00
drduh
de29a9e45c
Merge pull request #242 from inducer/patch-1
Fix: "quit" to save -> "save" to save
2021-02-11 17:11:41 -08:00
drduh
1d03a5201d
Merge pull request #240 from basbebe/macOS-GUI-setup
Add SSH setup for macOS GUI applications
2021-02-08 22:55:21 -08:00
drduh
3dd82e7675
Merge pull request #243 from berwag/patch-1
Additions to "Required Software"
2021-02-04 23:40:47 -08:00
berwag
fb4d390317
Update README.md 2021-02-04 19:39:15 +01:00
berwag
4370ba86ac
Update README.md
changed wording according to yubischiess' comment
2021-01-28 11:19:53 +01:00
berwag
ed85d93845
Additions to "Required Software"
proposed change according to Issue#215
2021-01-27 20:24:51 +01:00
drduh
fb01a87112
Merge pull request #241 from basbebe/fish-config
add fish config
2021-01-18 11:32:42 -08:00
Andreas Klöckner
d921fa05bb
Fix: "quit" to save -> "save" to save 2021-01-13 11:32:41 -06:00
basbebe
a65cdca19a
add fish config 2021-01-10 20:01:55 +01:00
basbebe
9fe946c8b1
Add SSH setup for macOS GUI applications
On macOS, a LaunchAgent needs to be created to overwrite the system's SSH agent.

see https://github.com/drduh/YubiKey-Guide/issues/229
2021-01-10 19:54:58 +01:00
drduh
4544d41d4c
Merge pull request #225 from ZenithalHourlyRate/gpg-agent-forward
Add New Agent Forward Method and Clarify Two Methods
2020-12-30 09:14:23 -08:00
drduh
2c55c55c7a
Merge pull request #224 from ZenithalHourlyRate/mutt-email
Add Mutt email client gpg config and Some note when configuring
2020-12-25 12:48:49 -08:00
Nemo
548b2adf2b Adds warning about PUK being default 2020-12-25 12:52:39 +05:30
Nemo
8c5dfd2475 Adds instructions on changing the PUK 2020-12-25 12:49:06 +05:30
Zenithal
1eacf97835
Rephrase one sentence according to one comment on drduh/YubiKey-Guide#225 2020-12-24 21:08:41 +08:00
Zenithal
a24fa8f373
Add subsections on chained agent forwarding 2020-12-24 21:01:44 +08:00
Zenithal
7e49f5cc89
Add note on chained agent forwarding 2020-12-03 01:18:21 +08:00
Zenithal
52727f1e04
Correct WSL agent forwarding
This is a mix of two forwarding method,
this commit separates them
2020-12-03 01:16:47 +08:00
Zenithal
6097e6762c
Change note in alter agent section
Different methods have different requirements
2020-12-03 01:01:36 +08:00
Zenithal
0d06d2ace8
Add new method for ssh-agent forwarding 2020-12-03 00:52:43 +08:00
Zenithal
54f9e8a3f9
Add details to GPG-Agent forward; Alter structure
GPG Agent forwarding has a broader usage, not only
limited to ssh-agent forwarding.

In this commit gpg-agent forwarding is raised as a
separate section as it can not be contained by #SSH
any longer.

More details are added for gpg-agent forwarding, including
some important notes taken from practice and analysis.

For ssh-agent forward, older method are contained, and new
method will be included as framework has been structured.
2020-12-03 00:13:15 +08:00
Zenithal
410a1d6ac2
Change format of important notes in mutt subsection 2020-12-02 23:23:34 +08:00
Zenithal
083aa53cf0
Add Mutt subsection in Email section 2020-12-02 22:59:30 +08:00
Zenithal
0ea32bb949
Add Mutt in Email intro 2020-12-02 22:35:56 +08:00
drduh
fc6f9eb80d
Merge pull request #218 from DevSecNinja/devsecninja/addPowerShellCommand
Add PowerShell command to get YubiKey name
2020-11-21 10:59:23 -08:00
drduh
006ea19d04
Merge pull request #213 from linutsdc/fix-links
Fix links with parentheses
2020-11-21 10:48:00 -08:00