knowledge/YubiKey-Guide
1
0
Fork 0
mirror of https://github.com/drduh/YubiKey-Guide.git synced 2024-11-09 14:20:57 +00:00
Code Issues Releases Activity
551 Commits 1 Branch 0 Tags 1.2 MiB
8a286bb341
Commit Graph

414 Commits

Author SHA1 Message Date
Justus Perlwitz
8a286bb341 Remove trailing whitespace in README.md 2024-07-20 22:03:12 +09:00
Justus Perlwitz
2ca7dbb5b0 Document how to test NixOS build with QEMU 2024-07-20 22:03:12 +09:00
denis-roy
5f55f780d7
Corrected small typo in README.md 
maintenace -> maintenance
 2024-07-06 16:55:40 -04:00
drduh
72eead099c Should only have one identity loaded when renewing 2024-06-30 16:44:40 -07:00
drduh
778b292917 Renew expired subkeys, fix #442 2024-06-30 16:41:16 -07:00
drduh
b7baf0cbd0 Fix secret function 2024-06-30 16:28:39 -07:00
drduh
8458f76129 Export variables throughout 2024-06-30 15:08:49 -07:00
straysheep-dev
d64c75a45f
Move networking section to Optional hardening 2024-05-05 23:08:05 -07:00
straysheep-dev
bf1eef2c0d
Merge branch 'drduh:master' into patch-1 2024-05-05 22:37:21 -07:00
Manuel Thalmann
6cfb493f2b Export the GNUPGHOME variable 
Merging this PR will fix #434
 2024-05-03 02:23:00 +02:00
straysheep-dev
0f316de2d8
Add networking section to README.md 2024-04-18 18:59:50 -07:00
drduh
9a59d651b0 Tidy style and formatting 2024-03-29 08:17:24 -07:00
Will Stephenson
ada8ec6157 Fix broken 'SSH agent forwarding' internal links 2024-03-25 15:22:23 +01:00
drduh
197b92d098 Remove NEO (discontinued in 2018), sort troubleshooting 2024-03-24 10:08:30 -07:00
drduh
90292fe553 Update LUKS link, make commands consistent, more passphrase guidance 2024-03-24 09:47:01 -07:00
drduh
5a4884685d Optional hardening section, additional validation steps 2024-03-24 08:11:10 -07:00
Will Stephenson
953bac8739 Fix typo in date command 2024-03-19 22:17:40 +01:00
drduh
30d5f3905f Add command-line passphrase template 2024-03-17 18:34:53 -07:00
drduh
7a1039ab08 Replace mkdir commands 2024-03-17 17:28:53 -07:00
drduh
6272fc4181 Install yubikey-manager directly on Debian 2024-03-17 17:22:15 -07:00
drduh
a0fa35cf11 Simplify and automate fdisk commands 2024-03-17 17:04:48 -07:00
drduh
ac8ff82085 Stick with 6/8 digit PINs 2024-03-17 11:53:37 -07:00
drduh
38a6c057aa Remove obsolete stuff, clean up intro 2024-03-17 10:16:32 -07:00
drduh
228ff7c7ca Move keyserver instructions to later, more batch commands 2024-03-17 09:43:11 -07:00
drduh
a1081d20ac Automate PIN and card operations 2024-03-16 21:43:21 -07:00
drduh
b2959d075b Simplify instructions, reduce manual labor 2024-03-16 19:35:04 -07:00
drduh
12b232d28f
Merge pull request #423 from Xronophobe/fix/quick-add-key-with-fpr 
update gpg --quick-add-key commands
 2024-03-11 16:10:32 +00:00
drduh
c1b556c7c5 formatting fix 2024-03-10 14:22:32 -07:00
drduh
f0a0801a51 Workaround for Authenticate key issue 2024-03-10 14:20:00 -07:00
Csanad Beres
623a60cc83 update gpg --quick-add-key commands 
it seems to be only accepting fingerprints and rejecting key ID-s
 2024-03-07 15:17:14 +01:00
drduh
07e0fe71fd few more standard terms 2024-02-12 11:32:26 -08:00
drduh
678e779b1f typo 2024-02-12 11:28:49 -08:00
drduh
6e19ae4cc4 few more style nits 2024-02-12 11:24:27 -08:00
drduh
29563423c1 explicit keytocard instructions 2024-02-12 11:03:26 -08:00
drduh
0b24d77c18 simplify batch instructions 2024-02-12 10:51:55 -08:00
drduh
ca052604c3 standard names for subkeys 2024-02-12 10:45:38 -08:00
drduh
8e914a3a60 remove yubikey as rng 2024-02-12 10:02:58 -08:00
drduh
d6848d5440 remove multiple hosts 2024-02-12 09:33:22 -08:00
drduh
92d4212019 more grammar 2024-02-11 22:19:52 -08:00
drduh
c69295975c few more cleanups 2024-02-11 21:48:35 -08:00
drduh
c6052c9028 simplify console output, use generic info 2024-02-11 21:09:11 -08:00
drduh
fbd7008a16 more grammar and formatting 2024-02-11 17:43:45 -08:00
drduh
152f7fb262 grammar and style 2024-02-11 15:37:31 -08:00
drduh
cfe0fa282d grammar and standardize storage terminology 2024-02-11 13:56:32 -08:00
drduh
24ca007315 standardize Certify/Subkeys, easier command copy, organize links 2024-02-11 12:36:47 -08:00
drduh
c0b4ca6f78
Merge pull request #416 from Paraphraser/20240210-disable-ccid-master 
add step to set `disable-ccid` in `scdaemon.conf`
 2024-02-11 02:34:37 +00:00
Phill Kelley
5c3a4e8b18
fix rookie mistake 
Add a one-liner that works. Then think about the context and decide to
recommend a rearrangement. And then muck up the consequential adjustment
of the original one-liner. I think I got a badge for that in the scouts.

Well spotted. Sorry.

Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
 2024-02-11 09:32:04 +11:00
drduh
b2d55a80de
Merge pull request #408 from jpickwell/patch-1 
Quote Debian Live ISO URL, and add $ to AWK RegExp.
 2024-02-10 17:21:32 +00:00
drduh
db9316a8ce
Merge pull request #411 from motiejus/motiejus-flake 
NixOS Live Image: convert to a flake
 2024-02-10 17:21:06 +00:00
Phill Kelley
f8fcb0c2d1
add step to set disable-ccid in scdaemon.conf 
Issue #404 reports "GPG acts like my YubiKey isn't plugged in".

With GnuPG 2.3 and later, the system can get into a loop where it
prompts for insertion of a YubiKey even though that YubiKey is already
connected.

The solution for this is to set `disable-ccid` in
`~/.gnupg/scdaemon.conf`.

Testing suggests setting `disable-ccid` does not interfere with earlier
versions of GnuPG (eg 2.2.27 on Debian Bullseye or 2.2.40 on Debian
Bookworm).

This problem has also been mentioned in #277 and #256. Including a step
in the Guide to set `disable-ccid` may help minimise recurrence.

Also takes the opportunity to ensure `~/.gnupg` directory exists on a
new system before downloading `gpg.conf`.

References:

* Ludovic Rousseau

	- [GnuPG and PC/SC conflicts](https://ludovicrousseau.blogspot.com/2019/06/gnupg-and-pcsc-conflicts.html)

* GnuPG.org:

	- [Scdaemon Options](https://www.gnupg.org/documentation/manuals/gnupg/Scdaemon-Options.html#index-disable_002dccid)

* YubiCo:

	- [Resolving GPG's CCID conflicts](https://support.yubico.com/hc/en-us/articles/4819584884124-Resolving-GPG-s-CCID-conflicts)
	- [Troubleshooting Issues with GPG](https://support.yubico.com/hc/en-us/articles/360013714479-Troubleshooting-Issues-with-GPG)

* Closed issues:

	- [277 pcscd: Error Reader Exclusive](https://github.com/drduh/YubiKey-Guide/issues/277)
	- [256 Update scdaemon.conf for gnupg 2.3 with MacOS (and possibly others)](https://github.com/drduh/YubiKey-Guide/issues/256)

Fixes #404

Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
 2024-02-10 14:11:33 +11:00