412 Commits

Author	SHA1	Message	Date
andy	f0e877fe5f	Fix links with parentheses	2020-09-17 19:31:00 -04:00
dragon788	94a753d4a1	Merge branch 'master' into update-python-refs	2020-09-02 13:57:38 -05:00
Rudy Gevaert	547c1267bc	unset GNUPGHOME variable ... if not done, in the next step you get error: gpg: keyblock resource '/home/..../gnupg-workspace/pubring.kbx': No such file or directory gpg: no writable keyring found: Not found	2020-09-01 14:20:32 +02:00
drduh	03f0e40558	Merge branch 'master' of https://github.com/Amolith/YubiKey-Guide into Amolith-master	2020-08-30 14:19:41 -07:00
Mirko Vogt	767b84eb3b	Add option to retrieve additionaly entropy from YubiKey itself	2020-08-29 16:24:34 +00:00
Amolith	0e7dabeeeb	change defaults and add info to #Require touch ... As mentioned in #197, the previous behaviour would require users to touch their key any time an authentication, signing, or encryption operation was performed. In some situations, this behaviour would be undesirable and the only way to revert it would be fully resetting the key and starting from scratch. Rather than using `fixed`, this commit simply turns the feature `on` so the user can change it later if they wish. Additionally, a note about the other policies was included so users can decide for themselves which fits their situation better.	2020-08-26 23:42:53 -04:00
dragon788	9bb54914b4	Merge branch 'master' into update-python-refs	2020-08-23 13:20:03 -05:00
drduh	697a7d8fb9	Merge pull request #203 from bengim/bengim-patch-PyOpenSSL ... fixing wrong cryptography version	2020-08-22 14:19:45 -07:00
bengim	2187610c1d	Update README.md ... fixing wrong cryptography version by explicitly installing PyOpenSSL	2020-08-22 19:33:38 +04:00
dragon788	58b7c819d7	Python2 is EOL, update packages/references to Py3	2020-08-21 17:55:28 -05:00
Stefano Figura	8a95de3e3f	Correct spelling	2020-08-14 00:12:06 +02:00
Stefano Figura	a2bc415f84	Update wording ... Ensure that is clear that we do not need to modify keys or even plug the yubikey	2020-08-14 00:06:37 +02:00
Stefano Figura	8a08a8ac15	Update notation section	2020-08-13 23:51:42 +02:00
Stefano Figura	c9ea04db2c	Add notations section	2020-08-13 23:45:18 +02:00
b1f6c1c4	f6f2c26e90	Fix usage inconsistency ... Master key shall only be used to certify other keys. The usage indicator in README.md is inconsistently shown as SC and C.	2020-08-11 02:17:08 -04:00
Kenny MacDermid	78164e8bfd	Set touch policy to fixed. ... Setting the touch policy to `on` does not prevent the policy from later being turned off again. Setting it to `fixed` is more secure because it can not be turned off. If someone wants to disable the touch policy they can always restore the keys from the backups created in the guide.	2020-05-27 16:39:29 -03:00
Sebastian Schmieschek	e1055025fe	Add information on potential PIN issues and how to debug them ... I missed the error message when attempting to set a PIN of only 5 characters due to the UI repeating the options below it. Pinentry happily stores the bogus PIN and even counts down the retry counter when entering the correct (default) one. This can be resolved by unblocking the PIN. Once I ran the gpg-agent with debug output (a tip found in the added link), the issue was obvious.	2020-05-27 11:46:19 +01:00
drduh	ccb8b0130a	Stack rank secure environment and add a few tips	2020-05-25 12:49:07 -07:00
drduh	0bd52ed7d8	Merge pull request #185 from vald-phoenix/fix-borken-anchor ... Fix broken anchor	2020-05-24 17:09:09 +00:00
Max Mäusezahl	1cf9656b33	Fix order of revocation command. ... According to 'man gpg' the order of arguments should be gpg [--homedir name] [--options file] [options] command [args] In this case '--gen-revoke' is the command, '$KEYID' is an argument and '--output $GNUPGHOME/revoke.asc' is an option. Previously this was incorrect (option came first) and would spawn an error.	2020-05-24 17:53:56 +02:00
Mike Mazur	de13c8dba6	Include --expert when editing master key ... This is specifically during setup when rotating keys.	2020-05-17 21:00:03 +08:00
Vladyslav Krylasov	4c1d538c60	Fix broken anchor ... There are two anchors with the same name and this breaks navigation.	2020-05-04 19:19:02 +01:00
Jason Stelzer	aea317b527	Clarified wording	2020-05-04 08:28:23 -04:00
Jason Stelzer	07134a4e4f	GPG keys on multiple computers ... I feel like this took me longer to figure out than it should have.	2020-05-04 08:22:14 -04:00
drduh	93cbbd9d8b	Address throw-keyids issue with mailvelope to fix #178	2020-05-03 14:18:29 -07:00
drduh	46d1d89115	Split export pubkey from backup to fix #175	2020-05-03 14:07:35 -07:00
drduh	bf38b94a65	Disambiguate backup volume label to fix #176.	2020-05-03 13:45:58 -07:00
drduh	aad01ffde4	Merge pull request #180 from vald-phoenix/yubikey-reset-by-ykman ... Describe ykman PGP keys reset	2020-05-03 18:12:47 +00:00
drduh	3be47a8c32	Merge pull request #179 from vald-phoenix/multiple-yubikeys ... Describe card serial number error	2020-05-03 18:12:28 +00:00
drduh	a1a4a303f9	Merge pull request #177 from apiraino/revoke-cert ... Add instructions to create a revoke certificate	2020-05-03 18:11:37 +00:00
drduh	afd3fafcc5	Merge pull request #170 from murphy83/Abort-Trick ... Added some additonal text describing alternatives that may be used	2020-05-03 18:10:49 +00:00
Vladyslav Krylasov	44d76ac5ab	Describe card serial number error	2020-04-29 00:52:24 +01:00
Vladyslav Krylasov	6108558645	Describe ykman PGP keys reset	2020-04-28 21:28:44 +01:00
apiraino	2698cecd4c	Add instruction to create a revoke certificate	2020-04-28 16:19:18 +02:00
Daniel Sockwell	b5adb349ad	Add steps for renewing (not rotating) sub-keys ... As discussed in issue #164, the current section on Rotating Keys presents two alternatives: replacing the existing keys with a newly generated key or extending the validity of existing keys by changing their expiration. However, it only provides instructions for the first approach. This commit adds instructions for renewing sub-keys. I am far from an expert, and am submitting this change mostly in hopes that it will provide documentation for the next time I need to renew my sub-keys. I would welcome any changes or clarifications others would care to offer.	2020-03-24 12:42:42 -04:00
Murphy Laptop	db1d86cdd8	Added some additonal text describing alternatives that may be used	2020-03-02 21:18:56 +01:00
drduh	2c2cec316c	Bump Debian version, license year	2020-02-12 09:38:36 -08:00
drduh	2fc50760db	Merge pull request #160 from rvl/nixos ... Add instructions for NixOS	2020-01-22 06:39:14 +00:00
drduh	51ed654e43	Merge pull request #159 from rvl/multiple-yubikeys ... Add more detail about what to do with multiple YubiKeys	2020-01-22 06:39:08 +00:00
Rodney Lorrimar	bb5184a0b3	Add instructions for NixOS ... I just tested these steps on a spare laptop.	2020-01-22 10:27:55 +10:00
Rodney Lorrimar	b45174f185	Add more detail about what to do with multiple YubiKeys	2020-01-22 09:40:34 +10:00
Rodney Lorrimar	6cd76216c5	Add information about setting the primary user ID	2020-01-22 09:12:17 +10:00
Andrea Scarpino	8f10cd5819	Fix gnupg package name for Arch ... `gnupg2` has been [removed since March 2012](https://lists.archlinux.org/pipermail/arch-dev-public/2012-March/022690.html)	2020-01-21 12:01:27 +01:00
wsyxbcl	bb0a0d1ac8	fix broken links	2020-01-12 00:20:07 +08:00
Mark Fayngersh	e4a063e0f0	Update GitHub instructions on Windows ... Add command to instruct Git to use WinGPG	2020-01-07 16:13:48 -05:00
drduh	1b5a2fefd8	Formatting cleanup	2019-12-30 15:36:11 -08:00
drduh	be7addad3c	Use larger partition sizes to fix #149.	2019-12-30 15:22:39 -08:00
gusttt	908d3172a4	Fix typo in table of contents link	2019-12-16 15:05:46 +01:00
drduh	04127d566b	Document issue #145 and fix #142	2019-12-14 11:48:33 -08:00
drduh	11d6e1aff6	Fix url formatting	2019-11-19 17:28:45 -08:00
drduh	701d9eb50f	Update Debian version and fix #137	2019-11-19 17:24:57 -08:00
Maxim Baz	35e443f8cc	Mention yubikey-touch-detector	2019-11-17 20:42:04 +01:00
Emile 'iMil' Heitor	137300a713	Added a fix for failing ssh / GUI pinentry	2019-11-13 09:18:57 +01:00
Kiel C	010accf864	Add --keyserver flag pointing to Debian keyserver ... Fixes #131	2019-11-07 13:29:39 -08:00
Sun Knudsen	4524c11632	Added important note about pin caching #135	2019-10-19 14:05:49 -04:00
Jakub Skory	5f150b68e2	More lines with old debian version corrected	2019-10-09 22:08:31 +02:00
Jakub Skory	754e480792	New Debian version: 10.1.0 ... Before curl returned http/404	2019-10-09 21:40:03 +02:00
Gary Johnson	13b9a92985	Update VM option	2019-09-27 02:26:44 -04:00
Gary Johnson	0f5df64094	Update README.md ... Added primary source stating confirming that devices are read only in all but a few circumstances and that Keys ("secrets") cannot be read after being written to the device	2019-09-24 23:55:37 -04:00
drduh	541f8717e6	Merge pull request #126 from vorburger/patch-2 ... clarify that SSH_AUTH_SOCK should only be set locally, not on the remote server	2019-09-18 18:37:48 +00:00
Michael Vorburger ⛑️	42065a3b65	put additional information into single line	2019-09-17 20:12:16 +02:00
drduh	18320b0562	Merge pull request #128 from vorburger/patch-4 ... add 'sshd -eddd' Troubleshooting tip	2019-09-17 01:22:14 +00:00
drduh	57e712b830	Merge pull request #129 from vorburger/patch-5 ... fix link to YubiKey (non-NEO) Manager (fixes #124)	2019-09-17 01:21:19 +00:00
drduh	877a4a7e99	Merge pull request #127 from vorburger/patch-3 ... simplify Agent Forwarding (RemoteForward typically not required)	2019-09-17 01:20:55 +00:00
Michael Vorburger ⛑️	8e8c138362	fix link to YubiKey (non-NEO) Manager (fixes #124)	2019-09-17 00:48:16 +02:00
Michael Vorburger ⛑️	ae35e707b6	add 'sshd -eddd' Troubleshooting tip	2019-09-17 00:35:26 +02:00
Michael Vorburger ⛑️	dd1a3ce4a8	simplify Agent Forwarding (RemoteForward typically not required)	2019-09-17 00:27:19 +02:00
Michael Vorburger ⛑️	de193ee363	clarify that SSH_AUTH_SOCK should only be set locally, not on the remote server	2019-09-16 23:59:50 +02:00
Michael Vorburger ⛑️	8ba087efe4	fix link to Remote Machines (Agent Forwarding) in TOC	2019-09-16 23:47:57 +02:00
drduh	5bbad1fc4c	Mention forwarding risk and Ubuntu multiverse repository, fix #116.	2019-08-29 12:21:55 -07:00
Alex Romanov	e1d5e6fb9d	Fix typo from #122	2019-08-28 01:25:49 -07:00
Thomas A Caswell	f8880975b8	DOC: justify why you would want to sign your new key	2019-08-26 21:10:19 -04:00
Thomas A Caswell	5df1226971	DOC: notes an adding more emails	2019-08-23 12:57:08 -04:00
Thomas A Caswell	de7675f7a9	DOC: add section on signing with existing key	2019-08-23 12:54:28 -04:00
drduh	96c15ba3f3	Merge pull request #120 from timcooijmans/patch-1 ... Describe how to enable mailvelope on MacOS	2019-08-14 18:21:50 +00:00
Diego Rodriguez	3ae1656f5d	Update README.md ... When adding GPG SSH agent configuration to shell rc file, redirect output of gpg-connect-agent to /dev/null so that it doesn't output `OK` every time you bring up a new shell	2019-08-12 13:46:11 -06:00
timcooijmans	2309e2903d	Fix formatting	2019-08-09 21:54:54 +02:00
timcooijmans	e7d2507c47	Add description on how to enable mailvelope	2019-08-09 21:51:40 +02:00
David C. Bradley	399127c43d	Move output option to earlier in command ... The output option dosen't seem to work on Windows when it is at the end of the command. Moving it to earlier in the command fixes this issue.	2019-08-07 16:14:02 -05:00
Andrew Morgan	f36447a85b	State that set-touch used to be touch	2019-08-02 18:24:43 +01:00
drduh	6482036e17	Bump debian version and fix some grammar.	2019-07-07 19:45:22 -07:00
Matthew Riley	fddefb5245	Fix 'Require Touch' syntax ... The syntax to change Yubikey touch configurations has changed. Updating this accordingly.	2019-07-04 12:39:33 -04:00
drduh	48bf452e4b	Feature simpler multiple key workaround	2019-06-09 12:31:58 -07:00
drduh	09f3822a19	Link to multiple keys discussions. Fix #19. Fix #112.	2019-06-09 11:42:00 -07:00
Jakob Knutsen	1544d14689	Fix link to supply chain attacks	2019-06-09 12:11:52 +02:00
drduh	b745f1d90e	Add card reset steps, clean up formatting.	2019-06-02 10:32:16 -07:00
Benjamin BERNARD	46601736f6	Adding link to summary for 'Using multiple YubiKey with same GPG keys' section	2019-05-26 19:05:43 +02:00
Benjamin BERNARD	b101259a27	Multiple Yubikey with same GPG Keys, serial number issue, GnuPG workaround to switch to another key	2019-05-26 19:03:41 +02:00
drduh	1b9fc107c0	Fix date string format	2019-05-25 23:55:29 -07:00
Carl Dong	4552bb45e1	Correct date invocation ... The correct syntax is `date +FORMAT`	2019-05-26 02:22:04 -04:00
drduh	04bef18b0c	Add section on key rotation to fix #101	2019-05-25 12:20:07 -07:00
drduh	7661d79b51	Mention Thunderbird, clean up agent forwarding. Fix #85.	2019-05-19 12:35:02 -07:00
drduh	f8d6dec18f	Better openbsd backup instructions, slimmer TOC	2019-05-18 18:53:42 -07:00
drduh	bf05e0e7c4	Better backup and testing instructions	2019-05-18 17:47:13 -07:00
drduh	a6bc874713	Increment debian image version	2019-04-30 12:03:19 -07:00
Simon A	c5e1d96d84	fix(link): update links to latest version (old ones 404)	2019-04-25 17:53:55 +02:00
David Kane	5007059085	Fix link anchor issue ... fix 'Save public key for identity file configuration' markdown link fix 'Remote Machines (agent forwarding)' markdown link	2019-04-14 19:48:18 +01:00
Philipp Eckel	13c8fcf647	no need to support the monopoly	2019-03-19 00:30:03 +01:00
nixbitcoin	6d4035252a	Add Verify Yubikey section	2019-03-07 14:02:05 +01:00
Adam Uhlíř	3ed8f56557	Add hint for setting up gpg-agent socket ... On my system (Linux Mint) `gpgconf --list-dirs agent-ssh-socket` does return all dirs and not only the one for agent-ssh-socket hence `ssh-add -L` was failing. This is a hint for other people to troubleshoot this behaviour.	2019-02-19 10:33:18 -08:00
Zachary Adam Kaplan	e4cb903ef4	debian iso has change from 9.6.0 -> 9.7.0	2019-02-15 16:23:29 -08:00
drduh	e05dc4b5bd	Update license and formatting	2019-02-06 20:25:04 -08:00
Michael Käufl	457e22d473	Move install instructions to the top ... Section `Creating keys` ends with `Disable networking for the remainder of the setup.`. All instructions that require a network should be before this sentence.	2019-02-06 13:17:57 +01:00
drduh	303cb25d4d	Update license year, style and grammar	2019-02-02 21:25:21 -08:00
drduh	3f4480db25	Update openbsd instructions	2019-02-02 21:08:39 -08:00
drduh	381088ba79	Merge pull request #92 from tacaswell/doc_arch_install ... DOC: add install instructions for Arch linux and RHEL	2019-02-03 03:57:33 +00:00
Thomas A Caswell	7dbc05977e	DOC: update for packages to install on RHEL	2019-02-02 22:15:41 -05:00
Thomas A Caswell	9e7a3225ae	DOC: add install instructions for Arch linux	2019-02-02 22:11:09 -05:00
Wael M. Nasreddine	7115f9a385	Master key should have Certify-capability only!	2019-02-02 09:48:59 -08:00
Michael	bba51c10cc	Fix typo ... IdentityFiles can be passed to ssh via `-i`, not `-l`. The next paragraph mentions the correct argument. ref commit 52c8324fa2, part of PR drduh/YubiKey-Guide#65	2019-01-20 18:48:59 +00:00
drduh	8ea5900d4e	Style and console formatting, tips for multiple key use	2019-01-17 22:13:24 -08:00
wheest	ee71716ed7	Added pull request suggestions	2019-01-12 17:05:21 +00:00
Wheest	c28b33372c	Moved Agent Forwarding section to before the WSL one	2019-01-07 22:00:27 +00:00
Wheest	b44f6131ef	Further amendments to Agent Forwarding	2019-01-07 21:58:14 +00:00
Wheest	7eed0ccef8	Improvements to Agent Forwarding section, following feedback in: ... https://github.com/drduh/YubiKey-Guide/issues/85	2019-01-07 21:38:46 +00:00
drduh	3a872d40fe	Fix keyserver command order to fix #86	2019-01-06 17:47:10 -08:00
Dan Cundiff	8f724a4df5	Add addition note about red hokey output	2019-01-06 19:35:03 -06:00
drduh	19b1297c22	Merge pull request #84 from hughobrien/mention-tmpfs ... describe tmpfs clearing rather than init system (debian uses tmpfs)	2018-12-30 02:35:24 +00:00
drduh	3174935f99	Merge pull request #83 from hughobrien/gpg-conf-key-origin ... remove broken gpg option (debian 9.6)	2018-12-30 02:34:25 +00:00
Hugh O'Brien	a6431962a6	remove broken gpg option (debian 9.6) ... As per [0], the --with-key-origin option is experimental. 0: https://www.gnupg.org/documentation/manuals/gnupg/GPG-Input-and-Output.html#index-with_002dkey_002dorigin	2018-12-29 20:12:09 +00:00
Hugh O'Brien	0f6e9948d7	mention debian-live user/pass in case of screen lock	2018-12-29 20:08:48 +00:00
Hugh O'Brien	80d5c0ed6c	describe tmpfs clearing rather than init system (debian uses tmpfs)	2018-12-29 20:06:33 +00:00
drduh	94919459a6	Update gpg prefs, style and fix #21.	2018-12-27 20:26:37 -08:00
Matt T. Proud	7746c3381a	Emphasize keytocard danger and fix inconsistency. ... This commit applies a few editorial cleanups to the document: 1. `keytocard` operations now contained emphasized warnings to convey that these operations are destructive. I unknowingly made this mistake a few years ago and only learned of it recently. For that reason, we should go out of our way on user's behalf with due diligence warnings. 2. `$KEYID` was not uniformly used throughout the document in various command line input literals. This is now fixed. 3. `YubiKey` was often represented as `Yubikey` and other inconsistent forms throughout the document. This is now fixed, except in cases of URL, command output, etc.	2018-12-07 09:50:30 +01:00
drduh	a68fa27309	Merge pull request #79 from Wheest/master ... Agent Forwarding	2018-12-05 17:10:07 +00:00
Wheest	4e23c63bb4	Agent Forwarding ... Was looking at how to access on remote machines, is a standard ssh workflow, but might be useful to have it here too.	2018-12-05 16:02:37 +00:00
Brice Gagnage	86e03e6d09	final draft	2018-12-04 15:11:13 +01:00
Brice Gagnage	ee30767612	final draft	2018-12-04 15:03:00 +01:00
Brice Gagnage	ffd7b674c8	updated draft	2018-12-04 13:16:18 +01:00
Brice Gagnage	95624e2c48	first draft	2018-12-04 11:39:25 +01:00
Brice Gagnage	1c15d89a54	maow	2018-12-03 17:28:34 +01:00
Brice Gagnage	92467bc126	test	2018-12-03 17:19:45 +01:00
Brice Gagnage	f39b92ae45	test sign	2018-12-03 17:17:09 +01:00
Brice Gagnage	2b5891294a	Update README.md ... continuing	2018-12-03 15:00:04 +01:00
Brice Gagnage	afc8580b0d	Update README.md ... test	2018-12-03 13:54:40 +01:00
drduh	d818b03cdc	Grammar and lint. Fix #73.	2018-11-28 21:38:35 -08:00
Julian Hernandez	857adb26a2	Update live Debian version to 9.6.0	2018-11-28 22:54:41 -05:00
Dino Bajramovic	472d85d12b	fix typo	2018-11-05 20:49:48 +01:00
drduh	f1a97fc6d5	Note about gpg public key	2018-11-01 14:11:52 -07:00
loys ollivier	6f76e6a197	Update README.md ... gpg option to edit card info is now `--card-edit` and not `--edit-card`	2018-10-29 11:59:29 +01:00
Ian Brown	d02766389d	Add packages to apt-get list to fix gpg --recv and srm commands ... Two commands mentioned later in the document won't work without two packages that don't come pre-installed with the Debian LiveCD: dirmngr and secure-delete.	2018-10-16 21:00:48 -07:00
drduh	96af4d3b3b	Merge pull request #70 from jwilk-forks/gpg-verify ... Fix live image integrity check	2018-09-18 19:40:19 -07:00
Jakub Wilk	d7a14b078c	Fix live image integrity check ... "gpg SHA512SUMS.sign" would do the right thing only if the file actually contained a detached signature. Use explicit and robust "gpg --verify SHA512SUMS.sign SHA512SUMS" instead.	2018-09-18 22:20:40 +02:00
Jakub Wilk	3be71bd253	Fix typos	2018-09-18 21:39:06 +02:00
drduh	27bef99239	Massive style revision and version update	2018-09-09 17:42:45 -07:00
Ben Low	34a5502477	typos	2018-07-19 12:55:33 +10:00
Ben Low	52c8324fa2	Expand on ssh identies usage.	2018-07-19 12:49:22 +10:00
Ben Low	aad57241e9	Fix key label, consistency.	2018-07-18 18:24:06 +10:00
Ben Low	b67776a2b2	Fix TOC, spelling.	2018-07-18 18:22:11 +10:00
Ben Low	d33252848d	Added information on gpg-agent.	2018-07-18 18:03:06 +10:00
Jonah Aragon	840b4069f2	Fix "signingkey" typo	2018-07-15 18:43:48 -07:00
Vadim Zendejas	dad5bcd5fc	Added comment on GitHub Authetication for only Windows	2018-07-05 16:50:42 +02:00
Vadim Zendejas	acfdcacec5	Added veracrypt.fr link to pre-compiled execs ... Added veracrypt.fr link to pre-compiled execs	2018-07-05 12:57:57 +02:00
Mirko Pizii	ad8cf8cd3a	Fix spaces for README	2018-06-21 20:40:24 +02:00
Mirko Pizii	ee8fcb3805	Fix link of summary list	2018-06-21 20:20:16 +02:00
Wheest	ecbe6e7b19	Fixing signature file fetch command for ykpers	2018-06-20 14:48:55 +01:00
drduh	25c8e23b8f	Emphasize live distro to fix #45	2018-06-16 14:06:45 -07:00
drduh	a470da3af7	Update introduction, fix formatting and fix #46	2018-06-16 13:57:52 -07:00
drduh	d07007a368	Fix up some formatting	2018-06-13 19:58:22 -07:00
drduh	254fd2c3d2	Formatting fix.	2018-06-05 10:08:02 -07:00
Jonathan Holtmann	eadd3bb2f5	Fixed menu	2018-06-05 01:10:59 -04:00
Jonathan Holtmann	ba382ce551	Added information on how to perform the YubiKey GPG setup and SSH authentication on Windows devices	2018-06-05 01:01:38 -04:00
drduh	478eb05de2	Mention Purse	2018-06-02 13:41:34 -07:00
drduh	b9cd480f7a	Note on keeping backup mounted for 2xkeys. Fix #44	2018-04-29 18:50:54 -07:00
drduh	fc429bf892	Remove obsolete option, add troubleshooting item	2018-04-29 18:34:59 -07:00
drduh	2cc0f7101e	Additional troubleshooting step and openbsd note	2018-04-29 14:50:06 -07:00
Michael Brown	17581cfd82	Remove outdated config from gpg.conf ... Removing configuration paramaters no longer supported in GPG 2.X Related to #28	2018-03-21 01:37:26 -04:00
James Wu	79dac3ec7d	add explicit public key naming for IdentitiesOnly usage	2018-03-14 11:50:04 -07:00
W1lkins	9a21477481	install hopenpgp-tools as it is used in section https://github.com/drduh/YubiKey-Guide\#check-your-work where an apt-get command is listed	2018-03-03 16:12:36 +00:00
Marjan Grabowski	f14d756578	Change rights of 'gpg.conf' to avoid warning	2018-02-26 10:33:42 +01:00
Nick Sandford	71b5e69cf1	Use gpgconf to get the ssh auth sock.	2018-02-25 19:43:36 +11:00
Philipp Eckel	dcadfbdccd	remove not need keyserver certificate, see https://github.com/drduh/YubiKey-Guide/issues/48	2018-02-22 08:18:10 +01:00
Philipp Eckel	161dea9e92	remove outdated use-standard-socket option from SSH config, see here: https://www.gnupg.org/documentation/manuals/gnupg/Agent-Options.html	2018-01-30 22:50:47 +01:00
drduh	e0430a0698	Formatting nit	2018-01-16 10:36:46 -08:00
drduh	5ecf1046a9	Formatting fix	2017-12-21 14:42:54 -08:00
kiralex	02bfc69c2a	Update README.md	2017-12-18 08:52:18 +01:00
kiralex	badf3cc5d9	fix ssh-agent does not work on archlinux	2017-12-18 08:26:33 +01:00
drduh	baf1e6676e	Mention ssh multiplex to ease multiple connections	2017-12-18 03:04:13 +00:00
drduh	e3c0512b21	Describe status if public key not imported, fix #6	2017-12-18 02:47:07 +00:00
drduh	5d452a9190	Reference paper backup instructions, fix #3	2017-12-18 02:44:03 +00:00
drduh	6f199ec00e	Document error from Debian 9	2017-12-14 00:13:24 +00:00
drduh	7c0ea30e53	Document ssh-add error	2017-12-14 00:03:59 +00:00
Philipp Eckel	6dde3bda33	emphasize 2048 bit as the correct key size for the YubiKey Neo	2017-12-12 09:36:44 +01:00
Philipp Eckel	109de3011d	fix exporting KEYID	2017-11-10 11:26:22 +01:00
Ben Low	bcada3f2cc	Whitespace fixes.	2017-10-10 02:08:36 +11:00
Ben Low	a010a2a752	Updated to gpg 2.2.1, and added some macOS references.	2017-10-10 01:53:19 +11:00
Aleksandr Vinokurov	9336fc1317	Replace hkt with gpg to fix unsupported GnuPG 2.1 ... hkt does not support GnuPG 2.1 because it expects gpg pubring. But the export can be done by gpg itself.	2017-09-23 16:49:48 +02:00
Brendan Rius	c871adc904	Make hkt respect custom $GNUPGHOME	2017-08-13 13:51:15 +02:00
Dawid Łakomski	07752240cb	Add information about composite USB mode on YK with firmware >=3.3	2017-05-12 09:04:23 +02:00
drduh	1ad37577db	Use require-cross-certification option. Fix #14.	2016-09-25 11:32:16 -04:00
drduh	94ada05473	Plug in YubiKey correctly. Fix #9.	2016-09-25 11:26:47 -04:00
drduh	ac66a81a35	Merge pull request #24 from wsargent/patch-3 ... Use AES256 for private key password encryption	2016-09-25 11:23:29 -04:00
Will Sargent	8515aaf839	Use AES256 for private key password encryption ... Adds ``` s2k-cipher-algo AES256 ``` to the GPG configuration, per https://pthree.org/2015/11/19/your-gnupg-private-key/ > --s2k-cipher-algo name > Use name as the cipher algorithm used to protect secret keys. The default cipher is CAST5. This cipher is also used for symmetric encryption with a passphrase if --personal-cipher-preferences and --cipher-algo is not given. https://www.gnupg.org/documentation/manuals/gnupg-2.0/OpenPGP-Options.html#index-s2k_002dcipher_002dalgo	2016-09-24 10:29:56 -07:00
Will Sargent	ff871a254d	Use signing subkey ... The signature was made using `0xBECFA3C1AE191D15`, and has to be used with the signing key, not the root key. I can verify this with my own key -- using the keyid doesn't work: ``` ~  echo "$(uname -a)" | gpg --armor --clearsign --default-key 0xB1A9D5A2A605F794 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Linux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJX5aWdAAoJECaAG7YBLqXZi1EP/3R4oOdkXqZXcskwzfjBXa68 oZeKxTB8i74tSPXp0SL26+ULOQ6GRJdIFod2MQtqfjeu6dyNEbIBF1pHWnyLx4Bn p/+ROoOTiBSFEWPts++yYhmo0tS0cXPv6QPCYqj4mPkJe6u8wVp5hkoyujL/k9bs cAZSbeyV/hggS0rFTN4/5AeUky4LJPrWYkAiln7D0PVQeZc6DFlDpeup1Az7hWV5 ImRglAfoacNq+0LWslnc51/4knFGC/k4RS/QAyfUNJG/yy/ZZs6FNc7FjyZkw87E yRqqSPkuL64BmzNxmfKnwgMAesaq8D674lRb7b9TC8sQuuelcbgPkCCDioRmCSWh +NIe+pwWLIXHSwQntO2FblGFL+IeDYBZy3P5nO+N12EHn2oS2psep04STq5cjRaa PTMopcDsThzXljn8b6p+Iu2BaFiMkEwpAD8f0knR4DZzorpgMjIV0mEdeDuTzC1L dPHc7uZsTSSTEgxm7JO8x1h3hfwqX+KvVhmo0SgvwexqsmH7+b6j948RPGSCGBys wS8HEQgzgznQYSxqnCHvuDT9cIuyuCi9BZfqvRy3NSa+ixKMHJ4n2rFWlw8WbvTm tKFumm2z3z9JkijzJFj4sHETebaa2ip/TxeQvhFD/jEBB1XaqneDw1UaRll+6auA K6naZ0LzZx2cOzJpn4xN =TVTZ -----END PGP SIGNATURE----- ~  ~  gpg gpg: Go ahead and type your message ... -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Linux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJX5aWdAAoJECaAG7YBLqXZi1EP/3R4oOdkXqZXcskLinux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/LinuxwzfjBXa68 oZeKxTB8i74tSPXp0SL26+ULOQ6GRJdIFod2MQtqfjeu6dyNEbIBF1pHWnyLx4Bn p/+ROoOTiBSFEWPts++yYhmo0tS0cXPv6QPCYqj4mPkJe6u8wVp5hkoyujL/k9bs cAZSbeyV/hggS0rFTN4/5AeUky4LJPrWYkAiln7D0PVQeZc6DFlDpeup1Az7hWV5 ImRglAfoacNq+0LWslnc51/4knFGC/k4RS/QAyfUNJG /yy/ZZs6FNc7FjyZkw87E yRqqSPkuL64BmzNxmfKnwgMAesaq8D674lRb7b9TC8sQuuelcbgPkCCDioRmCSWh +NIe+pwWLIXHSwQntO2FblGFL+IeDYBZy3P5nO+N12EHn2oS2psep04STq5cjRaa PTMopcDsThzXljn8b6p+Iu2BaFiMkEwpAD8f0knR4DZzorpgMjIV0mEdeDuTzC1L dPHc7uZsTSSTEgxm7JO8x1h3hfwqX+K vVhmo0SgvwexqsmH7+b6j948RPGSCGBys wS8HEQgzgznQYSxqnCHvuDT9cIuyuCi9BZfqvRy3NSa+ixKMHJ4n2rFWlw8WbvTm tKFumm2z3z9JkijzJFj4sHETebaa2ip/TxeQvhFD/jEBB1XaqneDw1UaRll+6auA K6naZ0LzZx2cOzJpn4xN =TVTZ -----END PGP SIGNATURE----- gpg: Signature made Fri 23 Sep 2016 02:58:53 PM PDT gpg: using RSA key 0x26801BB6012EA5D9 gpg: BAD signature from "Will Sargent <will.sargent@lightbend.com>" [ultimate] ``` but using the signing key does work: ``` ✘  ~  echo "$(uname -a)" | gpg --armor --clearsign --default-key 0x26801BB6012EA5D9 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Linux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJX5aagAAoJECaAG7YBLqXZvZwP/21yoEQ3hI9hP0QyrFJu/T/0 sD9Y+DGQHBU5WaII3/iVgBN2V3EQwlzX8dP4/LfTm7NQ0M2flgbPbqf/rUYLQQZg lO489XbI78kk80b3kDebkautN5rQhkU0ZAy/WfDdKmwGnF1hEXzYqEwI5S0tGddT cKt0U3cZ0XuOI7pdtSOD423tNV4l45sIAT/ndAsgpbzT0ZTkza65V/RHWqGQDDT1 VB6WKmuqOca1gTDYGlW5yITfOqdWjB30ljLjuOjFJjcOunJQmlSRDMGyjfdzF3ec X1/+vLKnI0M2ipFaxKTtjdCTo8+26wjExdGca6Sy8v9M0zBjA2vgCGBTwCpXkMQE 4HFZ6N0+6k/3icyNALJhHSRkApNom3ZqINntDNNcN/tyHZVUijb5/hfv7W4D5LSe 8b1/UbF/R46w21sgR4Rzfv5EsbZkkjWx65hTXYWByf4PqZ7NiJJGbETpPC8wSc+4 oZNk9SLZunzE2Gemk2CXu7VXR58BIP014FHjU4FN7k54ZGn7IzU2xfKCZ+se7pFh SzWIrDhZP5vsbCMbh4HzD4WFPLteNOdV+nkHi4iaSXc7UQfdgZIeKb2ljbjJTmN4 fyi/Zjk0+29pwB+W5iWD4AoKqzSsHMCrK73KRyAHcFaHOHILl8grG0GsfJmPGHCz Mm3O7IH5is7ZkvOmbUMY =jQY+ -----END PGP SIGNATURE----- ~  gpg gpg: Go ahead and type your message ... -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Linux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJX5aagAAoJECaAG7YBLqXZvZwP/21yoEQ3hI9hP0QyrFJu/T/0 sD9Y+DGQHBU5WaII3/iVgBN2V3EQwlzX8dP4/LfTm7NQ0M2flgbPbqf/rUYLQQZg lO489XbI78kk80b3kDebkautN5rQhkU0ZAy/WfDdKmwGnF1hEXzYqEwI5S0tGddT cKt0U3cZ0XuOI7pdtSOD423tNV4l45sIAT/ndAsgpbzT0ZTkza65V/RHWqGQDDT1 VB6WKmuqOca1gTDYGlW5yITfOqdWjB30ljLjuOjFJjcOunJLinux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux QmlSRDMGyjfdzF3ec X1/+vLKnI0M2ipFaxKTtjdCTo8+26wjExdGca6Sy8v9M0zBjA2vgCGBTwCpXkMQE 4HFZ6N0+6k/3icyNALJhHSRkApNom3ZqINntDNNcN/tyHZVUijb5/hfv7W4D5LSe 8b1/UbF/R46w21sgR4Rzfv5EsbZkkjWx65hTXYWByf4PqZ7NiJJGbETpPC8wSc+4 oZNk9SLZunzE2Gemk2CXu7VXR58BIP014FHjU4FN7k54ZGn7IzU2xfKCZ+se7pFh SzWIrDhZP5vsbCMbh4HzD4WFPLteNOdV+nkHi4iaSXc7UQfdgZIeKb2ljbjJTmN4 fyi/Zjk0+29pwB+W5iWD4AoKqzSsHMCrK73KRyAHcFaHOHILl8grG0GsfJmPGHCz Mm3O7IH5is7ZkvOmbUMY =jQY+ -----END PGP SIGNATURE----- gpg: Signature made Fri 23 Sep 2016 03:03:12 PM PDT gpg: using RSA key 0x26801BB6012EA5D9 gpg: Good signature from "Will Sargent <will.sargent@lightbend.com>" [ultimate] gpg: aka "Will Sargent <will.sargent@gmail.com>" [ultimate] Primary key fingerprint: 75E4 E7F9 1D18 D981 3028 64B1 B1A9 D5A2 A605 F794 Subkey fingerprint: ADB3 1ED0 EC01 44AF 8301 320D 2680 1BB6 012E A5D9 ```	2016-09-23 15:09:04 -07:00
Will Sargent	e195a60ecc	Add $	2016-09-22 13:00:08 -07:00
Will Sargent	99aef6c70d	Add instructions for installing gnupg-curl ... Fixes https://github.com/drduh/YubiKey-Guide/issues/5	2016-09-21 15:00:27 -07:00
Will Sargent	678c8a8da7	Prepend $	2016-09-20 12:54:03 -07:00
Will Sargent	9c5c247446	Add key checking	2016-09-20 12:39:35 -07:00
Will Sargent	8f8322a479	Add an extra error condition	2016-09-20 10:18:47 -07:00
Will Sargent	388f1599da	Discuss pinentry-gnome3	2016-09-16 15:47:39 -07:00
Will Sargent	25ec3400e6	Adds explanation of ssh-add -L option	2016-09-16 14:41:01 -07:00
Will Sargent	75c5c07e14	Change link ... https://rnorth.org/8/gpg-and-ssh-with-yubikey-for-mac is https://rnorth.org/gpg-and-ssh-with-yubikey-for-mac now.	2016-09-16 14:20:11 -07:00
drduh	3964cd9e5f	Followed my own guide to make new keys; refresh	2016-05-25 02:25:07 +00:00
drduh	cb6bfd972e	Merge pull request #1 from victorso/patch-1 ... yubikey tails fix	2016-05-18 13:42:46 -04:00
Victor Fischer Scattone	bce316b45c	Export public key to file ... The public key must be written on a file.	2016-05-18 14:41:12 -03:00
Victor Fischer Scattone	2de6ad9a99	yubikey tails fix ... Fix to use the yubikey on Tails	2016-05-18 14:35:42 -03:00
drduh	da1ce278c6	Use variable to store Key ID	2016-05-09 02:47:16 +00:00
drduh	1c16d968e9	Add encrypted USB backup instructions, grammar fixes	2016-04-25 17:49:51 +00:00
drduh	e86af76264	Use IO rediction for revocation certificate step	2016-02-25 15:28:36 -05:00
drduh	c34f78044e	Fix up formatting.	2016-02-01 21:49:46 -05:00
drduh	f4c76ba210	Create local configuration, too	2016-02-01 21:45:34 -05:00
drduh	172a4292a5	Create README.md	2016-01-31 20:58:24 -05:00