knowledge/YubiKey-Guide
1
0
Fork 0
mirror of https://github.com/drduh/YubiKey-Guide.git synced 2024-09-20 09:19:03 +00:00
Code Issues Releases Activity
384 Commits 1 Branch 0 Tags 1.2 MiB
9c2a5c9598
Commit Graph

288 Commits

Author SHA1 Message Date
berwag
ed85d93845
Additions to "Required Software" 
proposed change according to Issue#215
 2021-01-27 20:24:51 +01:00
Andreas Klöckner
d921fa05bb
Fix: "quit" to save -> "save" to save 2021-01-13 11:32:41 -06:00
basbebe
a65cdca19a
add fish config 2021-01-10 20:01:55 +01:00
basbebe
9fe946c8b1
Add SSH setup for macOS GUI applications 
On macOS, a LaunchAgent needs to be created to overwrite the system's SSH agent.

see https://github.com/drduh/YubiKey-Guide/issues/229
 2021-01-10 19:54:58 +01:00
drduh
4544d41d4c
Merge pull request #225 from ZenithalHourlyRate/gpg-agent-forward 
Add New Agent Forward Method and Clarify Two Methods
 2020-12-30 09:14:23 -08:00
Nemo
548b2adf2b Adds warning about PUK being default 2020-12-25 12:52:39 +05:30
Nemo
8c5dfd2475 Adds instructions on changing the PUK 2020-12-25 12:49:06 +05:30
Zenithal
1eacf97835
Rephrase one sentence according to one comment on drduh/YubiKey-Guide#225 2020-12-24 21:08:41 +08:00
Zenithal
a24fa8f373
Add subsections on chained agent forwarding 2020-12-24 21:01:44 +08:00
Zenithal
7e49f5cc89
Add note on chained agent forwarding 2020-12-03 01:18:21 +08:00
Zenithal
52727f1e04
Correct WSL agent forwarding 
This is a mix of two forwarding method,
this commit separates them
 2020-12-03 01:16:47 +08:00
Zenithal
6097e6762c
Change note in alter agent section 
Different methods have different requirements
 2020-12-03 01:01:36 +08:00
Zenithal
0d06d2ace8
Add new method for ssh-agent forwarding 2020-12-03 00:52:43 +08:00
Zenithal
54f9e8a3f9
Add details to GPG-Agent forward; Alter structure 
GPG Agent forwarding has a broader usage, not only
limited to ssh-agent forwarding.

In this commit gpg-agent forwarding is raised as a
separate section as it can not be contained by #SSH
any longer.

More details are added for gpg-agent forwarding, including
some important notes taken from practice and analysis.

For ssh-agent forward, older method are contained, and new
method will be included as framework has been structured.
 2020-12-03 00:13:15 +08:00
Zenithal
410a1d6ac2
Change format of important notes in mutt subsection 2020-12-02 23:23:34 +08:00
Zenithal
083aa53cf0
Add Mutt subsection in Email section 2020-12-02 22:59:30 +08:00
Zenithal
0ea32bb949
Add Mutt in Email intro 2020-12-02 22:35:56 +08:00
drduh
fc6f9eb80d
Merge pull request #218 from DevSecNinja/devsecninja/addPowerShellCommand 
Add PowerShell command to get YubiKey name
 2020-11-21 10:59:23 -08:00
drduh
006ea19d04
Merge pull request #213 from linutsdc/fix-links 
Fix links with parentheses
 2020-11-21 10:48:00 -08:00
drduh
5c0bcd40a7
Merge pull request #211 from rgevaert/patch-1 
unset GNUPGHOME variable
 2020-11-21 10:45:59 -08:00
drduh
f2aeed1b55
Merge pull request #214 from anmull/debian-iso-version 
Changes command to download Debian ISO to use the value in the SHA512SUMS file
 2020-11-21 10:45:40 -08:00
Nemo
7067ba6c38
Fix reset command 
gpg-connect-agent uses `-r/--run` not `-R`
 2020-11-14 09:24:19 +00:00
Jean-Paul van Ravensberg
b1d3d279eb
Change edit to create or edit 
As gpg-agent.conf didn't exist on my system
 2020-10-31 11:29:35 +01:00
Jean-Paul van Ravensberg
fd4b6f3eb4
Add PowerShell command to get YubiKey name 2020-10-31 11:15:51 +01:00
Anthony Muller
70dc01467b Update verification of Debian ISO to not hardcode the version. 2020-09-25 18:11:40 +00:00
Anthony Muller
967ca3cc52 Change Debian ISO url to be generated from the contents of SHA512SUM. 
This removes the need to maintain the version number, which is currently
out of date.
 2020-09-25 08:18:44 +00:00
andy
f0e877fe5f Fix links with parentheses 2020-09-17 19:31:00 -04:00
dragon788
94a753d4a1
Merge branch 'master' into update-python-refs 2020-09-02 13:57:38 -05:00
Rudy Gevaert
547c1267bc
unset GNUPGHOME variable 
if not done, in the next step you get error: 
gpg: keyblock resource '/home/..../gnupg-workspace/pubring.kbx': No such file or directory
gpg: no writable keyring found: Not found
 2020-09-01 14:20:32 +02:00
drduh
03f0e40558 Merge branch 'master' of https://github.com/Amolith/YubiKey-Guide into Amolith-master 2020-08-30 14:19:41 -07:00
Mirko Vogt
767b84eb3b Add option to retrieve additionaly entropy from YubiKey itself 2020-08-29 16:24:34 +00:00
Amolith
0e7dabeeeb
change defaults and add info to #Require touch 
As mentioned in #197, the previous behaviour would require users to
touch their key any time an authentication, signing, or encryption
operation was performed. In some situations, this behaviour would be
undesirable and the only way to revert it would be fully resetting the
key and starting from scratch. Rather than using `fixed`, this commit
simply turns the feature `on` so the user can change it later if they
wish.

Additionally, a note about the other policies was included so users can
decide for themselves which fits their situation better.
 2020-08-26 23:42:53 -04:00
dragon788
9bb54914b4
Merge branch 'master' into update-python-refs 2020-08-23 13:20:03 -05:00
drduh
697a7d8fb9
Merge pull request #203 from bengim/bengim-patch-PyOpenSSL 
fixing wrong cryptography version
 2020-08-22 14:19:45 -07:00
bengim
2187610c1d
Update README.md 
fixing wrong cryptography version by explicitly installing PyOpenSSL
 2020-08-22 19:33:38 +04:00
dragon788
58b7c819d7
Python2 is EOL, update packages/references to Py3 2020-08-21 17:55:28 -05:00
Stefano Figura
8a95de3e3f
Correct spelling 2020-08-14 00:12:06 +02:00
Stefano Figura
a2bc415f84
Update wording 
Ensure that is clear that we do not need to modify keys or even plug the yubikey
 2020-08-14 00:06:37 +02:00
Stefano Figura
8a08a8ac15
Update notation section 2020-08-13 23:51:42 +02:00
Stefano Figura
c9ea04db2c
Add notations section 2020-08-13 23:45:18 +02:00
b1f6c1c4
f6f2c26e90
Fix usage inconsistency 
Master key shall only be used to certify other keys. The usage indicator in
README.md is inconsistently shown as SC and C.
 2020-08-11 02:17:08 -04:00
Kenny MacDermid
78164e8bfd
Set touch policy to fixed. 
Setting the touch policy to `on` does not prevent the policy from
later being turned off again. Setting it to `fixed` is more secure
because it can not be turned off.

If someone wants to disable the touch policy they can always restore
the keys from the backups created in the guide.
 2020-05-27 16:39:29 -03:00
Sebastian Schmieschek
e1055025fe
Add information on potential PIN issues and how to debug them 
I missed the error message when attempting to set a PIN of only 5 characters due
to the UI repeating the options below it.
Pinentry happily stores the bogus PIN and even counts down the retry counter
when entering the correct (default) one. This can be resolved by unblocking the
PIN.
Once I ran the gpg-agent with debug output (a tip found in the added link), the
issue was obvious.
 2020-05-27 11:46:19 +01:00
drduh
ccb8b0130a Stack rank secure environment and add a few tips 2020-05-25 12:49:07 -07:00
drduh
0bd52ed7d8
Merge pull request #185 from vald-phoenix/fix-borken-anchor 
Fix broken anchor
 2020-05-24 17:09:09 +00:00
Max Mäusezahl
1cf9656b33
Fix order of revocation command. 
According to 'man gpg' the order of arguments should be

gpg [--homedir name] [--options file] [options] command [args]

In this case '--gen-revoke' is the command, '$KEYID' is an argument and
'--output $GNUPGHOME/revoke.asc' is an option. Previously this was
incorrect (option came first) and would spawn an error.
 2020-05-24 17:53:56 +02:00
Mike Mazur
de13c8dba6
Include --expert when editing master key 
This is specifically during setup when rotating keys.
 2020-05-17 21:00:03 +08:00
Vladyslav Krylasov
4c1d538c60 Fix broken anchor 
There are two anchors with the same name and this breaks navigation.
 2020-05-04 19:19:02 +01:00
Jason Stelzer
aea317b527 Clarified wording 2020-05-04 08:28:23 -04:00
Jason Stelzer
07134a4e4f GPG keys on multiple computers 
I feel like this took me longer to figure out than it should have.
 2020-05-04 08:22:14 -04:00
drduh
93cbbd9d8b Address throw-keyids issue with mailvelope to fix #178 2020-05-03 14:18:29 -07:00
drduh
46d1d89115 Split export pubkey from backup to fix #175 2020-05-03 14:07:35 -07:00
drduh
bf38b94a65 Disambiguate backup volume label to fix #176. 2020-05-03 13:45:58 -07:00
drduh
aad01ffde4
Merge pull request #180 from vald-phoenix/yubikey-reset-by-ykman 
Describe ykman PGP keys reset
 2020-05-03 18:12:47 +00:00
drduh
3be47a8c32
Merge pull request #179 from vald-phoenix/multiple-yubikeys 
Describe card serial number error
 2020-05-03 18:12:28 +00:00
drduh
a1a4a303f9
Merge pull request #177 from apiraino/revoke-cert 
Add instructions to create a revoke certificate
 2020-05-03 18:11:37 +00:00
drduh
afd3fafcc5
Merge pull request #170 from murphy83/Abort-Trick 
Added some additonal text describing alternatives that may be used
 2020-05-03 18:10:49 +00:00
Vladyslav Krylasov
44d76ac5ab Describe card serial number error 2020-04-29 00:52:24 +01:00
Vladyslav Krylasov
6108558645 Describe ykman PGP keys reset 2020-04-28 21:28:44 +01:00
apiraino
2698cecd4c Add instruction to create a revoke certificate 2020-04-28 16:19:18 +02:00
Daniel Sockwell
b5adb349ad Add steps for renewing (not rotating) sub-keys 
As discussed in issue #164, the current section on Rotating Keys
presents two alternatives: replacing the existing keys with a newly
generated key or extending the validity of existing keys by changing
their expiration.  However, it only provides instructions for the
first approach.  This commit adds instructions for renewing sub-keys.

I am far from an expert, and am submitting this change mostly in hopes
that it will provide documentation for the next time I need to renew
my sub-keys.  I would welcome any changes or clarifications others
would care to offer.
 2020-03-24 12:42:42 -04:00
Murphy Laptop
db1d86cdd8 Added some additonal text describing alternatives that may be used 2020-03-02 21:18:56 +01:00
drduh
2c2cec316c Bump Debian version, license year 2020-02-12 09:38:36 -08:00
drduh
2fc50760db
Merge pull request #160 from rvl/nixos 
Add instructions for NixOS
 2020-01-22 06:39:14 +00:00
drduh
51ed654e43
Merge pull request #159 from rvl/multiple-yubikeys 
Add more detail about what to do with multiple YubiKeys
 2020-01-22 06:39:08 +00:00
Rodney Lorrimar
bb5184a0b3 Add instructions for NixOS 
I just tested these steps on a spare laptop.
 2020-01-22 10:27:55 +10:00
Rodney Lorrimar
b45174f185 Add more detail about what to do with multiple YubiKeys 2020-01-22 09:40:34 +10:00
Rodney Lorrimar
6cd76216c5 Add information about setting the primary user ID 2020-01-22 09:12:17 +10:00
Andrea Scarpino
8f10cd5819
Fix gnupg package name for Arch 
`gnupg2` has been [removed since March 2012](https://lists.archlinux.org/pipermail/arch-dev-public/2012-March/022690.html)
 2020-01-21 12:01:27 +01:00
wsyxbcl
bb0a0d1ac8
fix broken links 2020-01-12 00:20:07 +08:00
Mark Fayngersh
e4a063e0f0
Update GitHub instructions on Windows 
Add command to instruct Git to use WinGPG
 2020-01-07 16:13:48 -05:00
drduh
1b5a2fefd8 Formatting cleanup 2019-12-30 15:36:11 -08:00
drduh
be7addad3c Use larger partition sizes to fix #149. 2019-12-30 15:22:39 -08:00
gusttt
908d3172a4
Fix typo in table of contents link 2019-12-16 15:05:46 +01:00
drduh
04127d566b Document issue #145 and fix #142 2019-12-14 11:48:33 -08:00
drduh
11d6e1aff6 Fix url formatting 2019-11-19 17:28:45 -08:00
drduh
701d9eb50f Update Debian version and fix #137 2019-11-19 17:24:57 -08:00
Maxim Baz
35e443f8cc
Mention yubikey-touch-detector 2019-11-17 20:42:04 +01:00
Emile 'iMil' Heitor
137300a713 Added a fix for failing ssh / GUI pinentry 2019-11-13 09:18:57 +01:00
Kiel C
010accf864
Add --keyserver flag pointing to Debian keyserver 
Fixes #131
 2019-11-07 13:29:39 -08:00
Sun Knudsen
4524c11632 Added important note about pin caching #135 2019-10-19 14:05:49 -04:00
Jakub Skory
5f150b68e2
More lines with old debian version corrected 2019-10-09 22:08:31 +02:00
Jakub Skory
754e480792
New Debian version: 10.1.0 
Before curl returned http/404
 2019-10-09 21:40:03 +02:00
Gary Johnson
13b9a92985 Update VM option 2019-09-27 02:26:44 -04:00
Gary Johnson
0f5df64094
Update README.md 
Added primary source stating confirming that devices are read only in all but a few circumstances and that Keys ("secrets") cannot be read after being written to the device
 2019-09-24 23:55:37 -04:00
drduh
541f8717e6
Merge pull request #126 from vorburger/patch-2 
clarify that SSH_AUTH_SOCK should only be set locally, not on the remote server
 2019-09-18 18:37:48 +00:00
Michael Vorburger ⛑️
42065a3b65
put additional information into single line 2019-09-17 20:12:16 +02:00
drduh
18320b0562
Merge pull request #128 from vorburger/patch-4 
add 'sshd -eddd' Troubleshooting tip
 2019-09-17 01:22:14 +00:00
drduh
57e712b830
Merge pull request #129 from vorburger/patch-5 
fix link to YubiKey (non-NEO) Manager (fixes #124)
 2019-09-17 01:21:19 +00:00
drduh
877a4a7e99
Merge pull request #127 from vorburger/patch-3 
simplify Agent Forwarding (RemoteForward typically not required)
 2019-09-17 01:20:55 +00:00
Michael Vorburger ⛑️
8e8c138362
fix link to YubiKey (non-NEO) Manager (fixes #124) 2019-09-17 00:48:16 +02:00
Michael Vorburger ⛑️
ae35e707b6
add 'sshd -eddd' Troubleshooting tip 2019-09-17 00:35:26 +02:00
Michael Vorburger ⛑️
dd1a3ce4a8
simplify Agent Forwarding (RemoteForward typically not required) 2019-09-17 00:27:19 +02:00
Michael Vorburger ⛑️
de193ee363
clarify that SSH_AUTH_SOCK should only be set locally, not on the remote server 2019-09-16 23:59:50 +02:00
Michael Vorburger ⛑️
8ba087efe4
fix link to Remote Machines (Agent Forwarding) in TOC 2019-09-16 23:47:57 +02:00
drduh
5bbad1fc4c Mention forwarding risk and Ubuntu multiverse repository, fix #116. 2019-08-29 12:21:55 -07:00
Alex Romanov
e1d5e6fb9d
Fix typo from #122 2019-08-28 01:25:49 -07:00
Thomas A Caswell
f8880975b8
DOC: justify why you would want to sign your new key 2019-08-26 21:10:19 -04:00
Thomas A Caswell
5df1226971
DOC: notes an adding more emails 2019-08-23 12:57:08 -04:00
Thomas A Caswell
de7675f7a9
DOC: add section on signing with existing key 2019-08-23 12:54:28 -04:00