1
0
mirror of https://github.com/drduh/YubiKey-Guide.git synced 2024-12-23 08:58:56 +00:00
Commit Graph

417 Commits

Author SHA1 Message Date
drduh
b2d55a80de
Merge pull request #408 from jpickwell/patch-1
Quote Debian Live ISO URL, and add $ to AWK RegExp.
2024-02-10 17:21:32 +00:00
drduh
db9316a8ce
Merge pull request #411 from motiejus/motiejus-flake
NixOS Live Image: convert to a flake
2024-02-10 17:21:06 +00:00
Phill Kelley
f8fcb0c2d1
add step to set disable-ccid in scdaemon.conf
Issue #404 reports "GPG acts like my YubiKey isn't plugged in".

With GnuPG 2.3 and later, the system can get into a loop where it
prompts for insertion of a YubiKey even though that YubiKey is already
connected.

The solution for this is to set `disable-ccid` in
`~/.gnupg/scdaemon.conf`.

Testing suggests setting `disable-ccid` does not interfere with earlier
versions of GnuPG (eg 2.2.27 on Debian Bullseye or 2.2.40 on Debian
Bookworm).

This problem has also been mentioned in #277 and #256. Including a step
in the Guide to set `disable-ccid` may help minimise recurrence.

Also takes the opportunity to ensure `~/.gnupg` directory exists on a
new system before downloading `gpg.conf`.

References:

* Ludovic Rousseau

	- [GnuPG and PC/SC conflicts](https://ludovicrousseau.blogspot.com/2019/06/gnupg-and-pcsc-conflicts.html)

* GnuPG.org:

	- [Scdaemon Options](https://www.gnupg.org/documentation/manuals/gnupg/Scdaemon-Options.html#index-disable_002dccid)

* YubiCo:

	- [Resolving GPG's CCID conflicts](https://support.yubico.com/hc/en-us/articles/4819584884124-Resolving-GPG-s-CCID-conflicts)
	- [Troubleshooting Issues with GPG](https://support.yubico.com/hc/en-us/articles/360013714479-Troubleshooting-Issues-with-GPG)

* Closed issues:

	- [277 pcscd: Error Reader Exclusive](https://github.com/drduh/YubiKey-Guide/issues/277)
	- [256 Update scdaemon.conf for gnupg 2.3 with MacOS (and possibly others)](https://github.com/drduh/YubiKey-Guide/issues/256)

Fixes #404

Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2024-02-10 14:11:33 +11:00
Motiejus Jakštys
84c9d9654d NixOS Live Image: convert to a flake
Now `nixpkgs` will be pointing to a specific release, which has a much
smaller chance to unexpectedly break. Currently 23.11. The next one will
be 24.05, 24.11, etc.

NixOS *releases* receive security updates, but packages are upgraded
conservatively, thus don't generally break. As a result, we should need
to worry about NixOS upgrades every 6-12 months. The upgrade means "bump
the version number and try to build it". If it breaks, it will generally
break only then. Less reactive, more proactive surprises.

`flake.nix` was written by @thomaseizinger in
https://github.com/drduh/YubiKey-Guide/issues/406. Changes from the
original:
- change Gnome to xfce. Now it loads with 384MB of RAM and works well
  with the simplest graphics (hello qemu).
- less nasty workaround for hopenpgp-tools. Fixed upstream
  (https://github.com/NixOS/nixpkgs/pull/279117).
- do not default `copytoram`, user can select this option in the
  bootloader.

Here is how to test it:

```
$ nix run .#nixosConfigurations.yubikeyLive.x86_64-linux.config.system.build.vm
```

*Note for the maintainer*: it would be great if you could occasionally
run `nix flake update --commit-lock-file`, *especially* after updating
github.com/drduh/config.git.

Fixes #406

Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
2024-02-04 14:03:54 +02:00
Colin Grady
80a90f8813 Update link to genuine device check info 2024-01-25 08:28:01 -07:00
Jordan Pickwell
adf11bfdd5
Update README.md
Quote ISO URL, and add `$` RegExp end-of-string anchor to return only the ISO file and none of the other entries that contain `xfce.iso`.

This avoids unnecessary cURL errors.
2024-01-04 12:49:36 -06:00
West
7dedee95e0
Fix deprecated boot.cleanTmpDir for boot.tmp.cleanOnBoot 2023-10-21 03:22:22 +00:00
drduh
f76004cffc Update debian version 2023-10-15 21:02:59 -07:00
drduh
41f3cce9f0 Remove ancient keyservers 2023-10-15 20:50:42 -07:00
drduh
703c6aa37f
Merge pull request #386 from Xronophobe/docs/update-debian-12-live
add notes for installing #Required Software on Debian 12
2023-10-15 16:19:26 -07:00
drduh
5d1e524af5
Merge pull request #387 from dkarlovi/patch-1
fix: add an explicit example about publishing the pubkey when expiring
2023-10-15 16:19:00 -07:00
drduh
ce29f5db92
Merge pull request #395 from alhirzel/patch-1
Add link to "makegpg" tool
2023-10-15 16:13:47 -07:00
drduh
dc201e90cd
Merge pull request #396 from zeorin/fix/nixos
Fix NixOS LiveCD image build
2023-10-15 16:12:53 -07:00
Xandor Schiefer
687ff41fb0
fix: use nix-build instead of nix build
`nix build` is a new "Nix command" that is technically still experimental.
2023-10-14 12:29:34 +02:00
Xandor Schiefer
6c422ee16f
fix: update hopenpgp-tools in the NixOS build
Fixes https://github.com/drduh/YubiKey-Guide/issues/370.
2023-10-14 12:29:23 +02:00
askiiart
1035e1ab39
Update rpmsphere version 2023-10-10 16:53:17 +00:00
Alex Hirzel
3f92a76287
Add link to "makegpg" tool 2023-09-22 10:28:23 -04:00
Csanad Beres
d4b3e5215b add note for installing yubikey-manager on Debian 12 2023-08-18 19:40:26 +02:00
Csanad Beres
ec47fa32d6 add note on installing hopenpgp-tools on Debian 12 2023-08-18 19:30:57 +02:00
Dalibor Karlović
2383a66823
fix bad copy paste 2023-08-14 10:19:42 +02:00
drduh
4a641dffd0
Merge pull request #391 from FedericoSchonborn/master
Required Software/NixOS: Replace yubioath-desktop with yubioath-flutter
2023-08-13 13:25:14 -07:00
drduh
f486224f5d
Merge pull request #388 from Paraphraser/20230628-multiple-hosts-master
2023-06-28 Add section on setting up multiple hosts
2023-08-13 13:23:52 -07:00
drduh
e89e855bb4
Merge pull request #383 from o-kotb/master
Update ykman set-touch instructions
2023-08-13 13:11:05 -07:00
drduh
b62293979b
Merge pull request #380 from smoores-dev/adduid
Add instructions for adding a new identity
2023-08-13 13:10:43 -07:00
drduh
b047e2f666
Merge pull request #379 from Dreista/patch-1
Fix typo
2023-08-13 13:09:12 -07:00
Federico Damián Schonborn
018f7d0e68
Required Software/NixOS: Replace yubioath-desktop with yubioath-flutter
Trying to use yubioath-desktop results on this error:

    yubioath-desktop has been deprecated by upstream in favor of yubioath-flutter

On the current stable channel (23.05).

Signed-off-by: Federico Damián Schonborn <fdschonborn@gmail.com>
2023-07-16 01:09:42 -03:00
Phill Kelley
61def5abda
add missing code-fence language indicators + zap extraneous tabs
Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2023-06-29 14:24:25 +10:00
Phill Kelley
008f1caf79
explain use of card URL field to obtain public key from keyserver
Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2023-06-29 11:35:30 +10:00
Phill Kelley
0310feaecc
2023-06-28 Add section on setting up multiple hosts
Issue #382 suggests adding a section explaining how to use the same
YubiKey on multiple hosts.

This PR incorporates most of the suggestions.

Fixes: #382

Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2023-06-28 23:44:09 +10:00
Dalibor Karlović
3caab5bacf
fix typo 2023-06-26 11:21:22 +02:00
Dalibor Karlović
619537629f
fix: add an explicit example about publishing the pubkey when expiring 2023-06-26 11:19:08 +02:00
Omar Kotb
327307dc46
Update ykman set-touch instructions 2023-05-15 10:52:19 +03:00
Shane Friedman
bc6582062c
Add instructions for adding a new identity 2023-04-15 21:31:29 -04:00
Kumiko as a Service
fefe40f36d
Fix typo
pegant -> pageant
2023-03-31 03:55:58 -04:00
Tai Groot
ec2e8cae7e add polkit rule troubleshooting tip 2023-03-21 15:57:51 -07:00
drduh
fec6e92b8f
Merge pull request #372 from PhilipMay/patch-2
Mac command to activate change for pinentry.
2023-03-19 10:42:26 -08:00
Philip May
b6c2485f43
Update README.md 2023-02-16 20:59:04 +01:00
Philip May
0bccb363c2
Update README.md 2023-02-16 20:34:52 +01:00
drduh
e823203503 Update toc 2022-12-26 14:44:27 -08:00
drduh
33d0f87a34 More entropy cleanup, move batch instructions to alt 2022-12-26 14:33:09 -08:00
drduh
ee84dc53ac Clean up entropy instructions 2022-12-26 14:13:21 -08:00
drduh
8888e329f6 Fix spacing 2022-12-26 11:29:56 -08:00
drduh
600900b4fb mention gnupg on tpm 2022-12-26 11:24:57 -08:00
drduh
658d806b6a mention wsl2-ssh-pageant alt 2022-12-26 11:22:19 -08:00
drduh
b476dc37b5 mention KO attacks 2022-12-26 11:20:03 -08:00
drduh
ad340b5f18 mention forcesig flag to prompt pin each time 2022-12-26 11:13:43 -08:00
drduh
18cf52dfb7 Note public key recovery article 2022-12-26 11:06:25 -08:00
drduh
90a3ebc546 safe quote remove-keygrips.sh 2022-12-26 10:54:14 -08:00
drduh
3572d911b5 Update admin command order, plink quotes and keytocard note 2022-12-26 10:50:22 -08:00
drduh
0666a2b38c
Merge pull request #356 from OrganicPanda/patch-1
Reorder cleanup commands
2022-12-26 10:07:53 -08:00
drduh
a307cb9bec
Merge pull request #350 from Flower7C3/patch-1
Update ykman openpgp command
2022-12-26 10:06:02 -08:00
drduh
7fcd347dfa
Merge pull request #342 from zeorin/master
Air-gapped NixOS LiveCD image
2022-12-26 10:05:40 -08:00
Steve Thomson
ce3e8ffdde
reorder cleanup 2022-11-21 21:53:50 +00:00
Bartłomiej Jakub Kwiatek
1eeaf3fb56
Update README.md
openpgp set-pin-retries is moved to openpgp access set-retries
2022-10-24 17:28:53 +02:00
Xandor Schiefer
fcc77d4159 feat: offline NixOS LiveCD image
Includes inspiration from https://github.com/dhess/nixos-yubikey
2022-10-03 12:04:21 +02:00
HexPandaa
0e2e0576ca
Add link to list of PGP-compatible keys 2022-09-12 13:51:13 +02:00
HexPandaa
53ecdf8ad4
Mention Bio Series - FIDO Edition
Per Yubico's documentation, these do not support OpenPGP:
- https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP
- https://support.yubico.com/hc/en-us/articles/4407752687378-YubiKey-C-Bio-FIDO-Edition
- https://www.yubico.com/fr/store/#yubikey-bio-series-fido-edition
2022-09-12 13:47:27 +02:00
drduh
5eeae2be7e
Merge pull request #282 from apiraino/rewrite-key-creation-take2
Rewrite key creation
2022-08-21 11:31:42 -07:00
drduh
eb85c68a62
Merge pull request #314 from smlx/piv-agent
chore: add piv-agent to Alternatives section
2022-08-21 11:28:10 -07:00
drduh
e14dca52ba
Merge pull request #315 from peterbabic/master
replace dead link with the web archive
2022-08-21 11:26:48 -07:00
drduh
0f0e427ff1
Merge pull request #318 from pmengelbert/agent-refused-operation-fix
Possible fix for the 'signing failed: agent refused operation' error
2022-08-21 11:26:36 -07:00
drduh
6ef03b6c09
Merge pull request #320 from SeanOMik/fedora-required-software
Add Fedora required software section
2022-08-21 11:26:08 -07:00
drduh
9858502a28
Merge pull request #319 from dhoppe/patch-1
Update OneRNG to version 3.7
2022-08-21 11:25:36 -07:00
drduh
5c4d952a29
Merge pull request #332 from engdoreis/update-pin-retry-cmd
Update the command to change the pin retry attempts
2022-08-21 11:24:23 -07:00
drduh
81ebc0799a
Merge pull request #324 from Granddave/master
State release date of Yubico press release
2022-08-21 11:23:53 -07:00
drduh
8f2cd81a9f
Merge pull request #338 from franciosi/patch-1
Quick VMware Name Correction
2022-08-21 11:23:37 -07:00
Felix Kronlage-Dammers
dae723b409 make launchctl commands more copy 'n paste friendly 2022-08-10 21:40:12 +02:00
Franciosi
085f11a3cc
Quick VMware name correction
s/VMWare/VMware
2022-08-09 21:20:21 -03:00
Douglas Reis
9c2a5c9598 Update the command to change the pin retry attempts
Signed-off-by: Douglas Reis <doreis@lowrisc.org>
2022-06-19 10:30:09 +01:00
David Isaksson
75f771b346
State release date of Yubico press release 2022-05-14 18:11:01 +02:00
SeanOMik
136d6884a5
Add Fedora required software section 2022-04-28 00:10:08 -04:00
Dennis Hoppe
a8c581cca7
Update OneRNG to version 3.7 2022-04-25 11:47:21 +02:00
Peter Engelbert
b2038e8e89
Add explanation of a possible fix for the signing failed: agent refused operation error
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
2022-04-22 10:04:19 -05:00
apiraino
03f37b8513
Add section to quickly create keys 2022-04-15 11:34:01 +02:00
apiraino
813352d30a
reset all changes 2022-04-12 16:04:34 +02:00
apiraino
a725230d23
Merge branch 'master' into rewrite-key-creation-take2 2022-04-12 14:48:28 +02:00
Peter Babič
26e474b9bd
replace dead link with the web archive 2022-04-12 07:36:49 +02:00
Scott Leggett
7771a3f52b
chore: add piv-agent to Alternatives section 2022-04-12 01:07:23 +08:00
drduh
dc29279197
Merge pull request #311 from michael-k/typo
Fix typo (numnber → number)
2022-04-09 11:46:06 -07:00
beardedbotanist
93ff1d3595
Adding wget as prerequisite on macOS
When i was following the guide I could not fetch the gpg config because I was missing wget
2022-04-08 14:57:09 -04:00
Michael Käufl
204b9f814f
Fix typo
Closes drduh/YubiKey-Guide#297
2022-03-17 18:18:07 +01:00
drduh
4615b5e919
Merge pull request #292 from mpdude/patch-1
Point out that paperkey backups are password-protected
2022-03-16 15:29:42 -07:00
drduh
14e951bb01
Merge pull request #294 from DevSecNinja/patch-1
Add small adjustments after renewing my subkeys
2022-03-16 15:29:16 -07:00
drduh
3f959cfc0d
Merge pull request #308 from okada-h/add-missing-preposition
Add missing preposition ("be able use" -> "be able to use")
2022-03-16 15:28:53 -07:00
drduh
6992c9e115
Merge pull request #295 from pedrohdz-scrap/no-puk
Fixed broken "Change PUK" link
2022-03-16 15:28:39 -07:00
drduh
55be657375
Merge pull request #303 from maxromanovsky/patch-1
Fix for `tr: Illegal byte sequence` on macOS
2022-03-16 15:28:16 -07:00
Dirk-jan Mollema
1e3e4bccbc
Add notes about KDF compatibility (solves #307) 2022-02-15 04:19:10 -08:00
Hiroki Okada
543d218b68 Add missing preposition ("be able use" -> "be able to use") 2022-01-28 03:39:57 +09:00
Maksim Ramanouski
c69fc7badf
Fix for tr: Illegal byte sequence on macOS 2022-01-02 14:04:43 +01:00
Pedro H
33993e767c
Fixed broken "Change PUK" link
Fixed a broken link found in
https://github.com/drduh/YubiKey-Guide/issues/287 and updated the text.
2021-11-13 14:42:05 +01:00
Jean-Paul van Ravensberg
1a955f88aa
Add small adjustments after renewing my subkeys 2021-11-07 13:07:01 +01:00
Matthias Pigulla
76d32d2cd9
Point out that paperkey backups are password-protected
Fixes #263. Really though decision to make whether a paper printout with the password is a good way to go (recoverable but needs a really good place to keep) or not (more protection, but possibly worthless).
2021-10-25 09:31:57 +02:00
drduh
fe6434577b
Merge pull request #291 from gaffneyd4/improve-recovery-guide
Added clearer recovery options
2021-10-24 11:08:50 -07:00
drduh
5823d488f3
Merge pull request #290 from NiklasMerz/mac-m1
add pinentry path for M1 macs
2021-10-24 11:08:10 -07:00
drduh
2cbfcfba49
Merge pull request #288 from watermelonpizza/master
Use GPT instead of MBR
2021-10-24 11:07:16 -07:00
drduh
1c1e76623f
Merge pull request #285 from jaeha-choi/master
Add Key Derived Function (KDF) setting
2021-10-24 10:53:28 -07:00
drduh
b621273182
Merge pull request #284 from jsoref/grammar
Minor grammar fixes
2021-10-24 10:52:28 -07:00
Derek Gaffney
248e207527
Add TOC entry, fix link 2021-10-10 08:52:12 -04:00
Wheest
77394c2773
Added clearer recovery options 2021-10-10 08:44:26 -04:00
Niklas Merz
6740fa9a10
add pinentry path for M1 macs
Closes #289
2021-10-05 22:16:36 +02:00