YubiKey-Guide

mirror of https://github.com/drduh/YubiKey-Guide.git synced 2024-06-26 03:12:35 +00:00

Author	SHA1	Message	Date
Jean-Paul van Ravensberg	1a955f88aa	Add small adjustments after renewing my subkeys	2021-11-07 13:07:01 +01:00
Matthias Pigulla	76d32d2cd9	Point out that paperkey backups are password-protected Fixes #263. Really though decision to make whether a paper printout with the password is a good way to go (recoverable but needs a really good place to keep) or not (more protection, but possibly worthless).	2021-10-25 09:31:57 +02:00
drduh	fe6434577b	Merge pull request #291 from gaffneyd4/improve-recovery-guide Added clearer recovery options	2021-10-24 11:08:50 -07:00
drduh	5823d488f3	Merge pull request #290 from NiklasMerz/mac-m1 add pinentry path for M1 macs	2021-10-24 11:08:10 -07:00
drduh	2cbfcfba49	Merge pull request #288 from watermelonpizza/master Use GPT instead of MBR	2021-10-24 11:07:16 -07:00
drduh	1c1e76623f	Merge pull request #285 from jaeha-choi/master Add Key Derived Function (KDF) setting	2021-10-24 10:53:28 -07:00
drduh	b621273182	Merge pull request #284 from jsoref/grammar Minor grammar fixes	2021-10-24 10:52:28 -07:00
Derek Gaffney	248e207527	Add TOC entry, fix link	2021-10-10 08:52:12 -04:00
Wheest	77394c2773	Added clearer recovery options	2021-10-10 08:44:26 -04:00
Niklas Merz	6740fa9a10	add pinentry path for M1 macs Closes #289	2021-10-05 22:16:36 +02:00
Daniel Miller	3418634c66	Use GPT instead of MBR	2021-10-04 22:10:12 +11:00
basbebe	ad09f543af	add prefix and date to temporary folder This makes identifying the latest version easier when daleing with backups.	2021-09-30 10:46:06 +02:00
Jaeha Choi	b59107d413	Add note about KDF	2021-09-06 20:29:32 -07:00
Josh Soref	a98866a185	Minor grammar fixes	2021-08-26 00:20:09 -04:00
apiraino	d25f131c38	linting Signed-off-by: apiraino <apiraino@users.noreply.github.com>	2021-08-22 21:31:20 +02:00
apiraino	5182d5e3d8	Rewrite keys generation tutorial The master key is now created with `--batch` and a configuration script. The subkeys are created with the quick key manipulation interface (`--quick-add-key`). Also provided two configuration scripts as templates for a RSA4096 or a ED25519 master key. Signed-off-by: apiraino <apiraino@users.noreply.github.com>	2021-08-22 21:31:17 +02:00
drduh	31074ac13d	Stage alternatives section and cleanup grammar	2021-08-15 17:06:20 -07:00
drduh	569231bf2b	Note to permasave password to fix #206	2021-08-15 16:12:36 -07:00
drduh	371d4ec77b	Mention the yubikey troubleshooting guide for gpg to fix #217	2021-08-15 15:46:14 -07:00
drduh	7bfae57336	Update filenames to fix #222	2021-08-15 15:42:53 -07:00
drduh	a02350f318	Merge pull request #276 from pedrohdz-scrap/clarify.pins-take.2 Clarified PIN config	2021-08-15 15:36:44 -07:00
drduh	92e2a5e8ac	Merge pull request #262 from iandstanley/patch-1 switching between Yubikeys	2021-08-15 15:24:30 -07:00
drduh	8816d9759f	Merge pull request #264 from iandstanley/master added mention of ssh key support for blue security keys	2021-08-15 15:22:11 -07:00
Pedro H	1a83925dda	Expanded on GPG PIN config	2021-08-10 14:37:28 +02:00
Andrew Martinez	87f48f547b	clarify pins, drduh/YubiKey-Guide#248 - define each pin name, default, usage - call out special admin pin restrictions	2021-08-10 12:50:36 +02:00
Sven Reissmann	23caa2c36b	Update nixos LiveCD example ````nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-kde.nix```` no longer exists. Update to ````nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-plasma5.nix````	2021-07-05 10:19:58 +02:00
Ian Stanley	15bb00b428	added mention of ssh key support for blue security keys As detailed in their recent press release and blog post https://www.yubico.com/blog/github-now-supports-ssh-security-keys/	2021-06-08 20:59:02 +01:00
Ian Stanley	f6818480a5	added to section multiple Yubikeys section re: switching between Yubikeys section describes the issue and the remedy for GPG stubs only pointing to the Yubikey that was last subject to the keytocard command	2021-06-04 22:47:38 +01:00
drduh	20dd0687cd	Merge pull request #247 from jamesob/jamesob-21-03-pass-trouble Add note about pass insert error and `trust-key` usage	2021-05-31 16:21:51 +00:00
drduh	21c0e03cd0	Merge pull request #246 from whiskeysierra/patch-1 Update usage of ykman	2021-05-31 16:21:24 +00:00
drduh	6490586595	Merge pull request #232 from captn3m0/warning [security] Adds warning about PUK being default	2021-05-31 16:19:49 +00:00
drduh	1566801177	Merge pull request #231 from captn3m0/change-puk Adds instructions on changing the PUK	2021-05-31 16:19:29 +00:00
Michael Vorburger ⛑️	49bfbf81ed	Add hint re. (new) `ssh-keygen -t ed25519-sk`	2021-05-01 16:20:32 +02:00
James O'Beirne	47cd085518	Add note about pass insert error and `trust-key` usage When using a previously provisioned YubiKey on a new computer, I was met with an "Unusable public key" error when trying to insert a new password, despite being able to decrypt pass entries. I tried setting the trust on the key via `gpg --edit-key`, but was then met with "Need secret key to do this." I found that the solution is apparently to use the `trust-key` directive in `~/.gnupg/gpg.conf`, which is not mentioned in the README at the moment.	2021-03-25 11:40:22 -04:00
Willi Schönborn	592bdc5733	Update usage of ykman Fixes the following warning: WARNING: The use of this command is deprecated and will be removed! Replace with: ykman openpgp keys set-touch	2021-03-24 14:51:38 +01:00
drduh	de29a9e45c	Merge pull request #242 from inducer/patch-1 Fix: "quit" to save -> "save" to save	2021-02-11 17:11:41 -08:00
drduh	1d03a5201d	Merge pull request #240 from basbebe/macOS-GUI-setup Add SSH setup for macOS GUI applications	2021-02-08 22:55:21 -08:00
berwag	fb4d390317	Update README.md	2021-02-04 19:39:15 +01:00
berwag	4370ba86ac	Update README.md changed wording according to yubischiess' comment	2021-01-28 11:19:53 +01:00
berwag	ed85d93845	Additions to "Required Software" proposed change according to Issue#215	2021-01-27 20:24:51 +01:00
Andreas Klöckner	d921fa05bb	Fix: "quit" to save -> "save" to save	2021-01-13 11:32:41 -06:00
basbebe	a65cdca19a	add fish config	2021-01-10 20:01:55 +01:00
basbebe	9fe946c8b1	Add SSH setup for macOS GUI applications On macOS, a LaunchAgent needs to be created to overwrite the system's SSH agent. see https://github.com/drduh/YubiKey-Guide/issues/229	2021-01-10 19:54:58 +01:00
drduh	4544d41d4c	Merge pull request #225 from ZenithalHourlyRate/gpg-agent-forward Add New Agent Forward Method and Clarify Two Methods	2020-12-30 09:14:23 -08:00
Nemo	548b2adf2b	Adds warning about PUK being default	2020-12-25 12:52:39 +05:30
Nemo	8c5dfd2475	Adds instructions on changing the PUK	2020-12-25 12:49:06 +05:30
Zenithal	1eacf97835	Rephrase one sentence according to one comment on drduh/YubiKey-Guide#225	2020-12-24 21:08:41 +08:00
Zenithal	a24fa8f373	Add subsections on chained agent forwarding	2020-12-24 21:01:44 +08:00
Zenithal	7e49f5cc89	Add note on chained agent forwarding	2020-12-03 01:18:21 +08:00
Zenithal	52727f1e04	Correct WSL agent forwarding This is a mix of two forwarding method, this commit separates them	2020-12-03 01:16:47 +08:00
Zenithal	6097e6762c	Change note in alter agent section Different methods have different requirements	2020-12-03 01:01:36 +08:00
Zenithal	0d06d2ace8	Add new method for ssh-agent forwarding	2020-12-03 00:52:43 +08:00
Zenithal	54f9e8a3f9	Add details to GPG-Agent forward; Alter structure GPG Agent forwarding has a broader usage, not only limited to ssh-agent forwarding. In this commit gpg-agent forwarding is raised as a separate section as it can not be contained by #SSH any longer. More details are added for gpg-agent forwarding, including some important notes taken from practice and analysis. For ssh-agent forward, older method are contained, and new method will be included as framework has been structured.	2020-12-03 00:13:15 +08:00
Zenithal	410a1d6ac2	Change format of important notes in mutt subsection	2020-12-02 23:23:34 +08:00
Zenithal	083aa53cf0	Add Mutt subsection in Email section	2020-12-02 22:59:30 +08:00
Zenithal	0ea32bb949	Add Mutt in Email intro	2020-12-02 22:35:56 +08:00
drduh	fc6f9eb80d	Merge pull request #218 from DevSecNinja/devsecninja/addPowerShellCommand Add PowerShell command to get YubiKey name	2020-11-21 10:59:23 -08:00
drduh	006ea19d04	Merge pull request #213 from linutsdc/fix-links Fix links with parentheses	2020-11-21 10:48:00 -08:00
drduh	5c0bcd40a7	Merge pull request #211 from rgevaert/patch-1 unset GNUPGHOME variable	2020-11-21 10:45:59 -08:00
drduh	f2aeed1b55	Merge pull request #214 from anmull/debian-iso-version Changes command to download Debian ISO to use the value in the SHA512SUMS file	2020-11-21 10:45:40 -08:00
Nemo	7067ba6c38	Fix reset command gpg-connect-agent uses `-r/--run` not `-R`	2020-11-14 09:24:19 +00:00
Jean-Paul van Ravensberg	b1d3d279eb	Change edit to create or edit As gpg-agent.conf didn't exist on my system	2020-10-31 11:29:35 +01:00
Jean-Paul van Ravensberg	fd4b6f3eb4	Add PowerShell command to get YubiKey name	2020-10-31 11:15:51 +01:00
Anthony Muller	70dc01467b	Update verification of Debian ISO to not hardcode the version.	2020-09-25 18:11:40 +00:00
Anthony Muller	967ca3cc52	Change Debian ISO url to be generated from the contents of SHA512SUM. This removes the need to maintain the version number, which is currently out of date.	2020-09-25 08:18:44 +00:00
andy	f0e877fe5f	Fix links with parentheses	2020-09-17 19:31:00 -04:00
dragon788	94a753d4a1	Merge branch 'master' into update-python-refs	2020-09-02 13:57:38 -05:00
Rudy Gevaert	547c1267bc	unset GNUPGHOME variable if not done, in the next step you get error: gpg: keyblock resource '/home/..../gnupg-workspace/pubring.kbx': No such file or directory gpg: no writable keyring found: Not found	2020-09-01 14:20:32 +02:00
drduh	03f0e40558	Merge branch 'master' of https://github.com/Amolith/YubiKey-Guide into Amolith-master	2020-08-30 14:19:41 -07:00
Mirko Vogt	767b84eb3b	Add option to retrieve additionaly entropy from YubiKey itself	2020-08-29 16:24:34 +00:00
Amolith	0e7dabeeeb	change defaults and add info to #Require touch As mentioned in #197, the previous behaviour would require users to touch their key any time an authentication, signing, or encryption operation was performed. In some situations, this behaviour would be undesirable and the only way to revert it would be fully resetting the key and starting from scratch. Rather than using `fixed`, this commit simply turns the feature `on` so the user can change it later if they wish. Additionally, a note about the other policies was included so users can decide for themselves which fits their situation better.	2020-08-26 23:42:53 -04:00
dragon788	9bb54914b4	Merge branch 'master' into update-python-refs	2020-08-23 13:20:03 -05:00
drduh	697a7d8fb9	Merge pull request #203 from bengim/bengim-patch-PyOpenSSL fixing wrong cryptography version	2020-08-22 14:19:45 -07:00
bengim	2187610c1d	Update README.md fixing wrong cryptography version by explicitly installing PyOpenSSL	2020-08-22 19:33:38 +04:00
dragon788	58b7c819d7	Python2 is EOL, update packages/references to Py3	2020-08-21 17:55:28 -05:00
Stefano Figura	8a95de3e3f	Correct spelling	2020-08-14 00:12:06 +02:00
Stefano Figura	a2bc415f84	Update wording Ensure that is clear that we do not need to modify keys or even plug the yubikey	2020-08-14 00:06:37 +02:00
Stefano Figura	8a08a8ac15	Update notation section	2020-08-13 23:51:42 +02:00
Stefano Figura	c9ea04db2c	Add notations section	2020-08-13 23:45:18 +02:00
b1f6c1c4	f6f2c26e90	Fix usage inconsistency Master key shall only be used to certify other keys. The usage indicator in README.md is inconsistently shown as SC and C.	2020-08-11 02:17:08 -04:00
Kenny MacDermid	78164e8bfd	Set touch policy to fixed. Setting the touch policy to `on` does not prevent the policy from later being turned off again. Setting it to `fixed` is more secure because it can not be turned off. If someone wants to disable the touch policy they can always restore the keys from the backups created in the guide.	2020-05-27 16:39:29 -03:00
Sebastian Schmieschek	e1055025fe	Add information on potential PIN issues and how to debug them I missed the error message when attempting to set a PIN of only 5 characters due to the UI repeating the options below it. Pinentry happily stores the bogus PIN and even counts down the retry counter when entering the correct (default) one. This can be resolved by unblocking the PIN. Once I ran the gpg-agent with debug output (a tip found in the added link), the issue was obvious.	2020-05-27 11:46:19 +01:00
drduh	ccb8b0130a	Stack rank secure environment and add a few tips	2020-05-25 12:49:07 -07:00
drduh	0bd52ed7d8	Merge pull request #185 from vald-phoenix/fix-borken-anchor Fix broken anchor	2020-05-24 17:09:09 +00:00
Max Mäusezahl	1cf9656b33	Fix order of revocation command. According to 'man gpg' the order of arguments should be gpg [--homedir name] [--options file] [options] command [args] In this case '--gen-revoke' is the command, '$KEYID' is an argument and '--output $GNUPGHOME/revoke.asc' is an option. Previously this was incorrect (option came first) and would spawn an error.	2020-05-24 17:53:56 +02:00
Mike Mazur	de13c8dba6	Include --expert when editing master key This is specifically during setup when rotating keys.	2020-05-17 21:00:03 +08:00
Vladyslav Krylasov	4c1d538c60	Fix broken anchor There are two anchors with the same name and this breaks navigation.	2020-05-04 19:19:02 +01:00
Jason Stelzer	aea317b527	Clarified wording	2020-05-04 08:28:23 -04:00
Jason Stelzer	07134a4e4f	GPG keys on multiple computers I feel like this took me longer to figure out than it should have.	2020-05-04 08:22:14 -04:00
drduh	93cbbd9d8b	Address throw-keyids issue with mailvelope to fix #178	2020-05-03 14:18:29 -07:00
drduh	46d1d89115	Split export pubkey from backup to fix #175	2020-05-03 14:07:35 -07:00
drduh	bf38b94a65	Disambiguate backup volume label to fix #176 .	2020-05-03 13:45:58 -07:00
drduh	aad01ffde4	Merge pull request #180 from vald-phoenix/yubikey-reset-by-ykman Describe ykman PGP keys reset	2020-05-03 18:12:47 +00:00
drduh	3be47a8c32	Merge pull request #179 from vald-phoenix/multiple-yubikeys Describe card serial number error	2020-05-03 18:12:28 +00:00
drduh	a1a4a303f9	Merge pull request #177 from apiraino/revoke-cert Add instructions to create a revoke certificate	2020-05-03 18:11:37 +00:00
drduh	afd3fafcc5	Merge pull request #170 from murphy83/Abort-Trick Added some additonal text describing alternatives that may be used	2020-05-03 18:10:49 +00:00
Vladyslav Krylasov	44d76ac5ab	Describe card serial number error	2020-04-29 00:52:24 +01:00
Vladyslav Krylasov	6108558645	Describe ykman PGP keys reset	2020-04-28 21:28:44 +01:00
apiraino	2698cecd4c	Add instruction to create a revoke certificate	2020-04-28 16:19:18 +02:00
Daniel Sockwell	b5adb349ad	Add steps for renewing (not rotating) sub-keys As discussed in issue #164, the current section on Rotating Keys presents two alternatives: replacing the existing keys with a newly generated key or extending the validity of existing keys by changing their expiration. However, it only provides instructions for the first approach. This commit adds instructions for renewing sub-keys. I am far from an expert, and am submitting this change mostly in hopes that it will provide documentation for the next time I need to renew my sub-keys. I would welcome any changes or clarifications others would care to offer.	2020-03-24 12:42:42 -04:00
Murphy Laptop	db1d86cdd8	Added some additonal text describing alternatives that may be used	2020-03-02 21:18:56 +01:00
drduh	2c2cec316c	Bump Debian version, license year	2020-02-12 09:38:36 -08:00
drduh	2fc50760db	Merge pull request #160 from rvl/nixos Add instructions for NixOS	2020-01-22 06:39:14 +00:00
drduh	51ed654e43	Merge pull request #159 from rvl/multiple-yubikeys Add more detail about what to do with multiple YubiKeys	2020-01-22 06:39:08 +00:00
Rodney Lorrimar	bb5184a0b3	Add instructions for NixOS I just tested these steps on a spare laptop.	2020-01-22 10:27:55 +10:00
Rodney Lorrimar	b45174f185	Add more detail about what to do with multiple YubiKeys	2020-01-22 09:40:34 +10:00
Rodney Lorrimar	6cd76216c5	Add information about setting the primary user ID	2020-01-22 09:12:17 +10:00
Andrea Scarpino	8f10cd5819	Fix gnupg package name for Arch `gnupg2` has been [removed since March 2012](https://lists.archlinux.org/pipermail/arch-dev-public/2012-March/022690.html)	2020-01-21 12:01:27 +01:00
wsyxbcl	bb0a0d1ac8	fix broken links	2020-01-12 00:20:07 +08:00
Mark Fayngersh	e4a063e0f0	Update GitHub instructions on Windows Add command to instruct Git to use WinGPG	2020-01-07 16:13:48 -05:00
drduh	1b5a2fefd8	Formatting cleanup	2019-12-30 15:36:11 -08:00
drduh	be7addad3c	Use larger partition sizes to fix #149 .	2019-12-30 15:22:39 -08:00
gusttt	908d3172a4	Fix typo in table of contents link	2019-12-16 15:05:46 +01:00
drduh	04127d566b	Document issue #145 and fix #142	2019-12-14 11:48:33 -08:00
drduh	11d6e1aff6	Fix url formatting	2019-11-19 17:28:45 -08:00
drduh	701d9eb50f	Update Debian version and fix #137	2019-11-19 17:24:57 -08:00
Maxim Baz	35e443f8cc	Mention yubikey-touch-detector	2019-11-17 20:42:04 +01:00
Emile 'iMil' Heitor	137300a713	Added a fix for failing ssh / GUI pinentry	2019-11-13 09:18:57 +01:00
Kiel C	010accf864	Add --keyserver flag pointing to Debian keyserver Fixes #131	2019-11-07 13:29:39 -08:00
Sun Knudsen	4524c11632	Added important note about pin caching #135	2019-10-19 14:05:49 -04:00
Jakub Skory	5f150b68e2	More lines with old debian version corrected	2019-10-09 22:08:31 +02:00
Jakub Skory	754e480792	New Debian version: 10.1.0 Before curl returned http/404	2019-10-09 21:40:03 +02:00
Gary Johnson	13b9a92985	Update VM option	2019-09-27 02:26:44 -04:00
Gary Johnson	0f5df64094	Update README.md Added primary source stating confirming that devices are read only in all but a few circumstances and that Keys ("secrets") cannot be read after being written to the device	2019-09-24 23:55:37 -04:00
drduh	541f8717e6	Merge pull request #126 from vorburger/patch-2 clarify that SSH_AUTH_SOCK should only be set locally, not on the remote server	2019-09-18 18:37:48 +00:00
Michael Vorburger ⛑️	42065a3b65	put additional information into single line	2019-09-17 20:12:16 +02:00
drduh	18320b0562	Merge pull request #128 from vorburger/patch-4 add 'sshd -eddd' Troubleshooting tip	2019-09-17 01:22:14 +00:00
drduh	57e712b830	Merge pull request #129 from vorburger/patch-5 fix link to YubiKey (non-NEO) Manager (fixes #124)	2019-09-17 01:21:19 +00:00
drduh	877a4a7e99	Merge pull request #127 from vorburger/patch-3 simplify Agent Forwarding (RemoteForward typically not required)	2019-09-17 01:20:55 +00:00
Michael Vorburger ⛑️	8e8c138362	fix link to YubiKey (non-NEO) Manager (fixes #124 )	2019-09-17 00:48:16 +02:00
Michael Vorburger ⛑️	ae35e707b6	add 'sshd -eddd' Troubleshooting tip	2019-09-17 00:35:26 +02:00
Michael Vorburger ⛑️	dd1a3ce4a8	simplify Agent Forwarding (RemoteForward typically not required)	2019-09-17 00:27:19 +02:00
Michael Vorburger ⛑️	de193ee363	clarify that SSH_AUTH_SOCK should only be set locally, not on the remote server	2019-09-16 23:59:50 +02:00
Michael Vorburger ⛑️	8ba087efe4	fix link to Remote Machines (Agent Forwarding) in TOC	2019-09-16 23:47:57 +02:00
drduh	5bbad1fc4c	Mention forwarding risk and Ubuntu multiverse repository, fix #116 .	2019-08-29 12:21:55 -07:00
Alex Romanov	e1d5e6fb9d	Fix typo from #122	2019-08-28 01:25:49 -07:00
Thomas A Caswell	f8880975b8	DOC: justify why you would want to sign your new key	2019-08-26 21:10:19 -04:00
Thomas A Caswell	5df1226971	DOC: notes an adding more emails	2019-08-23 12:57:08 -04:00
Thomas A Caswell	de7675f7a9	DOC: add section on signing with existing key	2019-08-23 12:54:28 -04:00
drduh	96c15ba3f3	Merge pull request #120 from timcooijmans/patch-1 Describe how to enable mailvelope on MacOS	2019-08-14 18:21:50 +00:00
Diego Rodriguez	3ae1656f5d	Update README.md When adding GPG SSH agent configuration to shell rc file, redirect output of gpg-connect-agent to /dev/null so that it doesn't output `OK` every time you bring up a new shell	2019-08-12 13:46:11 -06:00
timcooijmans	2309e2903d	Fix formatting	2019-08-09 21:54:54 +02:00
timcooijmans	e7d2507c47	Add description on how to enable mailvelope	2019-08-09 21:51:40 +02:00
David C. Bradley	399127c43d	Move output option to earlier in command The output option dosen't seem to work on Windows when it is at the end of the command. Moving it to earlier in the command fixes this issue.	2019-08-07 16:14:02 -05:00
Andrew Morgan	f36447a85b	State that `set-touch` used to be `touch`	2019-08-02 18:24:43 +01:00
drduh	6482036e17	Bump debian version and fix some grammar.	2019-07-07 19:45:22 -07:00
Matthew Riley	fddefb5245	Fix 'Require Touch' syntax The syntax to change Yubikey touch configurations has changed. Updating this accordingly.	2019-07-04 12:39:33 -04:00
drduh	48bf452e4b	Feature simpler multiple key workaround	2019-06-09 12:31:58 -07:00
drduh	09f3822a19	Link to multiple keys discussions. Fix #19 . Fix #112 .	2019-06-09 11:42:00 -07:00
Jakob Knutsen	1544d14689	Fix link to supply chain attacks	2019-06-09 12:11:52 +02:00

1 2 3 4 5 ...

377 Commits