1
0
mirror of https://github.com/drduh/YubiKey-Guide.git synced 2024-11-15 16:57:08 +00:00
Commit Graph

364 Commits

Author SHA1 Message Date
Bartłomiej Jakub Kwiatek
1eeaf3fb56
Update README.md
openpgp set-pin-retries is moved to openpgp access set-retries
2022-10-24 17:28:53 +02:00
Xandor Schiefer
fcc77d4159 feat: offline NixOS LiveCD image
Includes inspiration from https://github.com/dhess/nixos-yubikey
2022-10-03 12:04:21 +02:00
HexPandaa
0e2e0576ca
Add link to list of PGP-compatible keys 2022-09-12 13:51:13 +02:00
HexPandaa
53ecdf8ad4
Mention Bio Series - FIDO Edition
Per Yubico's documentation, these do not support OpenPGP:
- https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP
- https://support.yubico.com/hc/en-us/articles/4407752687378-YubiKey-C-Bio-FIDO-Edition
- https://www.yubico.com/fr/store/#yubikey-bio-series-fido-edition
2022-09-12 13:47:27 +02:00
drduh
5eeae2be7e
Merge pull request #282 from apiraino/rewrite-key-creation-take2
Rewrite key creation
2022-08-21 11:31:42 -07:00
drduh
eb85c68a62
Merge pull request #314 from smlx/piv-agent
chore: add piv-agent to Alternatives section
2022-08-21 11:28:10 -07:00
drduh
e14dca52ba
Merge pull request #315 from peterbabic/master
replace dead link with the web archive
2022-08-21 11:26:48 -07:00
drduh
0f0e427ff1
Merge pull request #318 from pmengelbert/agent-refused-operation-fix
Possible fix for the 'signing failed: agent refused operation' error
2022-08-21 11:26:36 -07:00
drduh
6ef03b6c09
Merge pull request #320 from SeanOMik/fedora-required-software
Add Fedora required software section
2022-08-21 11:26:08 -07:00
drduh
9858502a28
Merge pull request #319 from dhoppe/patch-1
Update OneRNG to version 3.7
2022-08-21 11:25:36 -07:00
drduh
5c4d952a29
Merge pull request #332 from engdoreis/update-pin-retry-cmd
Update the command to change the pin retry attempts
2022-08-21 11:24:23 -07:00
drduh
81ebc0799a
Merge pull request #324 from Granddave/master
State release date of Yubico press release
2022-08-21 11:23:53 -07:00
drduh
8f2cd81a9f
Merge pull request #338 from franciosi/patch-1
Quick VMware Name Correction
2022-08-21 11:23:37 -07:00
Felix Kronlage-Dammers
dae723b409 make launchctl commands more copy 'n paste friendly 2022-08-10 21:40:12 +02:00
Franciosi
085f11a3cc
Quick VMware name correction
s/VMWare/VMware
2022-08-09 21:20:21 -03:00
Douglas Reis
9c2a5c9598 Update the command to change the pin retry attempts
Signed-off-by: Douglas Reis <doreis@lowrisc.org>
2022-06-19 10:30:09 +01:00
David Isaksson
75f771b346
State release date of Yubico press release 2022-05-14 18:11:01 +02:00
SeanOMik
136d6884a5
Add Fedora required software section 2022-04-28 00:10:08 -04:00
Dennis Hoppe
a8c581cca7
Update OneRNG to version 3.7 2022-04-25 11:47:21 +02:00
Peter Engelbert
b2038e8e89
Add explanation of a possible fix for the signing failed: agent refused operation error
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
2022-04-22 10:04:19 -05:00
apiraino
03f37b8513
Add section to quickly create keys 2022-04-15 11:34:01 +02:00
apiraino
813352d30a
reset all changes 2022-04-12 16:04:34 +02:00
apiraino
a725230d23
Merge branch 'master' into rewrite-key-creation-take2 2022-04-12 14:48:28 +02:00
Peter Babič
26e474b9bd
replace dead link with the web archive 2022-04-12 07:36:49 +02:00
Scott Leggett
7771a3f52b
chore: add piv-agent to Alternatives section 2022-04-12 01:07:23 +08:00
drduh
dc29279197
Merge pull request #311 from michael-k/typo
Fix typo (numnber → number)
2022-04-09 11:46:06 -07:00
beardedbotanist
93ff1d3595
Adding wget as prerequisite on macOS
When i was following the guide I could not fetch the gpg config because I was missing wget
2022-04-08 14:57:09 -04:00
Michael Käufl
204b9f814f
Fix typo
Closes drduh/YubiKey-Guide#297
2022-03-17 18:18:07 +01:00
drduh
4615b5e919
Merge pull request #292 from mpdude/patch-1
Point out that paperkey backups are password-protected
2022-03-16 15:29:42 -07:00
drduh
14e951bb01
Merge pull request #294 from DevSecNinja/patch-1
Add small adjustments after renewing my subkeys
2022-03-16 15:29:16 -07:00
drduh
3f959cfc0d
Merge pull request #308 from okada-h/add-missing-preposition
Add missing preposition ("be able use" -> "be able to use")
2022-03-16 15:28:53 -07:00
drduh
6992c9e115
Merge pull request #295 from pedrohdz-scrap/no-puk
Fixed broken "Change PUK" link
2022-03-16 15:28:39 -07:00
drduh
55be657375
Merge pull request #303 from maxromanovsky/patch-1
Fix for `tr: Illegal byte sequence` on macOS
2022-03-16 15:28:16 -07:00
Dirk-jan Mollema
1e3e4bccbc
Add notes about KDF compatibility (solves #307) 2022-02-15 04:19:10 -08:00
Hiroki Okada
543d218b68 Add missing preposition ("be able use" -> "be able to use") 2022-01-28 03:39:57 +09:00
Maksim Ramanouski
c69fc7badf
Fix for tr: Illegal byte sequence on macOS 2022-01-02 14:04:43 +01:00
Pedro H
33993e767c
Fixed broken "Change PUK" link
Fixed a broken link found in
https://github.com/drduh/YubiKey-Guide/issues/287 and updated the text.
2021-11-13 14:42:05 +01:00
Jean-Paul van Ravensberg
1a955f88aa
Add small adjustments after renewing my subkeys 2021-11-07 13:07:01 +01:00
Matthias Pigulla
76d32d2cd9
Point out that paperkey backups are password-protected
Fixes #263. Really though decision to make whether a paper printout with the password is a good way to go (recoverable but needs a really good place to keep) or not (more protection, but possibly worthless).
2021-10-25 09:31:57 +02:00
drduh
fe6434577b
Merge pull request #291 from gaffneyd4/improve-recovery-guide
Added clearer recovery options
2021-10-24 11:08:50 -07:00
drduh
5823d488f3
Merge pull request #290 from NiklasMerz/mac-m1
add pinentry path for M1 macs
2021-10-24 11:08:10 -07:00
drduh
2cbfcfba49
Merge pull request #288 from watermelonpizza/master
Use GPT instead of MBR
2021-10-24 11:07:16 -07:00
drduh
1c1e76623f
Merge pull request #285 from jaeha-choi/master
Add Key Derived Function (KDF) setting
2021-10-24 10:53:28 -07:00
drduh
b621273182
Merge pull request #284 from jsoref/grammar
Minor grammar fixes
2021-10-24 10:52:28 -07:00
Derek Gaffney
248e207527
Add TOC entry, fix link 2021-10-10 08:52:12 -04:00
Wheest
77394c2773
Added clearer recovery options 2021-10-10 08:44:26 -04:00
Niklas Merz
6740fa9a10
add pinentry path for M1 macs
Closes #289
2021-10-05 22:16:36 +02:00
Daniel Miller
3418634c66
Use GPT instead of MBR 2021-10-04 22:10:12 +11:00
basbebe
ad09f543af
add prefix and date to temporary folder
This makes identifying the latest version easier when daleing with backups.
2021-09-30 10:46:06 +02:00
Jaeha Choi
b59107d413
Add note about KDF 2021-09-06 20:29:32 -07:00
Josh Soref
a98866a185
Minor grammar fixes 2021-08-26 00:20:09 -04:00
apiraino
d25f131c38
linting
Signed-off-by: apiraino <apiraino@users.noreply.github.com>
2021-08-22 21:31:20 +02:00
apiraino
5182d5e3d8
Rewrite keys generation tutorial
The master key is now created with `--batch` and a configuration script.
The subkeys are created with the quick key manipulation
interface (`--quick-add-key`).

Also provided two configuration scripts as templates for a RSA4096 or a
ED25519 master key.

Signed-off-by: apiraino <apiraino@users.noreply.github.com>
2021-08-22 21:31:17 +02:00
drduh
31074ac13d Stage alternatives section and cleanup grammar 2021-08-15 17:06:20 -07:00
drduh
569231bf2b Note to permasave password to fix #206 2021-08-15 16:12:36 -07:00
drduh
371d4ec77b Mention the yubikey troubleshooting guide for gpg to fix #217 2021-08-15 15:46:14 -07:00
drduh
7bfae57336 Update filenames to fix #222 2021-08-15 15:42:53 -07:00
drduh
a02350f318
Merge pull request #276 from pedrohdz-scrap/clarify.pins-take.2
Clarified PIN config
2021-08-15 15:36:44 -07:00
drduh
92e2a5e8ac
Merge pull request #262 from iandstanley/patch-1
switching between Yubikeys
2021-08-15 15:24:30 -07:00
drduh
8816d9759f
Merge pull request #264 from iandstanley/master
added mention of ssh key support for blue security keys
2021-08-15 15:22:11 -07:00
Pedro H
1a83925dda
Expanded on GPG PIN config 2021-08-10 14:37:28 +02:00
Andrew Martinez
87f48f547b
clarify pins, drduh/YubiKey-Guide#248
- define each pin name, default, usage
- call out special admin pin restrictions
2021-08-10 12:50:36 +02:00
Sven Reissmann
23caa2c36b
Update nixos LiveCD example
````nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-kde.nix```` no longer exists. 
Update to ````nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-plasma5.nix````
2021-07-05 10:19:58 +02:00
Ian Stanley
15bb00b428
added mention of ssh key support for blue security keys
As detailed in their recent press release and blog post

https://www.yubico.com/blog/github-now-supports-ssh-security-keys/
2021-06-08 20:59:02 +01:00
Ian Stanley
f6818480a5
added to section multiple Yubikeys section re: switching between Yubikeys
section describes the issue and the remedy for GPG stubs only pointing to the Yubikey that was last subject to the keytocard command
2021-06-04 22:47:38 +01:00
drduh
20dd0687cd
Merge pull request #247 from jamesob/jamesob-21-03-pass-trouble
Add note about pass insert error and `trust-key` usage
2021-05-31 16:21:51 +00:00
drduh
21c0e03cd0
Merge pull request #246 from whiskeysierra/patch-1
Update usage of ykman
2021-05-31 16:21:24 +00:00
drduh
6490586595
Merge pull request #232 from captn3m0/warning
[security] Adds warning about PUK being default
2021-05-31 16:19:49 +00:00
drduh
1566801177
Merge pull request #231 from captn3m0/change-puk
Adds instructions on changing the PUK
2021-05-31 16:19:29 +00:00
Michael Vorburger ⛑️
49bfbf81ed
Add hint re. (new) ssh-keygen -t ed25519-sk 2021-05-01 16:20:32 +02:00
James O'Beirne
47cd085518
Add note about pass insert error and trust-key usage
When using a previously provisioned YubiKey on a new computer,
I was met with an "Unusable public key" error when trying to insert
a new password, despite being able to decrypt pass entries.

I tried setting the trust on the key via `gpg --edit-key`, but was
then met with "Need secret key to do this."

I found that the solution is apparently to use the `trust-key`
directive in `~/.gnupg/gpg.conf`, which is not mentioned in the README
at the moment.
2021-03-25 11:40:22 -04:00
Willi Schönborn
592bdc5733
Update usage of ykman
Fixes the following warning:

WARNING: The use of this command is deprecated and will be removed!
Replace with: ykman openpgp keys set-touch
2021-03-24 14:51:38 +01:00
drduh
de29a9e45c
Merge pull request #242 from inducer/patch-1
Fix: "quit" to save -> "save" to save
2021-02-11 17:11:41 -08:00
drduh
1d03a5201d
Merge pull request #240 from basbebe/macOS-GUI-setup
Add SSH setup for macOS GUI applications
2021-02-08 22:55:21 -08:00
berwag
fb4d390317
Update README.md 2021-02-04 19:39:15 +01:00
berwag
4370ba86ac
Update README.md
changed wording according to yubischiess' comment
2021-01-28 11:19:53 +01:00
berwag
ed85d93845
Additions to "Required Software"
proposed change according to Issue#215
2021-01-27 20:24:51 +01:00
Andreas Klöckner
d921fa05bb
Fix: "quit" to save -> "save" to save 2021-01-13 11:32:41 -06:00
basbebe
a65cdca19a
add fish config 2021-01-10 20:01:55 +01:00
basbebe
9fe946c8b1
Add SSH setup for macOS GUI applications
On macOS, a LaunchAgent needs to be created to overwrite the system's SSH agent.

see https://github.com/drduh/YubiKey-Guide/issues/229
2021-01-10 19:54:58 +01:00
drduh
4544d41d4c
Merge pull request #225 from ZenithalHourlyRate/gpg-agent-forward
Add New Agent Forward Method and Clarify Two Methods
2020-12-30 09:14:23 -08:00
Nemo
548b2adf2b Adds warning about PUK being default 2020-12-25 12:52:39 +05:30
Nemo
8c5dfd2475 Adds instructions on changing the PUK 2020-12-25 12:49:06 +05:30
Zenithal
1eacf97835
Rephrase one sentence according to one comment on drduh/YubiKey-Guide#225 2020-12-24 21:08:41 +08:00
Zenithal
a24fa8f373
Add subsections on chained agent forwarding 2020-12-24 21:01:44 +08:00
Zenithal
7e49f5cc89
Add note on chained agent forwarding 2020-12-03 01:18:21 +08:00
Zenithal
52727f1e04
Correct WSL agent forwarding
This is a mix of two forwarding method,
this commit separates them
2020-12-03 01:16:47 +08:00
Zenithal
6097e6762c
Change note in alter agent section
Different methods have different requirements
2020-12-03 01:01:36 +08:00
Zenithal
0d06d2ace8
Add new method for ssh-agent forwarding 2020-12-03 00:52:43 +08:00
Zenithal
54f9e8a3f9
Add details to GPG-Agent forward; Alter structure
GPG Agent forwarding has a broader usage, not only
limited to ssh-agent forwarding.

In this commit gpg-agent forwarding is raised as a
separate section as it can not be contained by #SSH
any longer.

More details are added for gpg-agent forwarding, including
some important notes taken from practice and analysis.

For ssh-agent forward, older method are contained, and new
method will be included as framework has been structured.
2020-12-03 00:13:15 +08:00
Zenithal
410a1d6ac2
Change format of important notes in mutt subsection 2020-12-02 23:23:34 +08:00
Zenithal
083aa53cf0
Add Mutt subsection in Email section 2020-12-02 22:59:30 +08:00
Zenithal
0ea32bb949
Add Mutt in Email intro 2020-12-02 22:35:56 +08:00
drduh
fc6f9eb80d
Merge pull request #218 from DevSecNinja/devsecninja/addPowerShellCommand
Add PowerShell command to get YubiKey name
2020-11-21 10:59:23 -08:00
drduh
006ea19d04
Merge pull request #213 from linutsdc/fix-links
Fix links with parentheses
2020-11-21 10:48:00 -08:00
drduh
5c0bcd40a7
Merge pull request #211 from rgevaert/patch-1
unset GNUPGHOME variable
2020-11-21 10:45:59 -08:00
drduh
f2aeed1b55
Merge pull request #214 from anmull/debian-iso-version
Changes command to download Debian ISO to use the value in the SHA512SUMS file
2020-11-21 10:45:40 -08:00
Nemo
7067ba6c38
Fix reset command
gpg-connect-agent uses `-r/--run` not `-R`
2020-11-14 09:24:19 +00:00
Jean-Paul van Ravensberg
b1d3d279eb
Change edit to create or edit
As gpg-agent.conf didn't exist on my system
2020-10-31 11:29:35 +01:00
Jean-Paul van Ravensberg
fd4b6f3eb4
Add PowerShell command to get YubiKey name 2020-10-31 11:15:51 +01:00