Commit Graph

76 Commits (185d08591a5ee05d6ce22910f14f900648de00a5)

Author SHA1 Message Date
drduh 185d08591a
Merge pull request #59 from jholtmann/windows
Updated menu and added Windows instruction to guide
2018-06-05 10:05:22 -07:00
Jonathan Holtmann eadd3bb2f5
Fixed menu 2018-06-05 01:10:59 -04:00
Jonathan Holtmann ba382ce551
Added information on how to perform the YubiKey GPG setup and SSH authentication on Windows devices 2018-06-05 01:01:38 -04:00
drduh 478eb05de2
Mention Purse 2018-06-02 13:41:34 -07:00
drduh b9cd480f7a
Note on keeping backup mounted for 2xkeys. Fix #44 2018-04-29 18:50:54 -07:00
drduh fc429bf892
Remove obsolete option, add troubleshooting item 2018-04-29 18:34:59 -07:00
drduh 2cc0f7101e
Additional troubleshooting step and openbsd note 2018-04-29 14:50:06 -07:00
drduh e772f61915
Merge pull request #56 from micha3lbrown/remove-invalid-config
Remove invalid config from gpg.conf
2018-03-21 11:17:20 -07:00
Michael Brown 17581cfd82
Remove outdated config from gpg.conf
Removing configuration paramaters no longer supported in GPG 2.X

Related to #28
2018-03-21 01:37:26 -04:00
drduh 2cf406ab6d
Merge pull request #55 from analogist/master
add explicit public key naming for IdentitiesOnly usage
2018-03-14 12:37:39 -07:00
James Wu 79dac3ec7d add explicit public key naming for IdentitiesOnly usage 2018-03-14 11:50:04 -07:00
drduh c20cdf7ec4
Merge pull request #54 from W1lkins/hopenpgp-tools-macos
Install hopenpgp-tools with brew
2018-03-05 10:38:58 -08:00
W1lkins 9a21477481 install hopenpgp-tools as it is used in section https://github.com/drduh/YubiKey-Guide\#check-your-work where an apt-get command is listed 2018-03-03 16:12:36 +00:00
drduh 0f8da4a42e
Merge pull request #53 from knaggit/patch-1
Change rights of 'gpg.conf' to avoid warning
2018-02-26 16:17:50 +00:00
Marjan Grabowski f14d756578
Change rights of 'gpg.conf' to avoid warning 2018-02-26 10:33:42 +01:00
drduh cf7c7d0e14
Merge pull request #51 from slurms/patch-1
Use gpgconf to get the SSH auth socket.
2018-02-25 09:45:08 -08:00
Nick Sandford 71b5e69cf1
Use gpgconf to get the ssh auth sock. 2018-02-25 19:43:36 +11:00
drduh 7371ec5b19
Merge pull request #50 from peckeltw/master
remove not need keyserver certificate, see https://github.com/drduh/Y
2018-02-22 09:14:42 -08:00
Philipp Eckel dcadfbdccd
remove not need keyserver certificate, see https://github.com/drduh/YubiKey-Guide/issues/48 2018-02-22 08:18:10 +01:00
drduh 59704189bd
Merge pull request #47 from peckeltw/master
remove outdated use-standard-socket option from SSH config, see here:…
2018-01-30 15:14:15 -08:00
Philipp Eckel 161dea9e92
remove outdated use-standard-socket option from SSH config, see here: https://www.gnupg.org/documentation/manuals/gnupg/Agent-Options.html 2018-01-30 22:50:47 +01:00
drduh e0430a0698
Formatting nit 2018-01-16 10:36:46 -08:00
drduh 5ecf1046a9
Formatting fix 2017-12-21 14:42:54 -08:00
drduh 76bb620594
Merge pull request #42 from kiralex/master
Fix ssh-agent does not work on archlinux
2017-12-18 09:28:15 -08:00
kiralex 02bfc69c2a
Update README.md 2017-12-18 08:52:18 +01:00
kiralex badf3cc5d9
fix ssh-agent does not work on archlinux 2017-12-18 08:26:33 +01:00
drduh baf1e6676e
Mention ssh multiplex to ease multiple connections 2017-12-18 03:04:13 +00:00
drduh e3c0512b21
Describe status if public key not imported, fix #6 2017-12-18 02:47:07 +00:00
drduh 5d452a9190
Reference paper backup instructions, fix #3 2017-12-18 02:44:03 +00:00
drduh 6f199ec00e
Document error from Debian 9 2017-12-14 00:13:24 +00:00
drduh 7c0ea30e53
Document ssh-add error 2017-12-14 00:03:59 +00:00
drduh a94b2b2a1a
Merge pull request #40 from peckeltw/master
emphasize 2048 bit as the correct key size for the YubiKey Neo
2017-12-12 10:44:46 -08:00
Philipp Eckel 6dde3bda33
emphasize 2048 bit as the correct key size for the YubiKey Neo 2017-12-12 09:36:44 +01:00
drduh 22ba9fb5af
Merge pull request #38 from peckeltw/master
fix exporting KEYID
2017-11-10 10:07:04 -08:00
Philipp Eckel 109de3011d
fix exporting KEYID 2017-11-10 11:26:22 +01:00
drduh ed1c2fdfa6 Merge pull request #34 from bdlow/master
Updates for gpg 2.2.1, and also macOS support
2017-10-09 10:27:07 -07:00
Ben Low bcada3f2cc Whitespace fixes. 2017-10-10 02:08:36 +11:00
Ben Low a010a2a752 Updated to gpg 2.2.1, and added some macOS references. 2017-10-10 01:53:19 +11:00
drduh cd3b89e9a3 Merge pull request #33 from aleksandr-vin/master
Replace hkt with gpg to fix unsupported GnuPG 2.1
2017-09-25 09:24:53 -07:00
Aleksandr Vinokurov 9336fc1317 Replace hkt with gpg to fix unsupported GnuPG 2.1
hkt does not support GnuPG 2.1 because it expects gpg pubring.

But the export can be done by gpg itself.
2017-09-23 16:49:48 +02:00
drduh cedcac7a50 Merge pull request #31 from brendan-rius/patch-1
Make hkt respect custom $GNUPGHOME
2017-08-14 10:10:12 -07:00
Brendan Rius c871adc904 Make hkt respect custom $GNUPGHOME 2017-08-13 13:51:15 +02:00
drduh 366830441e Merge pull request #25 from dlakomski/master
Add information about composite USB mode on YK with firmware >=3.3
2017-05-12 09:31:52 -07:00
Dawid Łakomski 07752240cb Add information about composite USB mode on YK with firmware >=3.3 2017-05-12 09:04:23 +02:00
drduh 1ad37577db Use require-cross-certification option. Fix #14. 2016-09-25 11:32:16 -04:00
drduh 94ada05473 Plug in YubiKey correctly. Fix #9. 2016-09-25 11:26:47 -04:00
drduh ac66a81a35 Merge pull request #24 from wsargent/patch-3
Use AES256 for private key password encryption
2016-09-25 11:23:29 -04:00
drduh 223ffe9261 Merge pull request #23 from wsargent/patch-2
Use signing subkey
2016-09-25 11:22:21 -04:00
Will Sargent 8515aaf839 Use AES256 for private key password encryption
Adds 

```
s2k-cipher-algo AES256
```

to the GPG configuration, per https://pthree.org/2015/11/19/your-gnupg-private-key/

> --s2k-cipher-algo name
> Use name as the cipher algorithm used to protect secret keys. The default cipher is CAST5. This cipher is also used for symmetric encryption with a passphrase if --personal-cipher-preferences and --cipher-algo is not given.

https://www.gnupg.org/documentation/manuals/gnupg-2.0/OpenPGP-Options.html#index-s2k_002dcipher_002dalgo
2016-09-24 10:29:56 -07:00
Will Sargent ff871a254d Use signing subkey
The signature was made using `0xBECFA3C1AE191D15`, and has to be used with the signing key, not the root key.

I can verify this with my own key -- using the keyid doesn't work:

```
 ~   echo "$(uname -a)" | gpg --armor --clearsign --default-key 0xB1A9D5A2A605F794
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Linux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJX5aWdAAoJECaAG7YBLqXZi1EP/3R4oOdkXqZXcskwzfjBXa68
oZeKxTB8i74tSPXp0SL26+ULOQ6GRJdIFod2MQtqfjeu6dyNEbIBF1pHWnyLx4Bn
p/+ROoOTiBSFEWPts++yYhmo0tS0cXPv6QPCYqj4mPkJe6u8wVp5hkoyujL/k9bs
cAZSbeyV/hggS0rFTN4/5AeUky4LJPrWYkAiln7D0PVQeZc6DFlDpeup1Az7hWV5
ImRglAfoacNq+0LWslnc51/4knFGC/k4RS/QAyfUNJG/yy/ZZs6FNc7FjyZkw87E
yRqqSPkuL64BmzNxmfKnwgMAesaq8D674lRb7b9TC8sQuuelcbgPkCCDioRmCSWh
+NIe+pwWLIXHSwQntO2FblGFL+IeDYBZy3P5nO+N12EHn2oS2psep04STq5cjRaa
PTMopcDsThzXljn8b6p+Iu2BaFiMkEwpAD8f0knR4DZzorpgMjIV0mEdeDuTzC1L
dPHc7uZsTSSTEgxm7JO8x1h3hfwqX+KvVhmo0SgvwexqsmH7+b6j948RPGSCGBys
wS8HEQgzgznQYSxqnCHvuDT9cIuyuCi9BZfqvRy3NSa+ixKMHJ4n2rFWlw8WbvTm
tKFumm2z3z9JkijzJFj4sHETebaa2ip/TxeQvhFD/jEBB1XaqneDw1UaRll+6auA
K6naZ0LzZx2cOzJpn4xN
=TVTZ
-----END PGP SIGNATURE-----
 ~  
 ~  gpg
gpg: Go ahead and type your message ...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Linux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJX5aWdAAoJECaAG7YBLqXZi1EP/3R4oOdkXqZXcskLinux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/LinuxwzfjBXa68
oZeKxTB8i74tSPXp0SL26+ULOQ6GRJdIFod2MQtqfjeu6dyNEbIBF1pHWnyLx4Bn
p/+ROoOTiBSFEWPts++yYhmo0tS0cXPv6QPCYqj4mPkJe6u8wVp5hkoyujL/k9bs
cAZSbeyV/hggS0rFTN4/5AeUky4LJPrWYkAiln7D0PVQeZc6DFlDpeup1Az7hWV5
ImRglAfoacNq+0LWslnc51/4knFGC/k4RS/QAyfUNJG
/yy/ZZs6FNc7FjyZkw87E
yRqqSPkuL64BmzNxmfKnwgMAesaq8D674lRb7b9TC8sQuuelcbgPkCCDioRmCSWh
+NIe+pwWLIXHSwQntO2FblGFL+IeDYBZy3P5nO+N12EHn2oS2psep04STq5cjRaa
PTMopcDsThzXljn8b6p+Iu2BaFiMkEwpAD8f0knR4DZzorpgMjIV0mEdeDuTzC1L
dPHc7uZsTSSTEgxm7JO8x1h3hfwqX+K
vVhmo0SgvwexqsmH7+b6j948RPGSCGBys
wS8HEQgzgznQYSxqnCHvuDT9cIuyuCi9BZfqvRy3NSa+ixKMHJ4n2rFWlw8WbvTm
tKFumm2z3z9JkijzJFj4sHETebaa2ip/TxeQvhFD/jEBB1XaqneDw1UaRll+6auA
K6naZ0LzZx2cOzJpn4xN
=TVTZ
-----END PGP SIGNATURE-----
gpg: Signature made Fri 23 Sep 2016 02:58:53 PM PDT
gpg:                using RSA key 0x26801BB6012EA5D9
gpg: BAD signature from "Will Sargent <will.sargent@lightbend.com>" [ultimate]
```

but using the signing key does work:

```
 ✘  ~   echo "$(uname -a)" | gpg --armor --clearsign --default-key  0x26801BB6012EA5D9
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Linux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJX5aagAAoJECaAG7YBLqXZvZwP/21yoEQ3hI9hP0QyrFJu/T/0
sD9Y+DGQHBU5WaII3/iVgBN2V3EQwlzX8dP4/LfTm7NQ0M2flgbPbqf/rUYLQQZg
lO489XbI78kk80b3kDebkautN5rQhkU0ZAy/WfDdKmwGnF1hEXzYqEwI5S0tGddT
cKt0U3cZ0XuOI7pdtSOD423tNV4l45sIAT/ndAsgpbzT0ZTkza65V/RHWqGQDDT1
VB6WKmuqOca1gTDYGlW5yITfOqdWjB30ljLjuOjFJjcOunJQmlSRDMGyjfdzF3ec
X1/+vLKnI0M2ipFaxKTtjdCTo8+26wjExdGca6Sy8v9M0zBjA2vgCGBTwCpXkMQE
4HFZ6N0+6k/3icyNALJhHSRkApNom3ZqINntDNNcN/tyHZVUijb5/hfv7W4D5LSe
8b1/UbF/R46w21sgR4Rzfv5EsbZkkjWx65hTXYWByf4PqZ7NiJJGbETpPC8wSc+4
oZNk9SLZunzE2Gemk2CXu7VXR58BIP014FHjU4FN7k54ZGn7IzU2xfKCZ+se7pFh
SzWIrDhZP5vsbCMbh4HzD4WFPLteNOdV+nkHi4iaSXc7UQfdgZIeKb2ljbjJTmN4
fyi/Zjk0+29pwB+W5iWD4AoKqzSsHMCrK73KRyAHcFaHOHILl8grG0GsfJmPGHCz
Mm3O7IH5is7ZkvOmbUMY
=jQY+
-----END PGP SIGNATURE-----
 ~  gpg
gpg: Go ahead and type your message ...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Linux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJX5aagAAoJECaAG7YBLqXZvZwP/21yoEQ3hI9hP0QyrFJu/T/0
sD9Y+DGQHBU5WaII3/iVgBN2V3EQwlzX8dP4/LfTm7NQ0M2flgbPbqf/rUYLQQZg
lO489XbI78kk80b3kDebkautN5rQhkU0ZAy/WfDdKmwGnF1hEXzYqEwI5S0tGddT
cKt0U3cZ0XuOI7pdtSOD423tNV4l45sIAT/ndAsgpbzT0ZTkza65V/RHWqGQDDT1
VB6WKmuqOca1gTDYGlW5yITfOqdWjB30ljLjuOjFJjcOunJLinux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
QmlSRDMGyjfdzF3ec
X1/+vLKnI0M2ipFaxKTtjdCTo8+26wjExdGca6Sy8v9M0zBjA2vgCGBTwCpXkMQE
4HFZ6N0+6k/3icyNALJhHSRkApNom3ZqINntDNNcN/tyHZVUijb5/hfv7W4D5LSe
8b1/UbF/R46w21sgR4Rzfv5EsbZkkjWx65hTXYWByf4PqZ7NiJJGbETpPC8wSc+4
oZNk9SLZunzE2Gemk2CXu7VXR58BIP014FHjU4FN7k54ZGn7IzU2xfKCZ+se7pFh
SzWIrDhZP5vsbCMbh4HzD4WFPLteNOdV+nkHi4iaSXc7UQfdgZIeKb2ljbjJTmN4
fyi/Zjk0+29pwB+W5iWD4AoKqzSsHMCrK73KRyAHcFaHOHILl8grG0GsfJmPGHCz
Mm3O7IH5is7ZkvOmbUMY
=jQY+
-----END PGP SIGNATURE-----

gpg: Signature made Fri 23 Sep 2016 03:03:12 PM PDT
gpg:                using RSA key 0x26801BB6012EA5D9
gpg: Good signature from "Will Sargent <will.sargent@lightbend.com>" [ultimate]
gpg:                 aka "Will Sargent <will.sargent@gmail.com>" [ultimate]
Primary key fingerprint: 75E4 E7F9 1D18 D981 3028  64B1 B1A9 D5A2 A605 F794
     Subkey fingerprint: ADB3 1ED0 EC01 44AF 8301  320D 2680 1BB6 012E A5D9
```
2016-09-23 15:09:04 -07:00