mirrors
/
YubiKey-Guide
mirror of https://github.com/drduh/YubiKey-Guide
0
0
Fork 0
Code Releases Activity
276 Commits
1 Branch
0 Tags
4.6 MiB
Commit Graph

197 Commits (f83d52d37c18bf23ee76cb69306602e8c1c7a95b)

Author SHA1 Message Date
Kenny MacDermid 78164e8bfd
Set touch policy to fixed. 
Setting the touch policy to `on` does not prevent the policy from
later being turned off again. Setting it to `fixed` is more secure
because it can not be turned off.

If someone wants to disable the touch policy they can always restore
the keys from the backups created in the guide.
 2020-05-27 16:39:29 -03:00
Sebastian Schmieschek e1055025fe
Add information on potential PIN issues and how to debug them 
I missed the error message when attempting to set a PIN of only 5 characters due
to the UI repeating the options below it.
Pinentry happily stores the bogus PIN and even counts down the retry counter
when entering the correct (default) one. This can be resolved by unblocking the
PIN.
Once I ran the gpg-agent with debug output (a tip found in the added link), the
issue was obvious.
 2020-05-27 11:46:19 +01:00
drduh ccb8b0130a Stack rank secure environment and add a few tips 2020-05-25 12:49:07 -07:00
drduh 0bd52ed7d8
Merge pull request #185 from vald-phoenix/fix-borken-anchor 
Fix broken anchor
 2020-05-24 17:09:09 +00:00
Max Mäusezahl 1cf9656b33
Fix order of revocation command. 
According to 'man gpg' the order of arguments should be

gpg [--homedir name] [--options file] [options] command [args]

In this case '--gen-revoke' is the command, '$KEYID' is an argument and
'--output $GNUPGHOME/revoke.asc' is an option. Previously this was
incorrect (option came first) and would spawn an error.
 2020-05-24 17:53:56 +02:00
Mike Mazur de13c8dba6
Include --expert when editing master key 
This is specifically during setup when rotating keys.
 2020-05-17 21:00:03 +08:00
Vladyslav Krylasov 4c1d538c60 Fix broken anchor 
There are two anchors with the same name and this breaks navigation.
 2020-05-04 19:19:02 +01:00
Jason Stelzer aea317b527 Clarified wording 2020-05-04 08:28:23 -04:00
Jason Stelzer 07134a4e4f GPG keys on multiple computers 
I feel like this took me longer to figure out than it should have.
 2020-05-04 08:22:14 -04:00
drduh 93cbbd9d8b Address throw-keyids issue with mailvelope to fix #178 2020-05-03 14:18:29 -07:00
drduh 46d1d89115 Split export pubkey from backup to fix #175 2020-05-03 14:07:35 -07:00
drduh bf38b94a65 Disambiguate backup volume label to fix #176. 2020-05-03 13:45:58 -07:00
drduh aad01ffde4
Merge pull request #180 from vald-phoenix/yubikey-reset-by-ykman 
Describe ykman PGP keys reset
 2020-05-03 18:12:47 +00:00
drduh 3be47a8c32
Merge pull request #179 from vald-phoenix/multiple-yubikeys 
Describe card serial number error
 2020-05-03 18:12:28 +00:00
drduh a1a4a303f9
Merge pull request #177 from apiraino/revoke-cert 
Add instructions to create a revoke certificate
 2020-05-03 18:11:37 +00:00
drduh afd3fafcc5
Merge pull request #170 from murphy83/Abort-Trick 
Added some additonal text describing alternatives that may be used
 2020-05-03 18:10:49 +00:00
Vladyslav Krylasov 44d76ac5ab Describe card serial number error 2020-04-29 00:52:24 +01:00
Vladyslav Krylasov 6108558645 Describe ykman PGP keys reset 2020-04-28 21:28:44 +01:00
apiraino 2698cecd4c Add instruction to create a revoke certificate 2020-04-28 16:19:18 +02:00
Daniel Sockwell b5adb349ad Add steps for renewing (not rotating) sub-keys 
As discussed in issue #164, the current section on Rotating Keys
presents two alternatives: replacing the existing keys with a newly
generated key or extending the validity of existing keys by changing
their expiration.  However, it only provides instructions for the
first approach.  This commit adds instructions for renewing sub-keys.

I am far from an expert, and am submitting this change mostly in hopes
that it will provide documentation for the next time I need to renew
my sub-keys.  I would welcome any changes or clarifications others
would care to offer.
 2020-03-24 12:42:42 -04:00
Murphy Laptop db1d86cdd8 Added some additonal text describing alternatives that may be used 2020-03-02 21:18:56 +01:00
drduh 2c2cec316c Bump Debian version, license year 2020-02-12 09:38:36 -08:00
drduh 2fc50760db
Merge pull request #160 from rvl/nixos 
Add instructions for NixOS
 2020-01-22 06:39:14 +00:00
drduh 51ed654e43
Merge pull request #159 from rvl/multiple-yubikeys 
Add more detail about what to do with multiple YubiKeys
 2020-01-22 06:39:08 +00:00
Rodney Lorrimar bb5184a0b3 Add instructions for NixOS 
I just tested these steps on a spare laptop.
 2020-01-22 10:27:55 +10:00
Rodney Lorrimar b45174f185 Add more detail about what to do with multiple YubiKeys 2020-01-22 09:40:34 +10:00
Rodney Lorrimar 6cd76216c5 Add information about setting the primary user ID 2020-01-22 09:12:17 +10:00
Andrea Scarpino 8f10cd5819
Fix gnupg package name for Arch 
`gnupg2` has been [removed since March 2012](https://lists.archlinux.org/pipermail/arch-dev-public/2012-March/022690.html)
 2020-01-21 12:01:27 +01:00
wsyxbcl bb0a0d1ac8
fix broken links 2020-01-12 00:20:07 +08:00
Mark Fayngersh e4a063e0f0
Update GitHub instructions on Windows 
Add command to instruct Git to use WinGPG
 2020-01-07 16:13:48 -05:00
drduh 1b5a2fefd8 Formatting cleanup 2019-12-30 15:36:11 -08:00
drduh be7addad3c Use larger partition sizes to fix #149. 2019-12-30 15:22:39 -08:00
gusttt 908d3172a4
Fix typo in table of contents link 2019-12-16 15:05:46 +01:00
drduh 04127d566b Document issue #145 and fix #142 2019-12-14 11:48:33 -08:00
drduh 11d6e1aff6 Fix url formatting 2019-11-19 17:28:45 -08:00
drduh 701d9eb50f Update Debian version and fix #137 2019-11-19 17:24:57 -08:00
Maxim Baz 35e443f8cc
Mention yubikey-touch-detector 2019-11-17 20:42:04 +01:00
Emile 'iMil' Heitor 137300a713 Added a fix for failing ssh / GUI pinentry 2019-11-13 09:18:57 +01:00
Kiel C 010accf864
Add --keyserver flag pointing to Debian keyserver 
Fixes #131
 2019-11-07 13:29:39 -08:00
Sun Knudsen 4524c11632 Added important note about pin caching #135 2019-10-19 14:05:49 -04:00
Jakub Skory 5f150b68e2
More lines with old debian version corrected 2019-10-09 22:08:31 +02:00
Jakub Skory 754e480792
New Debian version: 10.1.0 
Before curl returned http/404
 2019-10-09 21:40:03 +02:00
Gary Johnson 13b9a92985 Update VM option 2019-09-27 02:26:44 -04:00
Gary Johnson 0f5df64094
Update README.md 
Added primary source stating confirming that devices are read only in all but a few circumstances and that Keys ("secrets") cannot be read after being written to the device
 2019-09-24 23:55:37 -04:00
drduh 541f8717e6
Merge pull request #126 from vorburger/patch-2 
clarify that SSH_AUTH_SOCK should only be set locally, not on the remote server
 2019-09-18 18:37:48 +00:00
Michael Vorburger ⛑️ 42065a3b65
put additional information into single line 2019-09-17 20:12:16 +02:00
drduh 18320b0562
Merge pull request #128 from vorburger/patch-4 
add 'sshd -eddd' Troubleshooting tip
 2019-09-17 01:22:14 +00:00
drduh 57e712b830
Merge pull request #129 from vorburger/patch-5 
fix link to YubiKey (non-NEO) Manager (fixes #124)
 2019-09-17 01:21:19 +00:00
drduh 877a4a7e99
Merge pull request #127 from vorburger/patch-3 
simplify Agent Forwarding (RemoteForward typically not required)
 2019-09-17 01:20:55 +00:00
Michael Vorburger ⛑️ 8e8c138362
fix link to YubiKey (non-NEO) Manager (fixes #124) 2019-09-17 00:48:16 +02:00