mirror of
https://github.com/drduh/YubiKey-Guide.git
synced 2024-12-22 13:48:06 +00:00
Add notations section
This commit is contained in:
parent
f7561616a5
commit
c9ea04db2c
25
README.md
25
README.md
@ -47,6 +47,7 @@ If you have a comment or suggestion, please open an [Issue](https://github.com/d
|
||||
* [Setup environment](#setup-environment)
|
||||
* [Renewing sub-keys](#renewing-sub-keys)
|
||||
* [Rotating keys](#rotating-keys-1)
|
||||
- [Adding notations](#adding-notations)
|
||||
- [SSH](#ssh)
|
||||
* [Create configuration](#create-configuration)
|
||||
* [Replace agents](#replace-agents)
|
||||
@ -1875,6 +1876,30 @@ $ sudo umount /mnt/public
|
||||
|
||||
Disconnect the storage device and follow the original steps to transfer new keys (4, 5 and 6) to YubiKey, replacing existing ones. Reboot or securely erase the GPG temporary working directory.
|
||||
|
||||
# Adding notations
|
||||
|
||||
Notations can be added to users ID(s) and can be used in conjunction with [Keyoxide](https://keyoxide.org) to create [OpenPGP identity proofs](https://keyoxide.org/guides/openpgp-proofs).
|
||||
|
||||
The setup environment can be created by using this [section](#setup-environment) from this guide.
|
||||
|
||||
After having completed the environment setup, it is possible to follow any of the guides listed under "Adding proofs" from the Keyoxide ["Guides"](https://keyoxide.org/guides/) page __up until the notation is saved using the `save` command`.
|
||||
|
||||
At this point the public key can be exported:
|
||||
|
||||
```console
|
||||
$ gpg --export $KEYID > pubkey.gpg
|
||||
```
|
||||
|
||||
The public key can now be transferred to the computer where the GPG key is used and it is imported with:
|
||||
|
||||
```console
|
||||
$ gpg --import pubkey.gpg
|
||||
```
|
||||
|
||||
N.B.: The `showpref` command can be issued to ensure that the notions were correctly added.
|
||||
|
||||
It is now possible to continue following the Keyoxide guide and upload the key to WKD or to keys.openpgp.org.
|
||||
|
||||
# SSH
|
||||
|
||||
[gpg-agent](https://wiki.archlinux.org/index.php/GnuPG#SSH_agent) supports the OpenSSH ssh-agent protocol (`enable-ssh-support`), as well as Putty's Pageant on Windows (`enable-putty-support`). This means it can be used instead of the traditional ssh-agent / pageant. There are some differences from ssh-agent, notably that gpg-agent does not _cache_ keys rather it converts, encrypts and stores them - persistently - as GPG keys and then makes them available to ssh clients. Any existing ssh private keys that you'd like to keep in `gpg-agent` should be deleted after they've been imported to the GPG agent.
|
||||
|
Loading…
Reference in New Issue
Block a user