1
0
mirror of https://github.com/drduh/YubiKey-Guide.git synced 2024-12-22 13:48:06 +00:00

Add notations section

This commit is contained in:
Stefano Figura 2020-08-13 23:45:18 +02:00 committed by GitHub
parent f7561616a5
commit c9ea04db2c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -47,6 +47,7 @@ If you have a comment or suggestion, please open an [Issue](https://github.com/d
* [Setup environment](#setup-environment)
* [Renewing sub-keys](#renewing-sub-keys)
* [Rotating keys](#rotating-keys-1)
- [Adding notations](#adding-notations)
- [SSH](#ssh)
* [Create configuration](#create-configuration)
* [Replace agents](#replace-agents)
@ -1875,6 +1876,30 @@ $ sudo umount /mnt/public
Disconnect the storage device and follow the original steps to transfer new keys (4, 5 and 6) to YubiKey, replacing existing ones. Reboot or securely erase the GPG temporary working directory.
# Adding notations
Notations can be added to users ID(s) and can be used in conjunction with [Keyoxide](https://keyoxide.org) to create [OpenPGP identity proofs](https://keyoxide.org/guides/openpgp-proofs).
The setup environment can be created by using this [section](#setup-environment) from this guide.
After having completed the environment setup, it is possible to follow any of the guides listed under "Adding proofs" from the Keyoxide ["Guides"](https://keyoxide.org/guides/) page __up until the notation is saved using the `save` command`.
At this point the public key can be exported:
```console
$ gpg --export $KEYID > pubkey.gpg
```
The public key can now be transferred to the computer where the GPG key is used and it is imported with:
```console
$ gpg --import pubkey.gpg
```
N.B.: The `showpref` command can be issued to ensure that the notions were correctly added.
It is now possible to continue following the Keyoxide guide and upload the key to WKD or to keys.openpgp.org.
# SSH
[gpg-agent](https://wiki.archlinux.org/index.php/GnuPG#SSH_agent) supports the OpenSSH ssh-agent protocol (`enable-ssh-support`), as well as Putty's Pageant on Windows (`enable-putty-support`). This means it can be used instead of the traditional ssh-agent / pageant. There are some differences from ssh-agent, notably that gpg-agent does not _cache_ keys rather it converts, encrypts and stores them - persistently - as GPG keys and then makes them available to ssh clients. Any existing ssh private keys that you'd like to keep in `gpg-agent` should be deleted after they've been imported to the GPG agent.