5c4d952a29
Merge pull request #332 from engdoreis/update-pin-retry-cmd
...
Update the command to change the pin retry attempts
2 years ago
81ebc0799a
Merge pull request #324 from Granddave/master
...
State release date of Yubico press release
2 years ago
8f2cd81a9f
Merge pull request #338 from franciosi/patch-1
...
Quick VMware Name Correction
2 years ago
dae723b409
make launchctl commands more copy 'n paste friendly
2 years ago
085f11a3cc
Quick VMware name correction
...
s/VMWare/VMware
2 years ago
9c2a5c9598
Update the command to change the pin retry attempts
...
Signed-off-by: Douglas Reis <doreis@lowrisc.org>
2 years ago
75f771b346
State release date of Yubico press release
2 years ago
136d6884a5
Add Fedora required software section
2 years ago
a8c581cca7
Update OneRNG to version 3.7
2 years ago
b2038e8e89
Add explanation of a possible fix for the `signing failed: agent refused operation` error
...
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
2 years ago
03f37b8513
Add section to quickly create keys
2 years ago
813352d30a
reset all changes
2 years ago
a725230d23
Merge branch 'master' into rewrite-key-creation-take2
2 years ago
26e474b9bd
replace dead link with the web archive
2 years ago
7771a3f52b
chore: add piv-agent to Alternatives section
2 years ago
dc29279197
Merge pull request #311 from michael-k/typo
...
Fix typo (numnber → number)
2 years ago
93ff1d3595
Adding wget as prerequisite on macOS
...
When i was following the guide I could not fetch the gpg config because I was missing wget
2 years ago
204b9f814f
Fix typo
...
Closes drduh/YubiKey-Guide#297
2 years ago
4615b5e919
Merge pull request #292 from mpdude/patch-1
...
Point out that paperkey backups are password-protected
2 years ago
14e951bb01
Merge pull request #294 from DevSecNinja/patch-1
...
Add small adjustments after renewing my subkeys
2 years ago
3f959cfc0d
Merge pull request #308 from okada-h/add-missing-preposition
...
Add missing preposition ("be able use" -> "be able to use")
2 years ago
6992c9e115
Merge pull request #295 from pedrohdz-scrap/no-puk
...
Fixed broken "Change PUK" link
2 years ago
55be657375
Merge pull request #303 from maxromanovsky/patch-1
...
Fix for `tr: Illegal byte sequence` on macOS
2 years ago
1e3e4bccbc
Add notes about KDF compatibility (solves #307 )
2 years ago
543d218b68
Add missing preposition ("be able use" -> "be able to use")
2 years ago
c69fc7badf
Fix for `tr: Illegal byte sequence` on macOS
2 years ago
33993e767c
Fixed broken "Change PUK" link
...
Fixed a broken link found in
https://github.com/drduh/YubiKey-Guide/issues/287 and updated the text.
3 years ago
1a955f88aa
Add small adjustments after renewing my subkeys
3 years ago
76d32d2cd9
Point out that paperkey backups are password-protected
...
Fixes #263 . Really though decision to make whether a paper printout with the password is a good way to go (recoverable but needs a really good place to keep) or not (more protection, but possibly worthless).
3 years ago
fe6434577b
Merge pull request #291 from gaffneyd4/improve-recovery-guide
...
Added clearer recovery options
3 years ago
5823d488f3
Merge pull request #290 from NiklasMerz/mac-m1
...
add pinentry path for M1 macs
3 years ago
2cbfcfba49
Merge pull request #288 from watermelonpizza/master
...
Use GPT instead of MBR
3 years ago
1c1e76623f
Merge pull request #285 from jaeha-choi/master
...
Add Key Derived Function (KDF) setting
3 years ago
b621273182
Merge pull request #284 from jsoref/grammar
...
Minor grammar fixes
3 years ago
248e207527
Add TOC entry, fix link
3 years ago
77394c2773
Added clearer recovery options
3 years ago
6740fa9a10
add pinentry path for M1 macs
...
Closes #289
3 years ago
3418634c66
Use GPT instead of MBR
3 years ago
ad09f543af
add prefix and date to temporary folder
...
This makes identifying the latest version easier when daleing with backups.
3 years ago
b59107d413
Add note about KDF
3 years ago
a98866a185
Minor grammar fixes
3 years ago
d25f131c38
linting
...
Signed-off-by: apiraino <apiraino@users.noreply.github.com>
3 years ago
5182d5e3d8
Rewrite keys generation tutorial
...
The master key is now created with `--batch` and a configuration script.
The subkeys are created with the quick key manipulation
interface (`--quick-add-key`).
Also provided two configuration scripts as templates for a RSA4096 or a
ED25519 master key.
Signed-off-by: apiraino <apiraino@users.noreply.github.com>
3 years ago
31074ac13d
Stage alternatives section and cleanup grammar
3 years ago
569231bf2b
Note to permasave password to fix #206
3 years ago
371d4ec77b
Mention the yubikey troubleshooting guide for gpg to fix #217
3 years ago
7bfae57336
Update filenames to fix #222
3 years ago
a02350f318
Merge pull request #276 from pedrohdz-scrap/clarify.pins-take.2
...
Clarified PIN config
3 years ago
92e2a5e8ac
Merge pull request #262 from iandstanley/patch-1
...
switching between Yubikeys
3 years ago
8816d9759f
Merge pull request #264 from iandstanley/master
...
added mention of ssh key support for blue security keys
3 years ago
1a83925dda
Expanded on GPG PIN config
3 years ago
87f48f547b
clarify pins, drduh/YubiKey-Guide#248
...
- define each pin name, default, usage
- call out special admin pin restrictions
3 years ago
23caa2c36b
Update nixos LiveCD example
...
````nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-kde.nix```` no longer exists.
Update to ````nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-plasma5.nix````
3 years ago
15bb00b428
added mention of ssh key support for blue security keys
...
As detailed in their recent press release and blog post
https://www.yubico.com/blog/github-now-supports-ssh-security-keys/
3 years ago
f6818480a5
added to section multiple Yubikeys section re: switching between Yubikeys
...
section describes the issue and the remedy for GPG stubs only pointing to the Yubikey that was last subject to the keytocard command
3 years ago
20dd0687cd
Merge pull request #247 from jamesob/jamesob-21-03-pass-trouble
...
Add note about pass insert error and `trust-key` usage
3 years ago
21c0e03cd0
Merge pull request #246 from whiskeysierra/patch-1
...
Update usage of ykman
3 years ago
6490586595
Merge pull request #232 from captn3m0/warning
...
[security] Adds warning about PUK being default
3 years ago
1566801177
Merge pull request #231 from captn3m0/change-puk
...
Adds instructions on changing the PUK
3 years ago
49bfbf81ed
Add hint re. (new) `ssh-keygen -t ed25519-sk`
3 years ago
47cd085518
Add note about pass insert error and `trust-key` usage
...
When using a previously provisioned YubiKey on a new computer,
I was met with an "Unusable public key" error when trying to insert
a new password, despite being able to decrypt pass entries.
I tried setting the trust on the key via `gpg --edit-key`, but was
then met with "Need secret key to do this."
I found that the solution is apparently to use the `trust-key`
directive in `~/.gnupg/gpg.conf`, which is not mentioned in the README
at the moment.
3 years ago
592bdc5733
Update usage of ykman
...
Fixes the following warning:
WARNING: The use of this command is deprecated and will be removed!
Replace with: ykman openpgp keys set-touch
3 years ago
de29a9e45c
Merge pull request #242 from inducer/patch-1
...
Fix: "quit" to save -> "save" to save
3 years ago
1d03a5201d
Merge pull request #240 from basbebe/macOS-GUI-setup
...
Add SSH setup for macOS GUI applications
3 years ago
fb4d390317
Update README.md
3 years ago
4370ba86ac
Update README.md
...
changed wording according to yubischiess' comment
3 years ago
ed85d93845
Additions to "Required Software"
...
proposed change according to Issue#215
3 years ago
d921fa05bb
Fix: "quit" to save -> "save" to save
3 years ago
a65cdca19a
add fish config
3 years ago
9fe946c8b1
Add SSH setup for macOS GUI applications
...
On macOS, a LaunchAgent needs to be created to overwrite the system's SSH agent.
see https://github.com/drduh/YubiKey-Guide/issues/229
3 years ago
4544d41d4c
Merge pull request #225 from ZenithalHourlyRate/gpg-agent-forward
...
Add New Agent Forward Method and Clarify Two Methods
3 years ago
548b2adf2b
Adds warning about PUK being default
3 years ago
8c5dfd2475
Adds instructions on changing the PUK
3 years ago
1eacf97835
Rephrase one sentence according to one comment on drduh/YubiKey-Guide#225
3 years ago
a24fa8f373
Add subsections on chained agent forwarding
3 years ago
7e49f5cc89
Add note on chained agent forwarding
4 years ago
52727f1e04
Correct WSL agent forwarding
...
This is a mix of two forwarding method,
this commit separates them
4 years ago
6097e6762c
Change note in alter agent section
...
Different methods have different requirements
4 years ago
0d06d2ace8
Add new method for ssh-agent forwarding
4 years ago
54f9e8a3f9
Add details to GPG-Agent forward; Alter structure
...
GPG Agent forwarding has a broader usage, not only
limited to ssh-agent forwarding.
In this commit gpg-agent forwarding is raised as a
separate section as it can not be contained by #SSH
any longer.
More details are added for gpg-agent forwarding, including
some important notes taken from practice and analysis.
For ssh-agent forward, older method are contained, and new
method will be included as framework has been structured.
4 years ago
410a1d6ac2
Change format of important notes in mutt subsection
4 years ago
083aa53cf0
Add Mutt subsection in Email section
4 years ago
0ea32bb949
Add Mutt in Email intro
4 years ago
fc6f9eb80d
Merge pull request #218 from DevSecNinja/devsecninja/addPowerShellCommand
...
Add PowerShell command to get YubiKey name
4 years ago
006ea19d04
Merge pull request #213 from linutsdc/fix-links
...
Fix links with parentheses
4 years ago
5c0bcd40a7
Merge pull request #211 from rgevaert/patch-1
...
unset GNUPGHOME variable
4 years ago
f2aeed1b55
Merge pull request #214 from anmull/debian-iso-version
...
Changes command to download Debian ISO to use the value in the SHA512SUMS file
4 years ago
7067ba6c38
Fix reset command
...
gpg-connect-agent uses `-r/--run` not `-R`
4 years ago
b1d3d279eb
Change edit to create or edit
...
As gpg-agent.conf didn't exist on my system
4 years ago
fd4b6f3eb4
Add PowerShell command to get YubiKey name
4 years ago
70dc01467b
Update verification of Debian ISO to not hardcode the version.
4 years ago
967ca3cc52
Change Debian ISO url to be generated from the contents of SHA512SUM.
...
This removes the need to maintain the version number, which is currently
out of date.
4 years ago
f0e877fe5f
Fix links with parentheses
4 years ago
94a753d4a1
Merge branch 'master' into update-python-refs
4 years ago
547c1267bc
unset GNUPGHOME variable
...
if not done, in the next step you get error:
gpg: keyblock resource '/home/..../gnupg-workspace/pubring.kbx': No such file or directory
gpg: no writable keyring found: Not found
4 years ago
03f0e40558
Merge branch 'master' of https://github.com/Amolith/YubiKey-Guide into Amolith-master
4 years ago
767b84eb3b
Add option to retrieve additionaly entropy from YubiKey itself
4 years ago
0e7dabeeeb
change defaults and add info to #Require touch
...
As mentioned in #197 , the previous behaviour would require users to
touch their key any time an authentication, signing, or encryption
operation was performed. In some situations, this behaviour would be
undesirable and the only way to revert it would be fully resetting the
key and starting from scratch. Rather than using `fixed`, this commit
simply turns the feature `on` so the user can change it later if they
wish.
Additionally, a note about the other policies was included so users can
decide for themselves which fits their situation better.
4 years ago
9bb54914b4
Merge branch 'master' into update-python-refs
4 years ago
697a7d8fb9
Merge pull request #203 from bengim/bengim-patch-PyOpenSSL
...
fixing wrong cryptography version
4 years ago
2187610c1d
Update README.md
...
fixing wrong cryptography version by explicitly installing PyOpenSSL
4 years ago
58b7c819d7
Python2 is EOL, update packages/references to Py3
4 years ago
8a95de3e3f
Correct spelling
4 years ago
a2bc415f84
Update wording
...
Ensure that is clear that we do not need to modify keys or even plug the yubikey
4 years ago
8a08a8ac15
Update notation section
4 years ago
c9ea04db2c
Add notations section
4 years ago
f6f2c26e90
Fix usage inconsistency
...
Master key shall only be used to certify other keys. The usage indicator in
README.md is inconsistently shown as SC and C.
4 years ago
78164e8bfd
Set touch policy to fixed.
...
Setting the touch policy to `on` does not prevent the policy from
later being turned off again. Setting it to `fixed` is more secure
because it can not be turned off.
If someone wants to disable the touch policy they can always restore
the keys from the backups created in the guide.
4 years ago
e1055025fe
Add information on potential PIN issues and how to debug them
...
I missed the error message when attempting to set a PIN of only 5 characters due
to the UI repeating the options below it.
Pinentry happily stores the bogus PIN and even counts down the retry counter
when entering the correct (default) one. This can be resolved by unblocking the
PIN.
Once I ran the gpg-agent with debug output (a tip found in the added link), the
issue was obvious.
4 years ago
ccb8b0130a
Stack rank secure environment and add a few tips
4 years ago
0bd52ed7d8
Merge pull request #185 from vald-phoenix/fix-borken-anchor
...
Fix broken anchor
4 years ago
1cf9656b33
Fix order of revocation command.
...
According to 'man gpg' the order of arguments should be
gpg [--homedir name] [--options file] [options] command [args]
In this case '--gen-revoke' is the command, '$KEYID' is an argument and
'--output $GNUPGHOME/revoke.asc' is an option. Previously this was
incorrect (option came first) and would spawn an error.
4 years ago
de13c8dba6
Include --expert when editing master key
...
This is specifically during setup when rotating keys.
4 years ago
4c1d538c60
Fix broken anchor
...
There are two anchors with the same name and this breaks navigation.
4 years ago
aea317b527
Clarified wording
4 years ago
07134a4e4f
GPG keys on multiple computers
...
I feel like this took me longer to figure out than it should have.
4 years ago
93cbbd9d8b
Address throw-keyids issue with mailvelope to fix #178
4 years ago
46d1d89115
Split export pubkey from backup to fix #175
4 years ago
bf38b94a65
Disambiguate backup volume label to fix #176 .
4 years ago
aad01ffde4
Merge pull request #180 from vald-phoenix/yubikey-reset-by-ykman
...
Describe ykman PGP keys reset
4 years ago
3be47a8c32
Merge pull request #179 from vald-phoenix/multiple-yubikeys
...
Describe card serial number error
4 years ago
a1a4a303f9
Merge pull request #177 from apiraino/revoke-cert
...
Add instructions to create a revoke certificate
4 years ago
afd3fafcc5
Merge pull request #170 from murphy83/Abort-Trick
...
Added some additonal text describing alternatives that may be used
4 years ago
44d76ac5ab
Describe card serial number error
4 years ago
6108558645
Describe ykman PGP keys reset
4 years ago
2698cecd4c
Add instruction to create a revoke certificate
4 years ago
b5adb349ad
Add steps for renewing (not rotating) sub-keys
...
As discussed in issue #164 , the current section on Rotating Keys
presents two alternatives: replacing the existing keys with a newly
generated key or extending the validity of existing keys by changing
their expiration. However, it only provides instructions for the
first approach. This commit adds instructions for renewing sub-keys.
I am far from an expert, and am submitting this change mostly in hopes
that it will provide documentation for the next time I need to renew
my sub-keys. I would welcome any changes or clarifications others
would care to offer.
4 years ago
db1d86cdd8
Added some additonal text describing alternatives that may be used
4 years ago
2c2cec316c
Bump Debian version, license year
4 years ago
2fc50760db
Merge pull request #160 from rvl/nixos
...
Add instructions for NixOS
4 years ago
51ed654e43
Merge pull request #159 from rvl/multiple-yubikeys
...
Add more detail about what to do with multiple YubiKeys
4 years ago
bb5184a0b3
Add instructions for NixOS
...
I just tested these steps on a spare laptop.
4 years ago
b45174f185
Add more detail about what to do with multiple YubiKeys
4 years ago
6cd76216c5
Add information about setting the primary user ID
4 years ago
8f10cd5819
Fix gnupg package name for Arch
...
`gnupg2` has been [removed since March 2012](https://lists.archlinux.org/pipermail/arch-dev-public/2012-March/022690.html )
4 years ago
bb0a0d1ac8
fix broken links
4 years ago
e4a063e0f0
Update GitHub instructions on Windows
...
Add command to instruct Git to use WinGPG
4 years ago
1b5a2fefd8
Formatting cleanup
4 years ago
be7addad3c
Use larger partition sizes to fix #149 .
4 years ago
908d3172a4
Fix typo in table of contents link
4 years ago
04127d566b
Document issue #145 and fix #142
4 years ago
11d6e1aff6
Fix url formatting
5 years ago
701d9eb50f
Update Debian version and fix #137
5 years ago
35e443f8cc
Mention yubikey-touch-detector
5 years ago
137300a713
Added a fix for failing ssh / GUI pinentry
5 years ago
010accf864
Add --keyserver flag pointing to Debian keyserver
...
Fixes #131
5 years ago
4524c11632
Added important note about pin caching #135
5 years ago
5f150b68e2
More lines with old debian version corrected
5 years ago
754e480792
New Debian version: 10.1.0
...
Before curl returned http/404
5 years ago
13b9a92985
Update VM option
5 years ago
drduh