bengim
2187610c1d
Update README.md
...
fixing wrong cryptography version by explicitly installing PyOpenSSL
4 years ago
dragon788
58b7c819d7
Python2 is EOL, update packages/references to Py3
4 years ago
Stefano Figura
8a95de3e3f
Correct spelling
4 years ago
Stefano Figura
a2bc415f84
Update wording
...
Ensure that is clear that we do not need to modify keys or even plug the yubikey
4 years ago
Stefano Figura
8a08a8ac15
Update notation section
4 years ago
Stefano Figura
c9ea04db2c
Add notations section
4 years ago
b1f6c1c4
f6f2c26e90
Fix usage inconsistency
...
Master key shall only be used to certify other keys. The usage indicator in
README.md is inconsistently shown as SC and C.
4 years ago
Kenny MacDermid
78164e8bfd
Set touch policy to fixed.
...
Setting the touch policy to `on` does not prevent the policy from
later being turned off again. Setting it to `fixed` is more secure
because it can not be turned off.
If someone wants to disable the touch policy they can always restore
the keys from the backups created in the guide.
4 years ago
Sebastian Schmieschek
e1055025fe
Add information on potential PIN issues and how to debug them
...
I missed the error message when attempting to set a PIN of only 5 characters due
to the UI repeating the options below it.
Pinentry happily stores the bogus PIN and even counts down the retry counter
when entering the correct (default) one. This can be resolved by unblocking the
PIN.
Once I ran the gpg-agent with debug output (a tip found in the added link), the
issue was obvious.
4 years ago
drduh
ccb8b0130a
Stack rank secure environment and add a few tips
4 years ago
drduh
0bd52ed7d8
Merge pull request #185 from vald-phoenix/fix-borken-anchor
...
Fix broken anchor
4 years ago
Max Mäusezahl
1cf9656b33
Fix order of revocation command.
...
According to 'man gpg' the order of arguments should be
gpg [--homedir name] [--options file] [options] command [args]
In this case '--gen-revoke' is the command, '$KEYID' is an argument and
'--output $GNUPGHOME/revoke.asc' is an option. Previously this was
incorrect (option came first) and would spawn an error.
4 years ago
Mike Mazur
de13c8dba6
Include --expert when editing master key
...
This is specifically during setup when rotating keys.
4 years ago
Vladyslav Krylasov
4c1d538c60
Fix broken anchor
...
There are two anchors with the same name and this breaks navigation.
4 years ago
Jason Stelzer
aea317b527
Clarified wording
4 years ago
Jason Stelzer
07134a4e4f
GPG keys on multiple computers
...
I feel like this took me longer to figure out than it should have.
4 years ago
drduh
93cbbd9d8b
Address throw-keyids issue with mailvelope to fix #178
4 years ago
drduh
46d1d89115
Split export pubkey from backup to fix #175
4 years ago
drduh
bf38b94a65
Disambiguate backup volume label to fix #176 .
4 years ago
drduh
aad01ffde4
Merge pull request #180 from vald-phoenix/yubikey-reset-by-ykman
...
Describe ykman PGP keys reset
4 years ago
drduh
3be47a8c32
Merge pull request #179 from vald-phoenix/multiple-yubikeys
...
Describe card serial number error
4 years ago
drduh
a1a4a303f9
Merge pull request #177 from apiraino/revoke-cert
...
Add instructions to create a revoke certificate
4 years ago
drduh
afd3fafcc5
Merge pull request #170 from murphy83/Abort-Trick
...
Added some additonal text describing alternatives that may be used
4 years ago
Vladyslav Krylasov
44d76ac5ab
Describe card serial number error
4 years ago
Vladyslav Krylasov
6108558645
Describe ykman PGP keys reset
4 years ago
apiraino
2698cecd4c
Add instruction to create a revoke certificate
4 years ago
Daniel Sockwell
b5adb349ad
Add steps for renewing (not rotating) sub-keys
...
As discussed in issue #164 , the current section on Rotating Keys
presents two alternatives: replacing the existing keys with a newly
generated key or extending the validity of existing keys by changing
their expiration. However, it only provides instructions for the
first approach. This commit adds instructions for renewing sub-keys.
I am far from an expert, and am submitting this change mostly in hopes
that it will provide documentation for the next time I need to renew
my sub-keys. I would welcome any changes or clarifications others
would care to offer.
4 years ago
Murphy Laptop
db1d86cdd8
Added some additonal text describing alternatives that may be used
4 years ago
drduh
2c2cec316c
Bump Debian version, license year
4 years ago
drduh
2fc50760db
Merge pull request #160 from rvl/nixos
...
Add instructions for NixOS
4 years ago
drduh
51ed654e43
Merge pull request #159 from rvl/multiple-yubikeys
...
Add more detail about what to do with multiple YubiKeys
4 years ago
Rodney Lorrimar
bb5184a0b3
Add instructions for NixOS
...
I just tested these steps on a spare laptop.
4 years ago
Rodney Lorrimar
b45174f185
Add more detail about what to do with multiple YubiKeys
4 years ago
Rodney Lorrimar
6cd76216c5
Add information about setting the primary user ID
4 years ago
Andrea Scarpino
8f10cd5819
Fix gnupg package name for Arch
...
`gnupg2` has been [removed since March 2012](https://lists.archlinux.org/pipermail/arch-dev-public/2012-March/022690.html )
4 years ago
wsyxbcl
bb0a0d1ac8
fix broken links
4 years ago
Mark Fayngersh
e4a063e0f0
Update GitHub instructions on Windows
...
Add command to instruct Git to use WinGPG
4 years ago
drduh
1b5a2fefd8
Formatting cleanup
4 years ago
drduh
be7addad3c
Use larger partition sizes to fix #149 .
4 years ago
gusttt
908d3172a4
Fix typo in table of contents link
4 years ago
drduh
04127d566b
Document issue #145 and fix #142
4 years ago
drduh
11d6e1aff6
Fix url formatting
5 years ago
drduh
701d9eb50f
Update Debian version and fix #137
5 years ago
Maxim Baz
35e443f8cc
Mention yubikey-touch-detector
5 years ago
Emile 'iMil' Heitor
137300a713
Added a fix for failing ssh / GUI pinentry
5 years ago
Kiel C
010accf864
Add --keyserver flag pointing to Debian keyserver
...
Fixes #131
5 years ago
Sun Knudsen
4524c11632
Added important note about pin caching #135
5 years ago
Jakub Skory
5f150b68e2
More lines with old debian version corrected
5 years ago
Jakub Skory
754e480792
New Debian version: 10.1.0
...
Before curl returned http/404
5 years ago
Gary Johnson
13b9a92985
Update VM option
5 years ago
Gary Johnson
0f5df64094
Update README.md
...
Added primary source stating confirming that devices are read only in all but a few circumstances and that Keys ("secrets") cannot be read after being written to the device
5 years ago
drduh
541f8717e6
Merge pull request #126 from vorburger/patch-2
...
clarify that SSH_AUTH_SOCK should only be set locally, not on the remote server
5 years ago
Michael Vorburger ⛑️
42065a3b65
put additional information into single line
5 years ago
drduh
18320b0562
Merge pull request #128 from vorburger/patch-4
...
add 'sshd -eddd' Troubleshooting tip
5 years ago
drduh
57e712b830
Merge pull request #129 from vorburger/patch-5
...
fix link to YubiKey (non-NEO) Manager (fixes #124 )
5 years ago
drduh
877a4a7e99
Merge pull request #127 from vorburger/patch-3
...
simplify Agent Forwarding (RemoteForward typically not required)
5 years ago
Michael Vorburger ⛑️
8e8c138362
fix link to YubiKey (non-NEO) Manager ( fixes #124 )
5 years ago
Michael Vorburger ⛑️
ae35e707b6
add 'sshd -eddd' Troubleshooting tip
5 years ago
Michael Vorburger ⛑️
dd1a3ce4a8
simplify Agent Forwarding (RemoteForward typically not required)
5 years ago
Michael Vorburger ⛑️
de193ee363
clarify that SSH_AUTH_SOCK should only be set locally, not on the remote server
5 years ago
Michael Vorburger ⛑️
8ba087efe4
fix link to Remote Machines (Agent Forwarding) in TOC
5 years ago
drduh
5bbad1fc4c
Mention forwarding risk and Ubuntu multiverse repository, fix #116 .
5 years ago
Alex Romanov
e1d5e6fb9d
Fix typo from #122
5 years ago
Thomas A Caswell
f8880975b8
DOC: justify why you would want to sign your new key
5 years ago
Thomas A Caswell
5df1226971
DOC: notes an adding more emails
5 years ago
Thomas A Caswell
de7675f7a9
DOC: add section on signing with existing key
5 years ago
drduh
96c15ba3f3
Merge pull request #120 from timcooijmans/patch-1
...
Describe how to enable mailvelope on MacOS
5 years ago
Diego Rodriguez
3ae1656f5d
Update README.md
...
When adding GPG SSH agent configuration to shell rc file, redirect output of gpg-connect-agent to /dev/null so that it doesn't output `OK` every time you bring up a new shell
5 years ago
timcooijmans
2309e2903d
Fix formatting
5 years ago
timcooijmans
e7d2507c47
Add description on how to enable mailvelope
5 years ago
David C. Bradley
399127c43d
Move output option to earlier in command
...
The output option dosen't seem to work on Windows when it is at the end of the command. Moving it to earlier in the command fixes this issue.
5 years ago
Andrew Morgan
f36447a85b
State that `set-touch` used to be `touch`
5 years ago
drduh
6482036e17
Bump debian version and fix some grammar.
5 years ago
Matthew Riley
fddefb5245
Fix 'Require Touch' syntax
...
The syntax to change Yubikey touch configurations has changed. Updating this accordingly.
5 years ago
drduh
48bf452e4b
Feature simpler multiple key workaround
5 years ago
drduh
09f3822a19
Link to multiple keys discussions. Fix #19 . Fix #112 .
5 years ago
Jakob Knutsen
1544d14689
Fix link to supply chain attacks
5 years ago
drduh
b745f1d90e
Add card reset steps, clean up formatting.
5 years ago
Benjamin BERNARD
46601736f6
Adding link to summary for 'Using multiple YubiKey with same GPG keys' section
5 years ago
Benjamin BERNARD
b101259a27
Multiple Yubikey with same GPG Keys, serial number issue, GnuPG workaround to switch to another key
5 years ago
drduh
1b9fc107c0
Fix date string format
5 years ago
Carl Dong
4552bb45e1
Correct date invocation
...
The correct syntax is `date +FORMAT`
5 years ago
drduh
04bef18b0c
Add section on key rotation to fix #101
5 years ago
drduh
7661d79b51
Mention Thunderbird, clean up agent forwarding. Fix #85 .
5 years ago
drduh
f8d6dec18f
Better openbsd backup instructions, slimmer TOC
5 years ago
drduh
bf05e0e7c4
Better backup and testing instructions
5 years ago
drduh
a6bc874713
Increment debian image version
5 years ago
Simon A
c5e1d96d84
fix(link): update links to latest version (old ones 404)
5 years ago
David Kane
5007059085
Fix link anchor issue
...
fix 'Save public key for identity file configuration' markdown link
fix 'Remote Machines (agent forwarding)' markdown link
5 years ago
Philipp Eckel
13c8fcf647
no need to support the monopoly
5 years ago
nixbitcoin
6d4035252a
Add Verify Yubikey section
5 years ago
Adam Uhlíř
3ed8f56557
Add hint for setting up gpg-agent socket
...
On my system (Linux Mint) `gpgconf --list-dirs agent-ssh-socket` does return all dirs and not only the one for agent-ssh-socket hence `ssh-add -L` was failing. This is a hint for other people to troubleshoot this behaviour.
5 years ago
Zachary Adam Kaplan
e4cb903ef4
debian iso has change from 9.6.0 -> 9.7.0
5 years ago
drduh
e05dc4b5bd
Update license and formatting
5 years ago
Michael Käufl
457e22d473
Move install instructions to the top
...
Section `Creating keys` ends with `Disable networking for the
remainder of the setup.`. All instructions that require a network
should be before this sentence.
5 years ago
drduh
303cb25d4d
Update license year, style and grammar
5 years ago
drduh
3f4480db25
Update openbsd instructions
5 years ago
drduh
381088ba79
Merge pull request #92 from tacaswell/doc_arch_install
...
DOC: add install instructions for Arch linux and RHEL
5 years ago
Thomas A Caswell
7dbc05977e
DOC: update for packages to install on RHEL
5 years ago
Thomas A Caswell
9e7a3225ae
DOC: add install instructions for Arch linux
5 years ago
Wael M. Nasreddine
7115f9a385
Master key should have Certify-capability only!
5 years ago
Michael
bba51c10cc
Fix typo
...
IdentityFiles can be passed to ssh via `-i`, not `-l`.
The next paragraph mentions the correct argument.
ref commit 52c8324fa2
,
part of PR drduh/YubiKey-Guide#65
5 years ago
drduh
8ea5900d4e
Style and console formatting, tips for multiple key use
5 years ago
wheest
ee71716ed7
Added pull request suggestions
5 years ago
Wheest
c28b33372c
Moved Agent Forwarding section to before the WSL one
5 years ago
Wheest
b44f6131ef
Further amendments to Agent Forwarding
5 years ago
Wheest
7eed0ccef8
Improvements to Agent Forwarding section, following feedback in:
...
https://github.com/drduh/YubiKey-Guide/issues/85
5 years ago
drduh
3a872d40fe
Fix keyserver command order to fix #86
5 years ago
Dan Cundiff
8f724a4df5
Add addition note about red hokey output
5 years ago
drduh
19b1297c22
Merge pull request #84 from hughobrien/mention-tmpfs
...
describe tmpfs clearing rather than init system (debian uses tmpfs)
5 years ago
drduh
3174935f99
Merge pull request #83 from hughobrien/gpg-conf-key-origin
...
remove broken gpg option (debian 9.6)
5 years ago
Hugh O'Brien
a6431962a6
remove broken gpg option (debian 9.6)
...
As per [0], the --with-key-origin option is experimental.
0: https://www.gnupg.org/documentation/manuals/gnupg/GPG-Input-and-Output.html#index-with_002dkey_002dorigin
5 years ago
Hugh O'Brien
0f6e9948d7
mention debian-live user/pass in case of screen lock
5 years ago
Hugh O'Brien
80d5c0ed6c
describe tmpfs clearing rather than init system (debian uses tmpfs)
5 years ago
drduh
94919459a6
Update gpg prefs, style and fix #21 .
5 years ago
Matt T. Proud
7746c3381a
Emphasize keytocard danger and fix inconsistency.
...
This commit applies a few editorial cleanups to the document:
1. `keytocard` operations now contained emphasized warnings to convey
that these operations are destructive. I unknowingly made this
mistake a few years ago and only learned of it recently. For that
reason, we should go out of our way on user's behalf with due
diligence warnings.
2. `$KEYID` was not uniformly used throughout the document in various
command line input literals. This is now fixed.
3. `YubiKey` was often represented as `Yubikey` and other
inconsistent forms throughout the document. This is now fixed,
except in cases of URL, command output, etc.
6 years ago
drduh
a68fa27309
Merge pull request #79 from Wheest/master
...
Agent Forwarding
6 years ago
Wheest
4e23c63bb4
Agent Forwarding
...
Was looking at how to access on remote machines, is a standard ssh workflow, but might be useful to have it here too.
6 years ago
Brice Gagnage
86e03e6d09
final draft
6 years ago
Brice Gagnage
ee30767612
final draft
6 years ago
Brice Gagnage
ffd7b674c8
updated draft
6 years ago
Brice Gagnage
95624e2c48
first draft
6 years ago
Brice Gagnage
1c15d89a54
maow
6 years ago
Brice Gagnage
92467bc126
test
6 years ago
Brice Gagnage
f39b92ae45
test sign
6 years ago
Brice Gagnage
2b5891294a
Update README.md
...
continuing
6 years ago
Brice Gagnage
afc8580b0d
Update README.md
...
test
6 years ago
drduh
d818b03cdc
Grammar and lint. Fix #73 .
6 years ago
Julian Hernandez
857adb26a2
Update live Debian version to 9.6.0
6 years ago
Dino Bajramovic
472d85d12b
fix typo
6 years ago
drduh
f1a97fc6d5
Note about gpg public key
6 years ago
loys ollivier
6f76e6a197
Update README.md
...
gpg option to edit card info is now `--card-edit` and not `--edit-card`
6 years ago
Ian Brown
d02766389d
Add packages to apt-get list to fix gpg --recv and srm commands
...
Two commands mentioned later in the document won't work without two packages that don't come pre-installed with the Debian LiveCD: dirmngr and secure-delete.
6 years ago
drduh
96af4d3b3b
Merge pull request #70 from jwilk-forks/gpg-verify
...
Fix live image integrity check
6 years ago
Jakub Wilk
d7a14b078c
Fix live image integrity check
...
"gpg SHA512SUMS.sign" would do the right thing only if the file actually
contained a detached signature.
Use explicit and robust "gpg --verify SHA512SUMS.sign SHA512SUMS"
instead.
6 years ago
Jakub Wilk
3be71bd253
Fix typos
6 years ago
drduh
27bef99239
Massive style revision and version update
6 years ago
Ben Low
34a5502477
typos
6 years ago
Ben Low
52c8324fa2
Expand on ssh identies usage.
6 years ago
Ben Low
aad57241e9
Fix key label, consistency.
6 years ago
Ben Low
b67776a2b2
Fix TOC, spelling.
6 years ago
Ben Low
d33252848d
Added information on `gpg-agent`.
6 years ago
Jonah Aragon
840b4069f2
Fix "signingkey" typo
6 years ago
Vadim Zendejas
dad5bcd5fc
Added comment on GitHub Authetication for only Windows
6 years ago
Vadim Zendejas
acfdcacec5
Added veracrypt.fr link to pre-compiled execs
...
Added veracrypt.fr link to pre-compiled execs
6 years ago
Mirko Pizii
ad8cf8cd3a
Fix spaces for README
6 years ago
Mirko Pizii
ee8fcb3805
Fix link of summary list
6 years ago
Wheest
ecbe6e7b19
Fixing signature file fetch command for ykpers
6 years ago
drduh
25c8e23b8f
Emphasize live distro to fix #45
6 years ago
drduh
a470da3af7
Update introduction, fix formatting and fix #46
6 years ago
drduh
d07007a368
Fix up some formatting
6 years ago
drduh
254fd2c3d2
Formatting fix.
6 years ago
Jonathan Holtmann
eadd3bb2f5
Fixed menu
6 years ago
Jonathan Holtmann
ba382ce551
Added information on how to perform the YubiKey GPG setup and SSH authentication on Windows devices
6 years ago
drduh
478eb05de2
Mention Purse
6 years ago
drduh
b9cd480f7a
Note on keeping backup mounted for 2xkeys. Fix #44
6 years ago
drduh
fc429bf892
Remove obsolete option, add troubleshooting item
6 years ago
drduh
2cc0f7101e
Additional troubleshooting step and openbsd note
6 years ago
Michael Brown
17581cfd82
Remove outdated config from gpg.conf
...
Removing configuration paramaters no longer supported in GPG 2.X
Related to #28
6 years ago
James Wu
79dac3ec7d
add explicit public key naming for IdentitiesOnly usage
6 years ago
W1lkins
9a21477481
install hopenpgp-tools as it is used in section https://github.com/drduh/YubiKey-Guide\#check-your-work where an apt-get command is listed
6 years ago
Marjan Grabowski
f14d756578
Change rights of 'gpg.conf' to avoid warning
6 years ago
Nick Sandford
71b5e69cf1
Use gpgconf to get the ssh auth sock.
6 years ago
Philipp Eckel
dcadfbdccd
remove not need keyserver certificate, see https://github.com/drduh/YubiKey-Guide/issues/48
6 years ago
Philipp Eckel
161dea9e92
remove outdated use-standard-socket option from SSH config, see here: https://www.gnupg.org/documentation/manuals/gnupg/Agent-Options.html
6 years ago
drduh
e0430a0698
Formatting nit
6 years ago
drduh
5ecf1046a9
Formatting fix
7 years ago
kiralex
02bfc69c2a
Update README.md
7 years ago
kiralex
badf3cc5d9
fix ssh-agent does not work on archlinux
7 years ago
drduh
baf1e6676e
Mention ssh multiplex to ease multiple connections
7 years ago
drduh
e3c0512b21
Describe status if public key not imported, fix #6
7 years ago
drduh
5d452a9190
Reference paper backup instructions, fix #3
7 years ago
drduh
6f199ec00e
Document error from Debian 9
7 years ago
drduh
7c0ea30e53
Document ssh-add error
7 years ago
Philipp Eckel
6dde3bda33
emphasize 2048 bit as the correct key size for the YubiKey Neo
7 years ago
Philipp Eckel
109de3011d
fix exporting KEYID
7 years ago
Ben Low
bcada3f2cc
Whitespace fixes.
7 years ago
Ben Low
a010a2a752
Updated to gpg 2.2.1, and added some macOS references.
7 years ago
Aleksandr Vinokurov
9336fc1317
Replace hkt with gpg to fix unsupported GnuPG 2.1
...
hkt does not support GnuPG 2.1 because it expects gpg pubring.
But the export can be done by gpg itself.
7 years ago
Brendan Rius
c871adc904
Make hkt respect custom $GNUPGHOME
7 years ago
Dawid Łakomski
07752240cb
Add information about composite USB mode on YK with firmware >=3.3
7 years ago
drduh
1ad37577db
Use require-cross-certification option. Fix #14 .
8 years ago
drduh
94ada05473
Plug in YubiKey correctly. Fix #9 .
8 years ago
drduh
ac66a81a35
Merge pull request #24 from wsargent/patch-3
...
Use AES256 for private key password encryption
8 years ago
Will Sargent
8515aaf839
Use AES256 for private key password encryption
...
Adds
```
s2k-cipher-algo AES256
```
to the GPG configuration, per https://pthree.org/2015/11/19/your-gnupg-private-key/
> --s2k-cipher-algo name
> Use name as the cipher algorithm used to protect secret keys. The default cipher is CAST5. This cipher is also used for symmetric encryption with a passphrase if --personal-cipher-preferences and --cipher-algo is not given.
https://www.gnupg.org/documentation/manuals/gnupg-2.0/OpenPGP-Options.html#index-s2k_002dcipher_002dalgo
8 years ago
Will Sargent
ff871a254d
Use signing subkey
...
The signature was made using `0xBECFA3C1AE191D15`, and has to be used with the signing key, not the root key.
I can verify this with my own key -- using the keyid doesn't work:
```
~ echo "$(uname -a)" | gpg --armor --clearsign --default-key 0xB1A9D5A2A605F794
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Linux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJX5aWdAAoJECaAG7YBLqXZi1EP/3R4oOdkXqZXcskwzfjBXa68
oZeKxTB8i74tSPXp0SL26+ULOQ6GRJdIFod2MQtqfjeu6dyNEbIBF1pHWnyLx4Bn
p/+ROoOTiBSFEWPts++yYhmo0tS0cXPv6QPCYqj4mPkJe6u8wVp5hkoyujL/k9bs
cAZSbeyV/hggS0rFTN4/5AeUky4LJPrWYkAiln7D0PVQeZc6DFlDpeup1Az7hWV5
ImRglAfoacNq+0LWslnc51/4knFGC/k4RS/QAyfUNJG/yy/ZZs6FNc7FjyZkw87E
yRqqSPkuL64BmzNxmfKnwgMAesaq8D674lRb7b9TC8sQuuelcbgPkCCDioRmCSWh
+NIe+pwWLIXHSwQntO2FblGFL+IeDYBZy3P5nO+N12EHn2oS2psep04STq5cjRaa
PTMopcDsThzXljn8b6p+Iu2BaFiMkEwpAD8f0knR4DZzorpgMjIV0mEdeDuTzC1L
dPHc7uZsTSSTEgxm7JO8x1h3hfwqX+KvVhmo0SgvwexqsmH7+b6j948RPGSCGBys
wS8HEQgzgznQYSxqnCHvuDT9cIuyuCi9BZfqvRy3NSa+ixKMHJ4n2rFWlw8WbvTm
tKFumm2z3z9JkijzJFj4sHETebaa2ip/TxeQvhFD/jEBB1XaqneDw1UaRll+6auA
K6naZ0LzZx2cOzJpn4xN
=TVTZ
-----END PGP SIGNATURE-----
~
~ gpg
gpg: Go ahead and type your message ...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Linux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJX5aWdAAoJECaAG7YBLqXZi1EP/3R4oOdkXqZXcskLinux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/LinuxwzfjBXa68
oZeKxTB8i74tSPXp0SL26+ULOQ6GRJdIFod2MQtqfjeu6dyNEbIBF1pHWnyLx4Bn
p/+ROoOTiBSFEWPts++yYhmo0tS0cXPv6QPCYqj4mPkJe6u8wVp5hkoyujL/k9bs
cAZSbeyV/hggS0rFTN4/5AeUky4LJPrWYkAiln7D0PVQeZc6DFlDpeup1Az7hWV5
ImRglAfoacNq+0LWslnc51/4knFGC/k4RS/QAyfUNJG
/yy/ZZs6FNc7FjyZkw87E
yRqqSPkuL64BmzNxmfKnwgMAesaq8D674lRb7b9TC8sQuuelcbgPkCCDioRmCSWh
+NIe+pwWLIXHSwQntO2FblGFL+IeDYBZy3P5nO+N12EHn2oS2psep04STq5cjRaa
PTMopcDsThzXljn8b6p+Iu2BaFiMkEwpAD8f0knR4DZzorpgMjIV0mEdeDuTzC1L
dPHc7uZsTSSTEgxm7JO8x1h3hfwqX+K
vVhmo0SgvwexqsmH7+b6j948RPGSCGBys
wS8HEQgzgznQYSxqnCHvuDT9cIuyuCi9BZfqvRy3NSa+ixKMHJ4n2rFWlw8WbvTm
tKFumm2z3z9JkijzJFj4sHETebaa2ip/TxeQvhFD/jEBB1XaqneDw1UaRll+6auA
K6naZ0LzZx2cOzJpn4xN
=TVTZ
-----END PGP SIGNATURE-----
gpg: Signature made Fri 23 Sep 2016 02:58:53 PM PDT
gpg: using RSA key 0x26801BB6012EA5D9
gpg: BAD signature from "Will Sargent <will.sargent@lightbend.com>" [ultimate]
```
but using the signing key does work:
```
✘ ~ echo "$(uname -a)" | gpg --armor --clearsign --default-key 0x26801BB6012EA5D9
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Linux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJX5aagAAoJECaAG7YBLqXZvZwP/21yoEQ3hI9hP0QyrFJu/T/0
sD9Y+DGQHBU5WaII3/iVgBN2V3EQwlzX8dP4/LfTm7NQ0M2flgbPbqf/rUYLQQZg
lO489XbI78kk80b3kDebkautN5rQhkU0ZAy/WfDdKmwGnF1hEXzYqEwI5S0tGddT
cKt0U3cZ0XuOI7pdtSOD423tNV4l45sIAT/ndAsgpbzT0ZTkza65V/RHWqGQDDT1
VB6WKmuqOca1gTDYGlW5yITfOqdWjB30ljLjuOjFJjcOunJQmlSRDMGyjfdzF3ec
X1/+vLKnI0M2ipFaxKTtjdCTo8+26wjExdGca6Sy8v9M0zBjA2vgCGBTwCpXkMQE
4HFZ6N0+6k/3icyNALJhHSRkApNom3ZqINntDNNcN/tyHZVUijb5/hfv7W4D5LSe
8b1/UbF/R46w21sgR4Rzfv5EsbZkkjWx65hTXYWByf4PqZ7NiJJGbETpPC8wSc+4
oZNk9SLZunzE2Gemk2CXu7VXR58BIP014FHjU4FN7k54ZGn7IzU2xfKCZ+se7pFh
SzWIrDhZP5vsbCMbh4HzD4WFPLteNOdV+nkHi4iaSXc7UQfdgZIeKb2ljbjJTmN4
fyi/Zjk0+29pwB+W5iWD4AoKqzSsHMCrK73KRyAHcFaHOHILl8grG0GsfJmPGHCz
Mm3O7IH5is7ZkvOmbUMY
=jQY+
-----END PGP SIGNATURE-----
~ gpg
gpg: Go ahead and type your message ...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Linux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJX5aagAAoJECaAG7YBLqXZvZwP/21yoEQ3hI9hP0QyrFJu/T/0
sD9Y+DGQHBU5WaII3/iVgBN2V3EQwlzX8dP4/LfTm7NQ0M2flgbPbqf/rUYLQQZg
lO489XbI78kk80b3kDebkautN5rQhkU0ZAy/WfDdKmwGnF1hEXzYqEwI5S0tGddT
cKt0U3cZ0XuOI7pdtSOD423tNV4l45sIAT/ndAsgpbzT0ZTkza65V/RHWqGQDDT1
VB6WKmuqOca1gTDYGlW5yITfOqdWjB30ljLjuOjFJjcOunJLinux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
QmlSRDMGyjfdzF3ec
X1/+vLKnI0M2ipFaxKTtjdCTo8+26wjExdGca6Sy8v9M0zBjA2vgCGBTwCpXkMQE
4HFZ6N0+6k/3icyNALJhHSRkApNom3ZqINntDNNcN/tyHZVUijb5/hfv7W4D5LSe
8b1/UbF/R46w21sgR4Rzfv5EsbZkkjWx65hTXYWByf4PqZ7NiJJGbETpPC8wSc+4
oZNk9SLZunzE2Gemk2CXu7VXR58BIP014FHjU4FN7k54ZGn7IzU2xfKCZ+se7pFh
SzWIrDhZP5vsbCMbh4HzD4WFPLteNOdV+nkHi4iaSXc7UQfdgZIeKb2ljbjJTmN4
fyi/Zjk0+29pwB+W5iWD4AoKqzSsHMCrK73KRyAHcFaHOHILl8grG0GsfJmPGHCz
Mm3O7IH5is7ZkvOmbUMY
=jQY+
-----END PGP SIGNATURE-----
gpg: Signature made Fri 23 Sep 2016 03:03:12 PM PDT
gpg: using RSA key 0x26801BB6012EA5D9
gpg: Good signature from "Will Sargent <will.sargent@lightbend.com>" [ultimate]
gpg: aka "Will Sargent <will.sargent@gmail.com>" [ultimate]
Primary key fingerprint: 75E4 E7F9 1D18 D981 3028 64B1 B1A9 D5A2 A605 F794
Subkey fingerprint: ADB3 1ED0 EC01 44AF 8301 320D 2680 1BB6 012E A5D9
```
8 years ago
Will Sargent
e195a60ecc
Add $
8 years ago
Will Sargent
99aef6c70d
Add instructions for installing gnupg-curl
...
Fixes https://github.com/drduh/YubiKey-Guide/issues/5
8 years ago
Will Sargent
678c8a8da7
Prepend $
8 years ago
Will Sargent
9c5c247446
Add key checking
8 years ago
Will Sargent
8f8322a479
Add an extra error condition
8 years ago
Will Sargent
388f1599da
Discuss pinentry-gnome3
8 years ago
Will Sargent
25ec3400e6
Adds explanation of ssh-add -L option
8 years ago
Will Sargent
75c5c07e14
Change link
...
https://rnorth.org/8/gpg-and-ssh-with-yubikey-for-mac is https://rnorth.org/gpg-and-ssh-with-yubikey-for-mac now.
8 years ago
drduh
3964cd9e5f
Followed my own guide to make new keys; refresh
8 years ago
drduh
cb6bfd972e
Merge pull request #1 from victorso/patch-1
...
yubikey tails fix
8 years ago
Victor Fischer Scattone
bce316b45c
Export public key to file
...
The public key must be written on a file.
8 years ago
Victor Fischer Scattone
2de6ad9a99
yubikey tails fix
...
Fix to use the yubikey on Tails
8 years ago
drduh
da1ce278c6
Use variable to store Key ID
8 years ago
drduh
1c16d968e9
Add encrypted USB backup instructions, grammar fixes
8 years ago
drduh
e86af76264
Use IO rediction for revocation certificate step
8 years ago
drduh
c34f78044e
Fix up formatting.
8 years ago
drduh
f4c76ba210
Create local configuration, too
8 years ago
drduh
172a4292a5
Create README.md
8 years ago