YubiKey-Guide

Commit Graph

Author	SHA1	Message	Date
basbebe	9fe946c8b1	Add SSH setup for macOS GUI applications On macOS, a LaunchAgent needs to be created to overwrite the system's SSH agent. see https://github.com/drduh/YubiKey-Guide/issues/229	3 years ago
drduh	4544d41d4c	Merge pull request #225 from ZenithalHourlyRate/gpg-agent-forward Add New Agent Forward Method and Clarify Two Methods	3 years ago
Nemo	548b2adf2b	Adds warning about PUK being default	3 years ago
Nemo	8c5dfd2475	Adds instructions on changing the PUK	3 years ago
Zenithal	1eacf97835	Rephrase one sentence according to one comment on drduh/YubiKey-Guide#225	3 years ago
Zenithal	a24fa8f373	Add subsections on chained agent forwarding	3 years ago
Zenithal	7e49f5cc89	Add note on chained agent forwarding	4 years ago
Zenithal	52727f1e04	Correct WSL agent forwarding This is a mix of two forwarding method, this commit separates them	4 years ago
Zenithal	6097e6762c	Change note in alter agent section Different methods have different requirements	4 years ago
Zenithal	0d06d2ace8	Add new method for ssh-agent forwarding	4 years ago
Zenithal	54f9e8a3f9	Add details to GPG-Agent forward; Alter structure GPG Agent forwarding has a broader usage, not only limited to ssh-agent forwarding. In this commit gpg-agent forwarding is raised as a separate section as it can not be contained by #SSH any longer. More details are added for gpg-agent forwarding, including some important notes taken from practice and analysis. For ssh-agent forward, older method are contained, and new method will be included as framework has been structured.	4 years ago
Zenithal	410a1d6ac2	Change format of important notes in mutt subsection	4 years ago
Zenithal	083aa53cf0	Add Mutt subsection in Email section	4 years ago
Zenithal	0ea32bb949	Add Mutt in Email intro	4 years ago
drduh	fc6f9eb80d	Merge pull request #218 from DevSecNinja/devsecninja/addPowerShellCommand Add PowerShell command to get YubiKey name	4 years ago
drduh	006ea19d04	Merge pull request #213 from linutsdc/fix-links Fix links with parentheses	4 years ago
drduh	5c0bcd40a7	Merge pull request #211 from rgevaert/patch-1 unset GNUPGHOME variable	4 years ago
drduh	f2aeed1b55	Merge pull request #214 from anmull/debian-iso-version Changes command to download Debian ISO to use the value in the SHA512SUMS file	4 years ago
Nemo	7067ba6c38	Fix reset command gpg-connect-agent uses `-r/--run` not `-R`	4 years ago
Jean-Paul van Ravensberg	b1d3d279eb	Change edit to create or edit As gpg-agent.conf didn't exist on my system	4 years ago
Jean-Paul van Ravensberg	fd4b6f3eb4	Add PowerShell command to get YubiKey name	4 years ago
Anthony Muller	70dc01467b	Update verification of Debian ISO to not hardcode the version.	4 years ago
Anthony Muller	967ca3cc52	Change Debian ISO url to be generated from the contents of SHA512SUM. This removes the need to maintain the version number, which is currently out of date.	4 years ago
andy	f0e877fe5f	Fix links with parentheses	4 years ago
dragon788	94a753d4a1	Merge branch 'master' into update-python-refs	4 years ago
Rudy Gevaert	547c1267bc	unset GNUPGHOME variable if not done, in the next step you get error: gpg: keyblock resource '/home/..../gnupg-workspace/pubring.kbx': No such file or directory gpg: no writable keyring found: Not found	4 years ago
drduh	03f0e40558	Merge branch 'master' of https://github.com/Amolith/YubiKey-Guide into Amolith-master	4 years ago
Mirko Vogt	767b84eb3b	Add option to retrieve additionaly entropy from YubiKey itself	4 years ago
Amolith	0e7dabeeeb	change defaults and add info to #Require touch As mentioned in #197, the previous behaviour would require users to touch their key any time an authentication, signing, or encryption operation was performed. In some situations, this behaviour would be undesirable and the only way to revert it would be fully resetting the key and starting from scratch. Rather than using `fixed`, this commit simply turns the feature `on` so the user can change it later if they wish. Additionally, a note about the other policies was included so users can decide for themselves which fits their situation better.	4 years ago
dragon788	9bb54914b4	Merge branch 'master' into update-python-refs	4 years ago
drduh	697a7d8fb9	Merge pull request #203 from bengim/bengim-patch-PyOpenSSL fixing wrong cryptography version	4 years ago
bengim	2187610c1d	Update README.md fixing wrong cryptography version by explicitly installing PyOpenSSL	4 years ago
dragon788	58b7c819d7	Python2 is EOL, update packages/references to Py3	4 years ago
Stefano Figura	8a95de3e3f	Correct spelling	4 years ago
Stefano Figura	a2bc415f84	Update wording Ensure that is clear that we do not need to modify keys or even plug the yubikey	4 years ago
Stefano Figura	8a08a8ac15	Update notation section	4 years ago
Stefano Figura	c9ea04db2c	Add notations section	4 years ago
b1f6c1c4	f6f2c26e90	Fix usage inconsistency Master key shall only be used to certify other keys. The usage indicator in README.md is inconsistently shown as SC and C.	4 years ago
Kenny MacDermid	78164e8bfd	Set touch policy to fixed. Setting the touch policy to `on` does not prevent the policy from later being turned off again. Setting it to `fixed` is more secure because it can not be turned off. If someone wants to disable the touch policy they can always restore the keys from the backups created in the guide.	4 years ago
Sebastian Schmieschek	e1055025fe	Add information on potential PIN issues and how to debug them I missed the error message when attempting to set a PIN of only 5 characters due to the UI repeating the options below it. Pinentry happily stores the bogus PIN and even counts down the retry counter when entering the correct (default) one. This can be resolved by unblocking the PIN. Once I ran the gpg-agent with debug output (a tip found in the added link), the issue was obvious.	4 years ago
drduh	ccb8b0130a	Stack rank secure environment and add a few tips	4 years ago
drduh	0bd52ed7d8	Merge pull request #185 from vald-phoenix/fix-borken-anchor Fix broken anchor	4 years ago
Max Mäusezahl	1cf9656b33	Fix order of revocation command. According to 'man gpg' the order of arguments should be gpg [--homedir name] [--options file] [options] command [args] In this case '--gen-revoke' is the command, '$KEYID' is an argument and '--output $GNUPGHOME/revoke.asc' is an option. Previously this was incorrect (option came first) and would spawn an error.	4 years ago
Mike Mazur	de13c8dba6	Include --expert when editing master key This is specifically during setup when rotating keys.	4 years ago
Vladyslav Krylasov	4c1d538c60	Fix broken anchor There are two anchors with the same name and this breaks navigation.	4 years ago
Jason Stelzer	aea317b527	Clarified wording	4 years ago
Jason Stelzer	07134a4e4f	GPG keys on multiple computers I feel like this took me longer to figure out than it should have.	4 years ago
drduh	93cbbd9d8b	Address throw-keyids issue with mailvelope to fix #178	4 years ago
drduh	46d1d89115	Split export pubkey from backup to fix #175	4 years ago
drduh	bf38b94a65	Disambiguate backup volume label to fix #176 .	4 years ago
drduh	aad01ffde4	Merge pull request #180 from vald-phoenix/yubikey-reset-by-ykman Describe ykman PGP keys reset	4 years ago
drduh	3be47a8c32	Merge pull request #179 from vald-phoenix/multiple-yubikeys Describe card serial number error	4 years ago
drduh	a1a4a303f9	Merge pull request #177 from apiraino/revoke-cert Add instructions to create a revoke certificate	4 years ago
drduh	afd3fafcc5	Merge pull request #170 from murphy83/Abort-Trick Added some additonal text describing alternatives that may be used	4 years ago
Vladyslav Krylasov	44d76ac5ab	Describe card serial number error	4 years ago
Vladyslav Krylasov	6108558645	Describe ykman PGP keys reset	4 years ago
apiraino	2698cecd4c	Add instruction to create a revoke certificate	4 years ago
Daniel Sockwell	b5adb349ad	Add steps for renewing (not rotating) sub-keys As discussed in issue #164, the current section on Rotating Keys presents two alternatives: replacing the existing keys with a newly generated key or extending the validity of existing keys by changing their expiration. However, it only provides instructions for the first approach. This commit adds instructions for renewing sub-keys. I am far from an expert, and am submitting this change mostly in hopes that it will provide documentation for the next time I need to renew my sub-keys. I would welcome any changes or clarifications others would care to offer.	4 years ago
Murphy Laptop	db1d86cdd8	Added some additonal text describing alternatives that may be used	4 years ago
drduh	2c2cec316c	Bump Debian version, license year	4 years ago
drduh	2fc50760db	Merge pull request #160 from rvl/nixos Add instructions for NixOS	4 years ago
drduh	51ed654e43	Merge pull request #159 from rvl/multiple-yubikeys Add more detail about what to do with multiple YubiKeys	4 years ago
Rodney Lorrimar	bb5184a0b3	Add instructions for NixOS I just tested these steps on a spare laptop.	4 years ago
Rodney Lorrimar	b45174f185	Add more detail about what to do with multiple YubiKeys	4 years ago
Rodney Lorrimar	6cd76216c5	Add information about setting the primary user ID	4 years ago
Andrea Scarpino	8f10cd5819	Fix gnupg package name for Arch `gnupg2` has been [removed since March 2012](https://lists.archlinux.org/pipermail/arch-dev-public/2012-March/022690.html)	4 years ago
wsyxbcl	bb0a0d1ac8	fix broken links	4 years ago
Mark Fayngersh	e4a063e0f0	Update GitHub instructions on Windows Add command to instruct Git to use WinGPG	4 years ago
drduh	1b5a2fefd8	Formatting cleanup	4 years ago
drduh	be7addad3c	Use larger partition sizes to fix #149 .	4 years ago
gusttt	908d3172a4	Fix typo in table of contents link	4 years ago
drduh	04127d566b	Document issue #145 and fix #142	4 years ago
drduh	11d6e1aff6	Fix url formatting	5 years ago
drduh	701d9eb50f	Update Debian version and fix #137	5 years ago
Maxim Baz	35e443f8cc	Mention yubikey-touch-detector	5 years ago
Emile 'iMil' Heitor	137300a713	Added a fix for failing ssh / GUI pinentry	5 years ago
Kiel C	010accf864	Add --keyserver flag pointing to Debian keyserver Fixes #131	5 years ago
Sun Knudsen	4524c11632	Added important note about pin caching #135	5 years ago
Jakub Skory	5f150b68e2	More lines with old debian version corrected	5 years ago
Jakub Skory	754e480792	New Debian version: 10.1.0 Before curl returned http/404	5 years ago
Gary Johnson	13b9a92985	Update VM option	5 years ago
Gary Johnson	0f5df64094	Update README.md Added primary source stating confirming that devices are read only in all but a few circumstances and that Keys ("secrets") cannot be read after being written to the device	5 years ago
drduh	541f8717e6	Merge pull request #126 from vorburger/patch-2 clarify that SSH_AUTH_SOCK should only be set locally, not on the remote server	5 years ago
Michael Vorburger ⛑️	42065a3b65	put additional information into single line	5 years ago
drduh	18320b0562	Merge pull request #128 from vorburger/patch-4 add 'sshd -eddd' Troubleshooting tip	5 years ago
drduh	57e712b830	Merge pull request #129 from vorburger/patch-5 fix link to YubiKey (non-NEO) Manager (fixes #124)	5 years ago
drduh	877a4a7e99	Merge pull request #127 from vorburger/patch-3 simplify Agent Forwarding (RemoteForward typically not required)	5 years ago
Michael Vorburger ⛑️	8e8c138362	fix link to YubiKey (non-NEO) Manager (fixes #124 )	5 years ago
Michael Vorburger ⛑️	ae35e707b6	add 'sshd -eddd' Troubleshooting tip	5 years ago
Michael Vorburger ⛑️	dd1a3ce4a8	simplify Agent Forwarding (RemoteForward typically not required)	5 years ago
Michael Vorburger ⛑️	de193ee363	clarify that SSH_AUTH_SOCK should only be set locally, not on the remote server	5 years ago
Michael Vorburger ⛑️	8ba087efe4	fix link to Remote Machines (Agent Forwarding) in TOC	5 years ago
drduh	5bbad1fc4c	Mention forwarding risk and Ubuntu multiverse repository, fix #116 .	5 years ago
Alex Romanov	e1d5e6fb9d	Fix typo from #122	5 years ago
Thomas A Caswell	f8880975b8	DOC: justify why you would want to sign your new key	5 years ago
Thomas A Caswell	5df1226971	DOC: notes an adding more emails	5 years ago
Thomas A Caswell	de7675f7a9	DOC: add section on signing with existing key	5 years ago
drduh	96c15ba3f3	Merge pull request #120 from timcooijmans/patch-1 Describe how to enable mailvelope on MacOS	5 years ago
Diego Rodriguez	3ae1656f5d	Update README.md When adding GPG SSH agent configuration to shell rc file, redirect output of gpg-connect-agent to /dev/null so that it doesn't output `OK` every time you bring up a new shell	5 years ago
timcooijmans	2309e2903d	Fix formatting	5 years ago

1 2 3 4 5 ...

285 Commits (204b9f814f43aa4e9bd271a0a33b9e9c9f920550)