1
0
mirror of https://github.com/drduh/YubiKey-Guide.git synced 2024-11-22 23:38:07 +00:00
Commit Graph

415 Commits

Author SHA1 Message Date
gusttt
908d3172a4
Fix typo in table of contents link 2019-12-16 15:05:46 +01:00
drduh
04127d566b Document issue #145 and fix #142 2019-12-14 11:48:33 -08:00
drduh
11d6e1aff6 Fix url formatting 2019-11-19 17:28:45 -08:00
drduh
701d9eb50f Update Debian version and fix #137 2019-11-19 17:24:57 -08:00
Maxim Baz
35e443f8cc
Mention yubikey-touch-detector 2019-11-17 20:42:04 +01:00
Emile 'iMil' Heitor
137300a713 Added a fix for failing ssh / GUI pinentry 2019-11-13 09:18:57 +01:00
Kiel C
010accf864
Add --keyserver flag pointing to Debian keyserver
Fixes #131
2019-11-07 13:29:39 -08:00
Sun Knudsen
4524c11632 Added important note about pin caching #135 2019-10-19 14:05:49 -04:00
Jakub Skory
5f150b68e2
More lines with old debian version corrected 2019-10-09 22:08:31 +02:00
Jakub Skory
754e480792
New Debian version: 10.1.0
Before curl returned http/404
2019-10-09 21:40:03 +02:00
Gary Johnson
13b9a92985 Update VM option 2019-09-27 02:26:44 -04:00
Gary Johnson
0f5df64094
Update README.md
Added primary source stating confirming that devices are read only in all but a few circumstances and that Keys ("secrets") cannot be read after being written to the device
2019-09-24 23:55:37 -04:00
drduh
541f8717e6
Merge pull request #126 from vorburger/patch-2
clarify that SSH_AUTH_SOCK should only be set locally, not on the remote server
2019-09-18 18:37:48 +00:00
Michael Vorburger ⛑️
42065a3b65
put additional information into single line 2019-09-17 20:12:16 +02:00
drduh
18320b0562
Merge pull request #128 from vorburger/patch-4
add 'sshd -eddd' Troubleshooting tip
2019-09-17 01:22:14 +00:00
drduh
57e712b830
Merge pull request #129 from vorburger/patch-5
fix link to YubiKey (non-NEO) Manager (fixes #124)
2019-09-17 01:21:19 +00:00
drduh
877a4a7e99
Merge pull request #127 from vorburger/patch-3
simplify Agent Forwarding (RemoteForward typically not required)
2019-09-17 01:20:55 +00:00
Michael Vorburger ⛑️
8e8c138362
fix link to YubiKey (non-NEO) Manager (fixes #124) 2019-09-17 00:48:16 +02:00
Michael Vorburger ⛑️
ae35e707b6
add 'sshd -eddd' Troubleshooting tip 2019-09-17 00:35:26 +02:00
Michael Vorburger ⛑️
dd1a3ce4a8
simplify Agent Forwarding (RemoteForward typically not required) 2019-09-17 00:27:19 +02:00
Michael Vorburger ⛑️
de193ee363
clarify that SSH_AUTH_SOCK should only be set locally, not on the remote server 2019-09-16 23:59:50 +02:00
Michael Vorburger ⛑️
8ba087efe4
fix link to Remote Machines (Agent Forwarding) in TOC 2019-09-16 23:47:57 +02:00
drduh
5bbad1fc4c Mention forwarding risk and Ubuntu multiverse repository, fix #116. 2019-08-29 12:21:55 -07:00
Alex Romanov
e1d5e6fb9d
Fix typo from #122 2019-08-28 01:25:49 -07:00
Thomas A Caswell
f8880975b8
DOC: justify why you would want to sign your new key 2019-08-26 21:10:19 -04:00
Thomas A Caswell
5df1226971
DOC: notes an adding more emails 2019-08-23 12:57:08 -04:00
Thomas A Caswell
de7675f7a9
DOC: add section on signing with existing key 2019-08-23 12:54:28 -04:00
drduh
96c15ba3f3
Merge pull request #120 from timcooijmans/patch-1
Describe how to enable mailvelope on MacOS
2019-08-14 18:21:50 +00:00
Diego Rodriguez
3ae1656f5d
Update README.md
When adding GPG SSH agent configuration to shell rc file, redirect output of gpg-connect-agent to /dev/null so that it doesn't output `OK` every time you bring up a new shell
2019-08-12 13:46:11 -06:00
timcooijmans
2309e2903d
Fix formatting 2019-08-09 21:54:54 +02:00
timcooijmans
e7d2507c47
Add description on how to enable mailvelope 2019-08-09 21:51:40 +02:00
David C. Bradley
399127c43d
Move output option to earlier in command
The output option dosen't seem to work on Windows when it is at the end of the command. Moving it to earlier in the command fixes this issue.
2019-08-07 16:14:02 -05:00
Andrew Morgan
f36447a85b
State that set-touch used to be touch 2019-08-02 18:24:43 +01:00
drduh
6482036e17 Bump debian version and fix some grammar. 2019-07-07 19:45:22 -07:00
Matthew Riley
fddefb5245
Fix 'Require Touch' syntax
The syntax to change Yubikey touch configurations has changed. Updating this accordingly.
2019-07-04 12:39:33 -04:00
drduh
48bf452e4b Feature simpler multiple key workaround 2019-06-09 12:31:58 -07:00
drduh
09f3822a19 Link to multiple keys discussions. Fix #19. Fix #112. 2019-06-09 11:42:00 -07:00
Jakob Knutsen
1544d14689 Fix link to supply chain attacks 2019-06-09 12:11:52 +02:00
drduh
b745f1d90e Add card reset steps, clean up formatting. 2019-06-02 10:32:16 -07:00
Benjamin BERNARD
46601736f6 Adding link to summary for 'Using multiple YubiKey with same GPG keys' section 2019-05-26 19:05:43 +02:00
Benjamin BERNARD
b101259a27 Multiple Yubikey with same GPG Keys, serial number issue, GnuPG workaround to switch to another key 2019-05-26 19:03:41 +02:00
drduh
1b9fc107c0 Fix date string format 2019-05-25 23:55:29 -07:00
Carl Dong
4552bb45e1
Correct date invocation
The correct syntax is `date +FORMAT`
2019-05-26 02:22:04 -04:00
drduh
04bef18b0c Add section on key rotation to fix #101 2019-05-25 12:20:07 -07:00
drduh
7661d79b51 Mention Thunderbird, clean up agent forwarding. Fix #85. 2019-05-19 12:35:02 -07:00
drduh
f8d6dec18f Better openbsd backup instructions, slimmer TOC 2019-05-18 18:53:42 -07:00
drduh
bf05e0e7c4 Better backup and testing instructions 2019-05-18 17:47:13 -07:00
drduh
a6bc874713 Increment debian image version 2019-04-30 12:03:19 -07:00
Simon A
c5e1d96d84 fix(link): update links to latest version (old ones 404) 2019-04-25 17:53:55 +02:00
David Kane
5007059085
Fix link anchor issue
fix 'Save public key for identity file configuration' markdown link
fix 'Remote Machines (agent forwarding)' markdown link
2019-04-14 19:48:18 +01:00
Philipp Eckel
13c8fcf647
no need to support the monopoly 2019-03-19 00:30:03 +01:00
nixbitcoin
6d4035252a
Add Verify Yubikey section 2019-03-07 14:02:05 +01:00
Adam Uhlíř
3ed8f56557
Add hint for setting up gpg-agent socket
On my system (Linux Mint) `gpgconf --list-dirs agent-ssh-socket` does return all dirs and not only the one for agent-ssh-socket hence `ssh-add -L` was failing. This is a hint for other people to troubleshoot this behaviour.
2019-02-19 10:33:18 -08:00
Zachary Adam Kaplan
e4cb903ef4
debian iso has change from 9.6.0 -> 9.7.0 2019-02-15 16:23:29 -08:00
drduh
e05dc4b5bd Update license and formatting 2019-02-06 20:25:04 -08:00
Michael Käufl
457e22d473
Move install instructions to the top
Section `Creating keys` ends with `Disable networking for the
remainder of the setup.`.  All instructions that require a network
should be before this sentence.
2019-02-06 13:17:57 +01:00
drduh
303cb25d4d Update license year, style and grammar 2019-02-02 21:25:21 -08:00
drduh
3f4480db25 Update openbsd instructions 2019-02-02 21:08:39 -08:00
drduh
381088ba79
Merge pull request #92 from tacaswell/doc_arch_install
DOC: add install instructions for Arch linux and RHEL
2019-02-03 03:57:33 +00:00
Thomas A Caswell
7dbc05977e
DOC: update for packages to install on RHEL 2019-02-02 22:15:41 -05:00
Thomas A Caswell
9e7a3225ae
DOC: add install instructions for Arch linux 2019-02-02 22:11:09 -05:00
Wael M. Nasreddine
7115f9a385
Master key should have Certify-capability only! 2019-02-02 09:48:59 -08:00
Michael
bba51c10cc
Fix typo
IdentityFiles can be passed to ssh via `-i`, not `-l`.
The next paragraph mentions the correct argument.

ref commit 52c8324fa2,
part of PR drduh/YubiKey-Guide#65
2019-01-20 18:48:59 +00:00
drduh
8ea5900d4e Style and console formatting, tips for multiple key use 2019-01-17 22:13:24 -08:00
wheest
ee71716ed7 Added pull request suggestions 2019-01-12 17:05:21 +00:00
Wheest
c28b33372c Moved Agent Forwarding section to before the WSL one 2019-01-07 22:00:27 +00:00
Wheest
b44f6131ef Further amendments to Agent Forwarding 2019-01-07 21:58:14 +00:00
Wheest
7eed0ccef8 Improvements to Agent Forwarding section, following feedback in:
https://github.com/drduh/YubiKey-Guide/issues/85
2019-01-07 21:38:46 +00:00
drduh
3a872d40fe Fix keyserver command order to fix #86 2019-01-06 17:47:10 -08:00
Dan Cundiff
8f724a4df5
Add addition note about red hokey output 2019-01-06 19:35:03 -06:00
drduh
19b1297c22
Merge pull request #84 from hughobrien/mention-tmpfs
describe tmpfs clearing rather than init system (debian uses tmpfs)
2018-12-30 02:35:24 +00:00
drduh
3174935f99
Merge pull request #83 from hughobrien/gpg-conf-key-origin
remove broken gpg option (debian 9.6)
2018-12-30 02:34:25 +00:00
Hugh O'Brien
a6431962a6 remove broken gpg option (debian 9.6)
As per [0], the --with-key-origin option is experimental.

0: https://www.gnupg.org/documentation/manuals/gnupg/GPG-Input-and-Output.html#index-with_002dkey_002dorigin
2018-12-29 20:12:09 +00:00
Hugh O'Brien
0f6e9948d7 mention debian-live user/pass in case of screen lock 2018-12-29 20:08:48 +00:00
Hugh O'Brien
80d5c0ed6c describe tmpfs clearing rather than init system (debian uses tmpfs) 2018-12-29 20:06:33 +00:00
drduh
94919459a6 Update gpg prefs, style and fix #21. 2018-12-27 20:26:37 -08:00
Matt T. Proud
7746c3381a Emphasize keytocard danger and fix inconsistency.
This commit applies a few editorial cleanups to the document:

  1. `keytocard` operations now contained emphasized warnings to convey
     that these operations are destructive.  I unknowingly made this
     mistake a few years ago and only learned of it recently.  For that
     reason, we should go out of our way on user's behalf with due
     diligence warnings.

  2. `$KEYID` was not uniformly used throughout the document in various
     command line input literals.  This is now fixed.

  3. `YubiKey` was often represented as `Yubikey` and other
     inconsistent forms throughout the document.  This is now fixed,
     except in cases of URL, command output, etc.
2018-12-07 09:50:30 +01:00
drduh
a68fa27309
Merge pull request #79 from Wheest/master
Agent Forwarding
2018-12-05 17:10:07 +00:00
Wheest
4e23c63bb4
Agent Forwarding
Was looking at how to access on remote machines, is a standard ssh workflow, but might be useful to have it here too.
2018-12-05 16:02:37 +00:00
Brice Gagnage
86e03e6d09
final draft 2018-12-04 15:11:13 +01:00
Brice Gagnage
ee30767612
final draft 2018-12-04 15:03:00 +01:00
Brice Gagnage
ffd7b674c8
updated draft 2018-12-04 13:16:18 +01:00
Brice Gagnage
95624e2c48
first draft 2018-12-04 11:39:25 +01:00
Brice Gagnage
1c15d89a54
maow 2018-12-03 17:28:34 +01:00
Brice Gagnage
92467bc126
test 2018-12-03 17:19:45 +01:00
Brice Gagnage
f39b92ae45
test sign 2018-12-03 17:17:09 +01:00
Brice Gagnage
2b5891294a
Update README.md
continuing
2018-12-03 15:00:04 +01:00
Brice Gagnage
afc8580b0d
Update README.md
test
2018-12-03 13:54:40 +01:00
drduh
d818b03cdc Grammar and lint. Fix #73. 2018-11-28 21:38:35 -08:00
Julian Hernandez
857adb26a2 Update live Debian version to 9.6.0 2018-11-28 22:54:41 -05:00
Dino Bajramovic
472d85d12b fix typo 2018-11-05 20:49:48 +01:00
drduh
f1a97fc6d5 Note about gpg public key 2018-11-01 14:11:52 -07:00
loys ollivier
6f76e6a197
Update README.md
gpg option to edit card info is now `--card-edit` and not `--edit-card`
2018-10-29 11:59:29 +01:00
Ian Brown
d02766389d
Add packages to apt-get list to fix gpg --recv and srm commands
Two commands mentioned later in the document won't work without two packages that don't come pre-installed with the Debian LiveCD:  dirmngr and secure-delete.
2018-10-16 21:00:48 -07:00
drduh
96af4d3b3b
Merge pull request #70 from jwilk-forks/gpg-verify
Fix live image integrity check
2018-09-18 19:40:19 -07:00
Jakub Wilk
d7a14b078c Fix live image integrity check
"gpg SHA512SUMS.sign" would do the right thing only if the file actually
contained a detached signature.

Use explicit and robust "gpg --verify SHA512SUMS.sign SHA512SUMS"
instead.
2018-09-18 22:20:40 +02:00
Jakub Wilk
3be71bd253 Fix typos 2018-09-18 21:39:06 +02:00
drduh
27bef99239
Massive style revision and version update 2018-09-09 17:42:45 -07:00
Ben Low
34a5502477 typos 2018-07-19 12:55:33 +10:00
Ben Low
52c8324fa2 Expand on ssh identies usage. 2018-07-19 12:49:22 +10:00
Ben Low
aad57241e9 Fix key label, consistency. 2018-07-18 18:24:06 +10:00
Ben Low
b67776a2b2 Fix TOC, spelling. 2018-07-18 18:22:11 +10:00
Ben Low
d33252848d Added information on gpg-agent. 2018-07-18 18:03:06 +10:00
Jonah Aragon
840b4069f2
Fix "signingkey" typo 2018-07-15 18:43:48 -07:00
Vadim Zendejas
dad5bcd5fc
Added comment on GitHub Authetication for only Windows 2018-07-05 16:50:42 +02:00
Vadim Zendejas
acfdcacec5
Added veracrypt.fr link to pre-compiled execs
Added veracrypt.fr link to pre-compiled execs
2018-07-05 12:57:57 +02:00
Mirko Pizii
ad8cf8cd3a
Fix spaces for README 2018-06-21 20:40:24 +02:00
Mirko Pizii
ee8fcb3805
Fix link of summary list 2018-06-21 20:20:16 +02:00
Wheest
ecbe6e7b19
Fixing signature file fetch command for ykpers 2018-06-20 14:48:55 +01:00
drduh
25c8e23b8f
Emphasize live distro to fix #45 2018-06-16 14:06:45 -07:00
drduh
a470da3af7
Update introduction, fix formatting and fix #46 2018-06-16 13:57:52 -07:00
drduh
d07007a368
Fix up some formatting 2018-06-13 19:58:22 -07:00
drduh
254fd2c3d2
Formatting fix. 2018-06-05 10:08:02 -07:00
Jonathan Holtmann
eadd3bb2f5
Fixed menu 2018-06-05 01:10:59 -04:00
Jonathan Holtmann
ba382ce551
Added information on how to perform the YubiKey GPG setup and SSH authentication on Windows devices 2018-06-05 01:01:38 -04:00
drduh
478eb05de2
Mention Purse 2018-06-02 13:41:34 -07:00
drduh
b9cd480f7a
Note on keeping backup mounted for 2xkeys. Fix #44 2018-04-29 18:50:54 -07:00
drduh
fc429bf892
Remove obsolete option, add troubleshooting item 2018-04-29 18:34:59 -07:00
drduh
2cc0f7101e
Additional troubleshooting step and openbsd note 2018-04-29 14:50:06 -07:00
Michael Brown
17581cfd82
Remove outdated config from gpg.conf
Removing configuration paramaters no longer supported in GPG 2.X

Related to #28
2018-03-21 01:37:26 -04:00
James Wu
79dac3ec7d add explicit public key naming for IdentitiesOnly usage 2018-03-14 11:50:04 -07:00
W1lkins
9a21477481 install hopenpgp-tools as it is used in section https://github.com/drduh/YubiKey-Guide\#check-your-work where an apt-get command is listed 2018-03-03 16:12:36 +00:00
Marjan Grabowski
f14d756578
Change rights of 'gpg.conf' to avoid warning 2018-02-26 10:33:42 +01:00
Nick Sandford
71b5e69cf1
Use gpgconf to get the ssh auth sock. 2018-02-25 19:43:36 +11:00
Philipp Eckel
dcadfbdccd
remove not need keyserver certificate, see https://github.com/drduh/YubiKey-Guide/issues/48 2018-02-22 08:18:10 +01:00
Philipp Eckel
161dea9e92
remove outdated use-standard-socket option from SSH config, see here: https://www.gnupg.org/documentation/manuals/gnupg/Agent-Options.html 2018-01-30 22:50:47 +01:00
drduh
e0430a0698
Formatting nit 2018-01-16 10:36:46 -08:00
drduh
5ecf1046a9
Formatting fix 2017-12-21 14:42:54 -08:00
kiralex
02bfc69c2a
Update README.md 2017-12-18 08:52:18 +01:00
kiralex
badf3cc5d9
fix ssh-agent does not work on archlinux 2017-12-18 08:26:33 +01:00
drduh
baf1e6676e
Mention ssh multiplex to ease multiple connections 2017-12-18 03:04:13 +00:00
drduh
e3c0512b21
Describe status if public key not imported, fix #6 2017-12-18 02:47:07 +00:00
drduh
5d452a9190
Reference paper backup instructions, fix #3 2017-12-18 02:44:03 +00:00
drduh
6f199ec00e
Document error from Debian 9 2017-12-14 00:13:24 +00:00
drduh
7c0ea30e53
Document ssh-add error 2017-12-14 00:03:59 +00:00
Philipp Eckel
6dde3bda33
emphasize 2048 bit as the correct key size for the YubiKey Neo 2017-12-12 09:36:44 +01:00
Philipp Eckel
109de3011d
fix exporting KEYID 2017-11-10 11:26:22 +01:00
Ben Low
bcada3f2cc Whitespace fixes. 2017-10-10 02:08:36 +11:00
Ben Low
a010a2a752 Updated to gpg 2.2.1, and added some macOS references. 2017-10-10 01:53:19 +11:00
Aleksandr Vinokurov
9336fc1317 Replace hkt with gpg to fix unsupported GnuPG 2.1
hkt does not support GnuPG 2.1 because it expects gpg pubring.

But the export can be done by gpg itself.
2017-09-23 16:49:48 +02:00
Brendan Rius
c871adc904 Make hkt respect custom $GNUPGHOME 2017-08-13 13:51:15 +02:00
Dawid Łakomski
07752240cb Add information about composite USB mode on YK with firmware >=3.3 2017-05-12 09:04:23 +02:00
drduh
1ad37577db Use require-cross-certification option. Fix #14. 2016-09-25 11:32:16 -04:00
drduh
94ada05473 Plug in YubiKey correctly. Fix #9. 2016-09-25 11:26:47 -04:00
drduh
ac66a81a35 Merge pull request #24 from wsargent/patch-3
Use AES256 for private key password encryption
2016-09-25 11:23:29 -04:00
Will Sargent
8515aaf839 Use AES256 for private key password encryption
Adds 

```
s2k-cipher-algo AES256
```

to the GPG configuration, per https://pthree.org/2015/11/19/your-gnupg-private-key/

> --s2k-cipher-algo name
> Use name as the cipher algorithm used to protect secret keys. The default cipher is CAST5. This cipher is also used for symmetric encryption with a passphrase if --personal-cipher-preferences and --cipher-algo is not given.

https://www.gnupg.org/documentation/manuals/gnupg-2.0/OpenPGP-Options.html#index-s2k_002dcipher_002dalgo
2016-09-24 10:29:56 -07:00
Will Sargent
ff871a254d Use signing subkey
The signature was made using `0xBECFA3C1AE191D15`, and has to be used with the signing key, not the root key.

I can verify this with my own key -- using the keyid doesn't work:

```
 ~   echo "$(uname -a)" | gpg --armor --clearsign --default-key 0xB1A9D5A2A605F794
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Linux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJX5aWdAAoJECaAG7YBLqXZi1EP/3R4oOdkXqZXcskwzfjBXa68
oZeKxTB8i74tSPXp0SL26+ULOQ6GRJdIFod2MQtqfjeu6dyNEbIBF1pHWnyLx4Bn
p/+ROoOTiBSFEWPts++yYhmo0tS0cXPv6QPCYqj4mPkJe6u8wVp5hkoyujL/k9bs
cAZSbeyV/hggS0rFTN4/5AeUky4LJPrWYkAiln7D0PVQeZc6DFlDpeup1Az7hWV5
ImRglAfoacNq+0LWslnc51/4knFGC/k4RS/QAyfUNJG/yy/ZZs6FNc7FjyZkw87E
yRqqSPkuL64BmzNxmfKnwgMAesaq8D674lRb7b9TC8sQuuelcbgPkCCDioRmCSWh
+NIe+pwWLIXHSwQntO2FblGFL+IeDYBZy3P5nO+N12EHn2oS2psep04STq5cjRaa
PTMopcDsThzXljn8b6p+Iu2BaFiMkEwpAD8f0knR4DZzorpgMjIV0mEdeDuTzC1L
dPHc7uZsTSSTEgxm7JO8x1h3hfwqX+KvVhmo0SgvwexqsmH7+b6j948RPGSCGBys
wS8HEQgzgznQYSxqnCHvuDT9cIuyuCi9BZfqvRy3NSa+ixKMHJ4n2rFWlw8WbvTm
tKFumm2z3z9JkijzJFj4sHETebaa2ip/TxeQvhFD/jEBB1XaqneDw1UaRll+6auA
K6naZ0LzZx2cOzJpn4xN
=TVTZ
-----END PGP SIGNATURE-----
 ~  
 ~  gpg
gpg: Go ahead and type your message ...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Linux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJX5aWdAAoJECaAG7YBLqXZi1EP/3R4oOdkXqZXcskLinux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/LinuxwzfjBXa68
oZeKxTB8i74tSPXp0SL26+ULOQ6GRJdIFod2MQtqfjeu6dyNEbIBF1pHWnyLx4Bn
p/+ROoOTiBSFEWPts++yYhmo0tS0cXPv6QPCYqj4mPkJe6u8wVp5hkoyujL/k9bs
cAZSbeyV/hggS0rFTN4/5AeUky4LJPrWYkAiln7D0PVQeZc6DFlDpeup1Az7hWV5
ImRglAfoacNq+0LWslnc51/4knFGC/k4RS/QAyfUNJG
/yy/ZZs6FNc7FjyZkw87E
yRqqSPkuL64BmzNxmfKnwgMAesaq8D674lRb7b9TC8sQuuelcbgPkCCDioRmCSWh
+NIe+pwWLIXHSwQntO2FblGFL+IeDYBZy3P5nO+N12EHn2oS2psep04STq5cjRaa
PTMopcDsThzXljn8b6p+Iu2BaFiMkEwpAD8f0knR4DZzorpgMjIV0mEdeDuTzC1L
dPHc7uZsTSSTEgxm7JO8x1h3hfwqX+K
vVhmo0SgvwexqsmH7+b6j948RPGSCGBys
wS8HEQgzgznQYSxqnCHvuDT9cIuyuCi9BZfqvRy3NSa+ixKMHJ4n2rFWlw8WbvTm
tKFumm2z3z9JkijzJFj4sHETebaa2ip/TxeQvhFD/jEBB1XaqneDw1UaRll+6auA
K6naZ0LzZx2cOzJpn4xN
=TVTZ
-----END PGP SIGNATURE-----
gpg: Signature made Fri 23 Sep 2016 02:58:53 PM PDT
gpg:                using RSA key 0x26801BB6012EA5D9
gpg: BAD signature from "Will Sargent <will.sargent@lightbend.com>" [ultimate]
```

but using the signing key does work:

```
 ✘  ~   echo "$(uname -a)" | gpg --armor --clearsign --default-key  0x26801BB6012EA5D9
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Linux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJX5aagAAoJECaAG7YBLqXZvZwP/21yoEQ3hI9hP0QyrFJu/T/0
sD9Y+DGQHBU5WaII3/iVgBN2V3EQwlzX8dP4/LfTm7NQ0M2flgbPbqf/rUYLQQZg
lO489XbI78kk80b3kDebkautN5rQhkU0ZAy/WfDdKmwGnF1hEXzYqEwI5S0tGddT
cKt0U3cZ0XuOI7pdtSOD423tNV4l45sIAT/ndAsgpbzT0ZTkza65V/RHWqGQDDT1
VB6WKmuqOca1gTDYGlW5yITfOqdWjB30ljLjuOjFJjcOunJQmlSRDMGyjfdzF3ec
X1/+vLKnI0M2ipFaxKTtjdCTo8+26wjExdGca6Sy8v9M0zBjA2vgCGBTwCpXkMQE
4HFZ6N0+6k/3icyNALJhHSRkApNom3ZqINntDNNcN/tyHZVUijb5/hfv7W4D5LSe
8b1/UbF/R46w21sgR4Rzfv5EsbZkkjWx65hTXYWByf4PqZ7NiJJGbETpPC8wSc+4
oZNk9SLZunzE2Gemk2CXu7VXR58BIP014FHjU4FN7k54ZGn7IzU2xfKCZ+se7pFh
SzWIrDhZP5vsbCMbh4HzD4WFPLteNOdV+nkHi4iaSXc7UQfdgZIeKb2ljbjJTmN4
fyi/Zjk0+29pwB+W5iWD4AoKqzSsHMCrK73KRyAHcFaHOHILl8grG0GsfJmPGHCz
Mm3O7IH5is7ZkvOmbUMY
=jQY+
-----END PGP SIGNATURE-----
 ~  gpg
gpg: Go ahead and type your message ...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Linux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJX5aagAAoJECaAG7YBLqXZvZwP/21yoEQ3hI9hP0QyrFJu/T/0
sD9Y+DGQHBU5WaII3/iVgBN2V3EQwlzX8dP4/LfTm7NQ0M2flgbPbqf/rUYLQQZg
lO489XbI78kk80b3kDebkautN5rQhkU0ZAy/WfDdKmwGnF1hEXzYqEwI5S0tGddT
cKt0U3cZ0XuOI7pdtSOD423tNV4l45sIAT/ndAsgpbzT0ZTkza65V/RHWqGQDDT1
VB6WKmuqOca1gTDYGlW5yITfOqdWjB30ljLjuOjFJjcOunJLinux Puget-153699 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
QmlSRDMGyjfdzF3ec
X1/+vLKnI0M2ipFaxKTtjdCTo8+26wjExdGca6Sy8v9M0zBjA2vgCGBTwCpXkMQE
4HFZ6N0+6k/3icyNALJhHSRkApNom3ZqINntDNNcN/tyHZVUijb5/hfv7W4D5LSe
8b1/UbF/R46w21sgR4Rzfv5EsbZkkjWx65hTXYWByf4PqZ7NiJJGbETpPC8wSc+4
oZNk9SLZunzE2Gemk2CXu7VXR58BIP014FHjU4FN7k54ZGn7IzU2xfKCZ+se7pFh
SzWIrDhZP5vsbCMbh4HzD4WFPLteNOdV+nkHi4iaSXc7UQfdgZIeKb2ljbjJTmN4
fyi/Zjk0+29pwB+W5iWD4AoKqzSsHMCrK73KRyAHcFaHOHILl8grG0GsfJmPGHCz
Mm3O7IH5is7ZkvOmbUMY
=jQY+
-----END PGP SIGNATURE-----

gpg: Signature made Fri 23 Sep 2016 03:03:12 PM PDT
gpg:                using RSA key 0x26801BB6012EA5D9
gpg: Good signature from "Will Sargent <will.sargent@lightbend.com>" [ultimate]
gpg:                 aka "Will Sargent <will.sargent@gmail.com>" [ultimate]
Primary key fingerprint: 75E4 E7F9 1D18 D981 3028  64B1 B1A9 D5A2 A605 F794
     Subkey fingerprint: ADB3 1ED0 EC01 44AF 8301  320D 2680 1BB6 012E A5D9
```
2016-09-23 15:09:04 -07:00
Will Sargent
e195a60ecc Add $ 2016-09-22 13:00:08 -07:00
Will Sargent
99aef6c70d Add instructions for installing gnupg-curl
Fixes https://github.com/drduh/YubiKey-Guide/issues/5
2016-09-21 15:00:27 -07:00
Will Sargent
678c8a8da7 Prepend $ 2016-09-20 12:54:03 -07:00
Will Sargent
9c5c247446 Add key checking 2016-09-20 12:39:35 -07:00
Will Sargent
8f8322a479 Add an extra error condition 2016-09-20 10:18:47 -07:00
Will Sargent
388f1599da Discuss pinentry-gnome3 2016-09-16 15:47:39 -07:00
Will Sargent
25ec3400e6 Adds explanation of ssh-add -L option 2016-09-16 14:41:01 -07:00
Will Sargent
75c5c07e14 Change link
https://rnorth.org/8/gpg-and-ssh-with-yubikey-for-mac is https://rnorth.org/gpg-and-ssh-with-yubikey-for-mac now.
2016-09-16 14:20:11 -07:00
drduh
3964cd9e5f Followed my own guide to make new keys; refresh 2016-05-25 02:25:07 +00:00
drduh
cb6bfd972e Merge pull request #1 from victorso/patch-1
yubikey tails fix
2016-05-18 13:42:46 -04:00
Victor Fischer Scattone
bce316b45c Export public key to file
The public key must be written on a file.
2016-05-18 14:41:12 -03:00
Victor Fischer Scattone
2de6ad9a99 yubikey tails fix
Fix to use the yubikey on Tails
2016-05-18 14:35:42 -03:00
drduh
da1ce278c6 Use variable to store Key ID 2016-05-09 02:47:16 +00:00
drduh
1c16d968e9 Add encrypted USB backup instructions, grammar fixes 2016-04-25 17:49:51 +00:00
drduh
e86af76264 Use IO rediction for revocation certificate step 2016-02-25 15:28:36 -05:00
drduh
c34f78044e Fix up formatting. 2016-02-01 21:49:46 -05:00
drduh
f4c76ba210 Create local configuration, too 2016-02-01 21:45:34 -05:00
drduh
172a4292a5 Create README.md 2016-01-31 20:58:24 -05:00