aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorPhill Kelley <34226495+Paraphraser@users.noreply.github.com>2023-06-28 23:44:09 +1000
committerPhill Kelley <34226495+Paraphraser@users.noreply.github.com>2023-06-28 23:44:09 +1000
commit0310feaecc5267215215180305cffba1ecfd7958 (patch)
tree4cdd5f70f729f1bf4aafbc7595fc4ec116db9abc
parentMerge pull request #372 from PhilipMay/patch-2 (diff)
downloadYubiKey-Guide-0310feaecc5267215215180305cffba1ecfd7958.tar.gz
2023-06-28 Add section on setting up multiple hosts
Issue #382 suggests adding a section explaining how to use the same YubiKey on multiple hosts. This PR incorporates most of the suggestions. Fixes: #382 Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
-rw-r--r--README.md74
1 files changed, 74 insertions, 0 deletions
diff --git a/README.md b/README.md
index cf92f75..31ef283 100644
--- a/README.md
+++ b/README.md
@@ -48,6 +48,7 @@ If you have a comment or suggestion, please open an [Issue](https://github.com/d
- [Verify card](#verify-card)
- [Multiple YubiKeys](#multiple-yubikeys)
- [Switching between two or more Yubikeys](#switching-between-two-or-more-yubikeys)
+- [Multiple Hosts](#multiple-hosts)
- [Cleanup](#cleanup)
- [Using keys](#using-keys)
- [Rotating keys](#rotating-keys)
@@ -1676,6 +1677,79 @@ GPG will then scan your first Yubikey for GPG keys and recreate the stubs to poi
To return to using the second Yubikey just repeat (insert other Yubikey and re-run command).
Obviously this command is not easy to remember so it is recommended to either create a script or a shell alias to make this more user friendly.
+
+# Multiple Hosts
+
+It can be convenient to use your YubiKey on multiple hosts:
+
+* a desktop plus a laptop
+* home and work computers
+* an environment like [Tails](https://tails.boum.org)
+
+The simplest way to set up a second host is to begin by exporting your public key and trust settings on the host where your YubiKey is already working:
+
+``` console
+$ gpg --armor --export $KEYID > gpg-public-key-$KEYID.asc
+$ gpg --export-ownertrust > gpg-owner-trust.txt
+```
+
+Move both files to the second host. Then, on the second host:
+
+1. Define your KEYID. For example:
+
+ ``` console
+ $ export KEYID=0xFF3E7D88647EBCDB
+ ```
+
+2. Import your public key:
+
+ ``` console
+ $ gpg --import gpg-public-key-$KEYID.asc
+ ```
+
+3. Import the trust settings:
+
+ ``` console
+ $ gpg --import-ownertrust < gpg-owner-trust.txt
+ ```
+
+4. Insert your YubiKey into a USB port.
+5. Import the private key stubs from the YubiKey:
+
+ ``` console
+ $ gpg --card-status
+ ```
+
+If you need to set up a second host when you are travelling and don't have ready access to your primary host, you can import your public key from a key-server and set trust manually:
+
+1. Define your KEYID. For example:
+
+ ``` console
+ $ export KEYID=0xFF3E7D88647EBCDB
+ ```
+
+2. Fetch the public key from a key-server. For example:
+
+ ``` console
+ $ gpg --keyserver hkps://keyserver.ubuntu.com:443 --recv $KEYID
+ ```
+
+3. Set ultimate trust:
+
+ ``` console
+ $ gpg --edit-key $KEYID
+ gpg> trust
+ Your decision? 5
+ Do you really want to set this key to ultimate trust? (y/N) y
+ gpg> quit
+ ```
+
+4. Insert your YubiKey into a USB port.
+5. Import the private key stubs from the YubiKey:
+
+ ``` console
+ $ gpg --card-status
+ ```
# Cleanup