diff options
| author | Phill Kelley <34226495+Paraphraser@users.noreply.github.com> | 2023-06-28 23:44:09 +1000 |
|---|---|---|
| committer | Phill Kelley <34226495+Paraphraser@users.noreply.github.com> | 2023-06-28 23:44:09 +1000 |
| commit | 0310feaecc5267215215180305cffba1ecfd7958 (patch) | |
| tree | 4cdd5f70f729f1bf4aafbc7595fc4ec116db9abc /README.md | |
| parent | Merge pull request #372 from PhilipMay/patch-2 (diff) | |
| download | YubiKey-Guide-0310feaecc5267215215180305cffba1ecfd7958.tar.gz | |
2023-06-28 Add section on setting up multiple hosts
Issue #382 suggests adding a section explaining how to use the same
YubiKey on multiple hosts.
This PR incorporates most of the suggestions.
Fixes: #382
Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 74 |
1 files changed, 74 insertions, 0 deletions
@@ -48,6 +48,7 @@ If you have a comment or suggestion, please open an [Issue](https://github.com/d - [Verify card](#verify-card) - [Multiple YubiKeys](#multiple-yubikeys) - [Switching between two or more Yubikeys](#switching-between-two-or-more-yubikeys) +- [Multiple Hosts](#multiple-hosts) - [Cleanup](#cleanup) - [Using keys](#using-keys) - [Rotating keys](#rotating-keys) @@ -1676,6 +1677,79 @@ GPG will then scan your first Yubikey for GPG keys and recreate the stubs to poi To return to using the second Yubikey just repeat (insert other Yubikey and re-run command). Obviously this command is not easy to remember so it is recommended to either create a script or a shell alias to make this more user friendly. + +# Multiple Hosts + +It can be convenient to use your YubiKey on multiple hosts: + +* a desktop plus a laptop +* home and work computers +* an environment like [Tails](https://tails.boum.org) + +The simplest way to set up a second host is to begin by exporting your public key and trust settings on the host where your YubiKey is already working: + +``` console +$ gpg --armor --export $KEYID > gpg-public-key-$KEYID.asc +$ gpg --export-ownertrust > gpg-owner-trust.txt +``` + +Move both files to the second host. Then, on the second host: + +1. Define your KEYID. For example: + + ``` console + $ export KEYID=0xFF3E7D88647EBCDB + ``` + +2. Import your public key: + + ``` console + $ gpg --import gpg-public-key-$KEYID.asc + ``` + +3. Import the trust settings: + + ``` console + $ gpg --import-ownertrust < gpg-owner-trust.txt + ``` + +4. Insert your YubiKey into a USB port. +5. Import the private key stubs from the YubiKey: + + ``` console + $ gpg --card-status + ``` + +If you need to set up a second host when you are travelling and don't have ready access to your primary host, you can import your public key from a key-server and set trust manually: + +1. Define your KEYID. For example: + + ``` console + $ export KEYID=0xFF3E7D88647EBCDB + ``` + +2. Fetch the public key from a key-server. For example: + + ``` console + $ gpg --keyserver hkps://keyserver.ubuntu.com:443 --recv $KEYID + ``` + +3. Set ultimate trust: + + ``` console + $ gpg --edit-key $KEYID + gpg> trust + Your decision? 5 + Do you really want to set this key to ultimate trust? (y/N) y + gpg> quit + ``` + +4. Insert your YubiKey into a USB port. +5. Import the private key stubs from the YubiKey: + + ``` console + $ gpg --card-status + ``` # Cleanup |