diff options
| author | Stefano Figura <stefano@figura.im> | 2020-08-13 23:45:18 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-08-13 23:45:18 +0200 |
| commit | c9ea04db2ce0c7e0bbf50bb82a1fe2924d6925ae (patch) | |
| tree | 534af16617cbb54b4d91677f9f8a24fd527b613b /README.md | |
| parent | Merge pull request #199 from b1f6c1c4/patch-1 (diff) | |
| download | YubiKey-Guide-c9ea04db2ce0c7e0bbf50bb82a1fe2924d6925ae.tar.gz | |
Add notations section
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 25 |
1 files changed, 25 insertions, 0 deletions
@@ -47,6 +47,7 @@ If you have a comment or suggestion, please open an [Issue](https://github.com/d * [Setup environment](#setup-environment) * [Renewing sub-keys](#renewing-sub-keys) * [Rotating keys](#rotating-keys-1) +- [Adding notations](#adding-notations) - [SSH](#ssh) * [Create configuration](#create-configuration) * [Replace agents](#replace-agents) @@ -1875,6 +1876,30 @@ $ sudo umount /mnt/public Disconnect the storage device and follow the original steps to transfer new keys (4, 5 and 6) to YubiKey, replacing existing ones. Reboot or securely erase the GPG temporary working directory. +# Adding notations + +Notations can be added to users ID(s) and can be used in conjunction with [Keyoxide](https://keyoxide.org) to create [OpenPGP identity proofs](https://keyoxide.org/guides/openpgp-proofs). + +The setup environment can be created by using this [section](#setup-environment) from this guide. + +After having completed the environment setup, it is possible to follow any of the guides listed under "Adding proofs" from the Keyoxide ["Guides"](https://keyoxide.org/guides/) page __up until the notation is saved using the `save` command`. + +At this point the public key can be exported: + +```console +$ gpg --export $KEYID > pubkey.gpg +``` + +The public key can now be transferred to the computer where the GPG key is used and it is imported with: + +```console +$ gpg --import pubkey.gpg +``` + +N.B.: The `showpref` command can be issued to ensure that the notions were correctly added. + +It is now possible to continue following the Keyoxide guide and upload the key to WKD or to keys.openpgp.org. + # SSH [gpg-agent](https://wiki.archlinux.org/index.php/GnuPG#SSH_agent) supports the OpenSSH ssh-agent protocol (`enable-ssh-support`), as well as Putty's Pageant on Windows (`enable-putty-support`). This means it can be used instead of the traditional ssh-agent / pageant. There are some differences from ssh-agent, notably that gpg-agent does not _cache_ keys rather it converts, encrypts and stores them - persistently - as GPG keys and then makes them available to ssh clients. Any existing ssh private keys that you'd like to keep in `gpg-agent` should be deleted after they've been imported to the GPG agent. |