| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |\
| |
| | |
Clarified PIN config
|
| | | |
|
| | |
| |
| |
| |
| | |
- define each pin name, default, usage
- call out special admin pin restrictions
|
| |\ \
| | |
| | | |
switching between Yubikeys
|
| | |/
| |
| | |
section describes the issue and the remedy for GPG stubs only pointing to the Yubikey that was last subject to the keytocard command
|
| |\ \
| | |
| | | |
added mention of ssh key support for blue security keys
|
| | |/
| |
| |
| |
| | |
As detailed in their recent press release and blog post
https://www.yubico.com/blog/github-now-supports-ssh-security-keys/
|
| |\ \
| | |
| | | |
Script to switch between two Yubikeys with identical keys
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Some GitHub users have asked in the issues why can't I use two Yubikeys (one as a backup). It's a question often asked
The usual answer given across the web is that you can't as GPG replaces the key with key stubs when you quit and save (if you don't save then the Yubikey appears useless as GPG doesn't delete the keys and carries on using them off the keyring.
If once you have run keytocard to transfer your keys to the Yubikey#1 you QUIT WITHOUT SAVING then you can repeat the whole process again and put in your Yubikey#2 and keytocard again. this time QUIT AND SAVE.
GPG will now replace the keys with a key stub pointing to the Yubikey with the card serial number (see Yubikey serial on back of key) when you try to decrypt/sign/authenticate. The first Yubikey will be ignored despite the fact it has a copy of the Yubikey.
However you can use gpg-connect-agent to force read the Yubikey and repoint the key stubs to the keys on the Yubikey inserted.
Just run the script and insert whichever key you have to have (primary or backup) when prompted
NB once this script has been run GPG will be pointing the stubs at the recently used Yubikey ... to go back to your first Yubikey again switch Yubikeys and re-run script
Simples :)
|
| |\ \ \
| |_|/
|/| | |
Update nixos LiveCD example
|
| |/ /
| |
| |
| | |
````nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-kde.nix```` no longer exists.
Update to ````nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-plasma5.nix````
|
| |\ \
| | |
| | | |
Add note about pass insert error and `trust-key` usage
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When using a previously provisioned YubiKey on a new computer,
I was met with an "Unusable public key" error when trying to insert
a new password, despite being able to decrypt pass entries.
I tried setting the trust on the key via `gpg --edit-key`, but was
then met with "Need secret key to do this."
I found that the solution is apparently to use the `trust-key`
directive in `~/.gnupg/gpg.conf`, which is not mentioned in the README
at the moment.
|
| |\ \ \
| | | |
| | | | |
Update usage of ykman
|
| | | |/
| |/|
| | |
| | |
| | |
| | | |
Fixes the following warning:
WARNING: The use of this command is deprecated and will be removed!
Replace with: ykman openpgp keys set-touch
|
| |\ \ \
| | | |
| | | | |
[security] Adds warning about PUK being default
|
| | | |/
| |/| |
|
| |\ \ \
| | | |
| | | | |
Adds instructions on changing the PUK
|
| | |/ / |
|
| |\ \ \
| |_|/
|/| | |
Add hint re. (new) `ssh-keygen -t ed25519-sk`
|
| |/ / |
|
| |\ \
| | |
| | | |
Fix: "quit" to save -> "save" to save
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
Add SSH setup for macOS GUI applications
|
| | |/ /
| | |
| | |
| | |
| | |
| | | |
On macOS, a LaunchAgent needs to be created to overwrite the system's SSH agent.
see https://github.com/drduh/YubiKey-Guide/issues/229
|
| |\ \ \
| | | |
| | | | |
Additions to "Required Software"
|
| | | | | |
|
| | | | |
| | | |
| | | | |
changed wording according to yubischiess' comment
|
| |/ / /
| | |
| | | |
proposed change according to Issue#215
|
| |\ \ \
| |/ /
|/| | |
add fish config
|
| |/ / |
|
| |\ \
| | |
| | | |
Add New Agent Forward Method and Clarify Two Methods
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
This is a mix of two forwarding method,
this commit separates them
|
| | | |
| | |
| | |
| | | |
Different methods have different requirements
|
| | | | |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
GPG Agent forwarding has a broader usage, not only
limited to ssh-agent forwarding.
In this commit gpg-agent forwarding is raised as a
separate section as it can not be contained by #SSH
any longer.
More details are added for gpg-agent forwarding, including
some important notes taken from practice and analysis.
For ssh-agent forward, older method are contained, and new
method will be included as framework has been structured.
|
| |\ \
| |/
|/| |
Add Mutt email client gpg config and Some note when configuring
|
| | | |
|
| | | |
|
| |/ |
|
| |\
| |
| | |
Add PowerShell command to get YubiKey name
|
| | |
| |
| | |
As gpg-agent.conf didn't exist on my system
|
| | | |
|
| |\ \
| | |
| | | |
Fix links with parentheses
|
| | |/ |
|
| |\ \
| | |
| | | |
unset GNUPGHOME variable
|
