aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/README.md (unfollow)
Commit message (Collapse)AuthorFilesLines
2021-08-15Stage alternatives section and cleanup grammardrduh1-12/+19
2021-08-15Note to permasave password to fix #206drduh1-1/+3
2021-08-15 Mention the yubikey troubleshooting guide for gpg to fix #217drduh1-0/+2
2021-08-15Update filenames to fix #222drduh1-9/+9
2021-08-10Expanded on GPG PIN configPedro H1-24/+14
2021-08-10clarify pins, drduh/YubiKey-Guide#248Andrew Martinez1-7/+9
- define each pin name, default, usage - call out special admin pin restrictions
2021-07-05Update nixos LiveCD exampleSven Reissmann1-1/+1
````nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-kde.nix```` no longer exists. Update to ````nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-plasma5.nix````
2021-06-08added mention of ssh key support for blue security keys Ian Stanley1-2/+2
As detailed in their recent press release and blog post https://www.yubico.com/blog/github-now-supports-ssh-security-keys/
2021-06-04added to section multiple Yubikeys section re: switching between YubikeysIan Stanley1-0/+25
section describes the issue and the remedy for GPG stubs only pointing to the Yubikey that was last subject to the keytocard command
2021-05-01Add hint re. (new) `ssh-keygen -t ed25519-sk`Michael Vorburger ⛑️1-0/+2
2021-03-25Add note about pass insert error and `trust-key` usageJames O'Beirne1-0/+11
When using a previously provisioned YubiKey on a new computer, I was met with an "Unusable public key" error when trying to insert a new password, despite being able to decrypt pass entries. I tried setting the trust on the key via `gpg --edit-key`, but was then met with "Need secret key to do this." I found that the solution is apparently to use the `trust-key` directive in `~/.gnupg/gpg.conf`, which is not mentioned in the README at the moment.
2021-03-24Update usage of ykmanWilli Schönborn1-6/+6
Fixes the following warning: WARNING: The use of this command is deprecated and will be removed! Replace with: ykman openpgp keys set-touch
2021-02-04Update README.mdberwag1-1/+1
2021-01-28Update README.mdberwag1-1/+1
changed wording according to yubischiess' comment
2021-01-27Additions to "Required Software"berwag1-0/+6
proposed change according to Issue#215
2021-01-13Fix: "quit" to save -> "save" to saveAndreas Klöckner1-1/+1
2021-01-10add fish configbasbebe1-0/+7
2021-01-10Add SSH setup for macOS GUI applicationsbasbebe1-2/+61
On macOS, a LaunchAgent needs to be created to overwrite the system's SSH agent. see https://github.com/drduh/YubiKey-Guide/issues/229
2020-12-25Adds warning about PUK being defaultNemo1-1/+3
2020-12-25Adds instructions on changing the PUKNemo1-3/+25
2020-12-24Rephrase one sentence according to one comment on drduh/YubiKey-Guide#225Zenithal1-1/+1
2020-12-24Add subsections on chained agent forwardingZenithal1-4/+35
2020-12-03Add note on chained agent forwardingZenithal1-0/+4
2020-12-03Correct WSL agent forwardingZenithal1-4/+8
This is a mix of two forwarding method, this commit separates them
2020-12-03Change note in alter agent sectionZenithal1-1/+2
Different methods have different requirements
2020-12-03Add new method for ssh-agent forwardingZenithal1-4/+45
2020-12-03Add details to GPG-Agent forward; Alter structureZenithal1-56/+73
GPG Agent forwarding has a broader usage, not only limited to ssh-agent forwarding. In this commit gpg-agent forwarding is raised as a separate section as it can not be contained by #SSH any longer. More details are added for gpg-agent forwarding, including some important notes taken from practice and analysis. For ssh-agent forward, older method are contained, and new method will be included as framework has been structured.
2020-12-02Change format of important notes in mutt subsectionZenithal1-1/+1
2020-12-02Add Mutt subsection in Email sectionZenithal1-0/+9
2020-12-02Add Mutt in Email introZenithal1-1/+1
2020-11-14Fix reset commandNemo1-1/+1
gpg-connect-agent uses `-r/--run` not `-R`
2020-10-31Change edit to create or editJean-Paul van Ravensberg1-1/+1
As gpg-agent.conf didn't exist on my system
2020-10-31Add PowerShell command to get YubiKey nameJean-Paul van Ravensberg1-2/+9
2020-09-25Update verification of Debian ISO to not hardcode the version.Anthony Muller1-2/+2
2020-09-25Change Debian ISO url to be generated from the contents of SHA512SUM.Anthony Muller1-2/+2
This removes the need to maintain the version number, which is currently out of date.
2020-09-17Fix links with parenthesesandy1-2/+2
2020-09-01unset GNUPGHOME variableRudy Gevaert1-0/+2
if not done, in the next step you get error: gpg: keyblock resource '/home/..../gnupg-workspace/pubring.kbx': No such file or directory gpg: no writable keyring found: Not found
2020-08-29Add option to retrieve additionaly entropy from YubiKey itselfMirko Vogt1-0/+13
2020-08-26change defaults and add info to #Require touchAmolith1-3/+35
As mentioned in #197, the previous behaviour would require users to touch their key any time an authentication, signing, or encryption operation was performed. In some situations, this behaviour would be undesirable and the only way to revert it would be fully resetting the key and starting from scratch. Rather than using `fixed`, this commit simply turns the feature `on` so the user can change it later if they wish. Additionally, a note about the other policies was included so users can decide for themselves which fits their situation better.
2020-08-22Update README.mdbengim1-0/+2
fixing wrong cryptography version by explicitly installing PyOpenSSL
2020-08-21Python2 is EOL, update packages/references to Py3dragon7881-3/+3
2020-08-14Correct spellingStefano Figura1-3/+3
2020-08-14Update wording Stefano Figura1-1/+3
Ensure that is clear that we do not need to modify keys or even plug the yubikey
2020-08-13Update notation sectionStefano Figura1-1/+1
2020-08-13Add notations sectionStefano Figura1-0/+25
2020-08-11Fix usage inconsistencyb1f6c1c41-5/+5
Master key shall only be used to certify other keys. The usage indicator in README.md is inconsistently shown as SC and C.
2020-05-27Set touch policy to fixed.Kenny MacDermid1-3/+3
Setting the touch policy to `on` does not prevent the policy from later being turned off again. Setting it to `fixed` is more secure because it can not be turned off. If someone wants to disable the touch policy they can always restore the keys from the backups created in the guide.
2020-05-27Add information on potential PIN issues and how to debug themSebastian Schmieschek1-2/+5
I missed the error message when attempting to set a PIN of only 5 characters due to the UI repeating the options below it. Pinentry happily stores the bogus PIN and even counts down the retry counter when entering the correct (default) one. This can be resolved by unblocking the PIN. Once I ran the gpg-agent with debug output (a tip found in the added link), the issue was obvious.
2020-05-25Stack rank secure environment and add a few tipsdrduh1-19/+42
2020-05-24Fix order of revocation command.Max Mäusezahl1-1/+1
According to 'man gpg' the order of arguments should be gpg [--homedir name] [--options file] [options] command [args] In this case '--gen-revoke' is the command, '$KEYID' is an argument and '--output $GNUPGHOME/revoke.asc' is an option. Previously this was incorrect (option came first) and would spawn an error.