aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/README.md (unfollow)
Commit message (Collapse)AuthorFilesLines
2024-10-26Passphrase now passed to gpg from stdin via the --passphrase-fd 0 option ↵forbytten1-8/+8
instead of via the --passphrase option. The latter exposes the passphrase to observation by other processes on the system and the gpg man page includes a disclaimer for it: Don't use this option if you can avoid it. Although the README recommends a single user, ephemeral Debian Live environment, users may choose to ignore that recommendation so it seems best to protect them from themselves where possible.
2024-08-18consolidate agent commandsdrduh1-0/+1
2024-08-18use printf, export keyid, fix linkdrduh1-14/+5
2024-08-17mail/thunderbird: fix typosnqk1-1/+1
Signed-off-by: snqk <me@snqk.dev>
2024-08-17mail/thunderbird: add instructions & warningssnqk1-0/+7
- add instructions to configure the thunderbird client with this setup - add warning for commonly encountered issues when decrypting emails (Resolves #448) Signed-off-by: snqk <me@snqk.dev>
2024-07-20Remove trailing whitespace in README.mdJustus Perlwitz1-2/+2
2024-07-20Document how to test NixOS build with QEMUJustus Perlwitz1-0/+13
2024-07-06Corrected small typo in README.mddenis-roy1-1/+1
maintenace -> maintenance
2024-06-30Should only have one identity loaded when renewingdrduh1-1/+1
2024-06-30Renew expired subkeys, fix #442drduh1-1/+2
2024-06-30Fix secret functiondrduh1-2/+2
2024-06-30Export variables throughoutdrduh1-22/+23
2024-05-05Move networking section to Optional hardeningstraysheep-dev1-67/+64
2024-05-03Export the `GNUPGHOME` variableManuel Thalmann1-1/+1
Merging this PR will fix #434
2024-04-18Add networking section to README.mdstraysheep-dev1-2/+67
2024-03-29Tidy style and formattingdrduh1-15/+14
2024-03-25Fix broken 'SSH agent forwarding' internal linksWill Stephenson1-3/+3
2024-03-24Remove NEO (discontinued in 2018), sort troubleshootingdrduh1-9/+7
2024-03-24Update LUKS link, make commands consistent, more passphrase guidancedrduh1-49/+67
2024-03-24Optional hardening section, additional validation stepsdrduh1-159/+160
2024-03-19Fix typo in date commandWill Stephenson1-1/+1
2024-03-17Add command-line passphrase templatedrduh1-1/+9
2024-03-17Replace mkdir commandsdrduh1-1/+17
2024-03-17Install yubikey-manager directly on Debiandrduh1-39/+5
2024-03-17Simplify and automate fdisk commandsdrduh1-112/+92
2024-03-17Stick with 6/8 digit PINsdrduh1-17/+12
2024-03-17Remove obsolete stuff, clean up introdrduh1-19/+11
2024-03-17Move keyserver instructions to later, more batch commandsdrduh1-82/+74
2024-03-16Automate PIN and card operationsdrduh1-120/+88
2024-03-16Simplify instructions, reduce manual labordrduh1-1137/+548
2024-03-10formatting fixdrduh1-2/+2
2024-03-10Workaround for Authenticate key issuedrduh1-8/+8
2024-03-07update gpg --quick-add-key commandsCsanad Beres1-4/+5
it seems to be only accepting fingerprints and rejecting key ID-s
2024-02-12few more standard termsdrduh1-5/+5
2024-02-12typodrduh1-1/+1
2024-02-12few more style nitsdrduh1-15/+9
2024-02-12explicit keytocard instructionsdrduh1-34/+13
2024-02-12simplify batch instructionsdrduh1-30/+12
2024-02-12standard names for subkeysdrduh1-51/+56
2024-02-12remove yubikey as rngdrduh1-11/+0
2024-02-12remove multiple hostsdrduh1-102/+39
2024-02-11more grammardrduh1-45/+19
2024-02-11few more cleanupsdrduh1-42/+112
2024-02-11simplify console output, use generic infodrduh1-477/+203
2024-02-11more grammar and formattingdrduh1-127/+118
2024-02-11grammar and styledrduh1-195/+149
2024-02-11grammar and standardize storage terminologydrduh1-141/+156
2024-02-11standardize Certify/Subkeys, easier command copy, organize linksdrduh1-424/+409
2024-02-11fix rookie mistakePhill Kelley1-1/+1
Add a one-liner that works. Then think about the context and decide to recommend a rearrangement. And then muck up the consequential adjustment of the original one-liner. I think I got a badge for that in the scouts. Well spotted. Sorry. Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2024-02-10add step to set `disable-ccid` in `scdaemon.conf`Phill Kelley1-1/+21
Issue #404 reports "GPG acts like my YubiKey isn't plugged in". With GnuPG 2.3 and later, the system can get into a loop where it prompts for insertion of a YubiKey even though that YubiKey is already connected. The solution for this is to set `disable-ccid` in `~/.gnupg/scdaemon.conf`. Testing suggests setting `disable-ccid` does not interfere with earlier versions of GnuPG (eg 2.2.27 on Debian Bullseye or 2.2.40 on Debian Bookworm). This problem has also been mentioned in #277 and #256. Including a step in the Guide to set `disable-ccid` may help minimise recurrence. Also takes the opportunity to ensure `~/.gnupg` directory exists on a new system before downloading `gpg.conf`. References: * Ludovic Rousseau - [GnuPG and PC/SC conflicts](https://ludovicrousseau.blogspot.com/2019/06/gnupg-and-pcsc-conflicts.html) * GnuPG.org: - [Scdaemon Options](https://www.gnupg.org/documentation/manuals/gnupg/Scdaemon-Options.html#index-disable_002dccid) * YubiCo: - [Resolving GPG's CCID conflicts](https://support.yubico.com/hc/en-us/articles/4819584884124-Resolving-GPG-s-CCID-conflicts) - [Troubleshooting Issues with GPG](https://support.yubico.com/hc/en-us/articles/360013714479-Troubleshooting-Issues-with-GPG) * Closed issues: - [277 pcscd: Error Reader Exclusive](https://github.com/drduh/YubiKey-Guide/issues/277) - [256 Update scdaemon.conf for gnupg 2.3 with MacOS (and possibly others)](https://github.com/drduh/YubiKey-Guide/issues/256) Fixes #404 Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
generated by cgit, for Dennis Eriksen