| Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
- define each pin name, default, usage
- call out special admin pin restrictions
|
|
````nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-kde.nix```` no longer exists.
Update to ````nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-plasma5.nix````
|
|
As detailed in their recent press release and blog post
https://www.yubico.com/blog/github-now-supports-ssh-security-keys/
|
|
section describes the issue and the remedy for GPG stubs only pointing to the Yubikey that was last subject to the keytocard command
|
|
|
|
When using a previously provisioned YubiKey on a new computer,
I was met with an "Unusable public key" error when trying to insert
a new password, despite being able to decrypt pass entries.
I tried setting the trust on the key via `gpg --edit-key`, but was
then met with "Need secret key to do this."
I found that the solution is apparently to use the `trust-key`
directive in `~/.gnupg/gpg.conf`, which is not mentioned in the README
at the moment.
|
|
Fixes the following warning:
WARNING: The use of this command is deprecated and will be removed!
Replace with: ykman openpgp keys set-touch
|
|
|
|
changed wording according to yubischiess' comment
|
|
proposed change according to Issue#215
|
|
|
|
|
|
On macOS, a LaunchAgent needs to be created to overwrite the system's SSH agent.
see https://github.com/drduh/YubiKey-Guide/issues/229
|
|
|
|
|
|
|
|
|
|
|
|
This is a mix of two forwarding method,
this commit separates them
|
|
Different methods have different requirements
|
|
|
|
GPG Agent forwarding has a broader usage, not only
limited to ssh-agent forwarding.
In this commit gpg-agent forwarding is raised as a
separate section as it can not be contained by #SSH
any longer.
More details are added for gpg-agent forwarding, including
some important notes taken from practice and analysis.
For ssh-agent forward, older method are contained, and new
method will be included as framework has been structured.
|
|
|
|
|
|
|
|
gpg-connect-agent uses `-r/--run` not `-R`
|
|
As gpg-agent.conf didn't exist on my system
|
|
|
|
|
|
This removes the need to maintain the version number, which is currently
out of date.
|
|
|
|
if not done, in the next step you get error:
gpg: keyblock resource '/home/..../gnupg-workspace/pubring.kbx': No such file or directory
gpg: no writable keyring found: Not found
|
|
|
|
As mentioned in #197, the previous behaviour would require users to
touch their key any time an authentication, signing, or encryption
operation was performed. In some situations, this behaviour would be
undesirable and the only way to revert it would be fully resetting the
key and starting from scratch. Rather than using `fixed`, this commit
simply turns the feature `on` so the user can change it later if they
wish.
Additionally, a note about the other policies was included so users can
decide for themselves which fits their situation better.
|
|
fixing wrong cryptography version by explicitly installing PyOpenSSL
|
|
|
|
|
|
Ensure that is clear that we do not need to modify keys or even plug the yubikey
|
|
|
|
|
|
Master key shall only be used to certify other keys. The usage indicator in
README.md is inconsistently shown as SC and C.
|
|
Setting the touch policy to `on` does not prevent the policy from
later being turned off again. Setting it to `fixed` is more secure
because it can not be turned off.
If someone wants to disable the touch policy they can always restore
the keys from the backups created in the guide.
|
|
I missed the error message when attempting to set a PIN of only 5 characters due
to the UI repeating the options below it.
Pinentry happily stores the bogus PIN and even counts down the retry counter
when entering the correct (default) one. This can be resolved by unblocking the
PIN.
Once I ran the gpg-agent with debug output (a tip found in the added link), the
issue was obvious.
|
|
|
|
According to 'man gpg' the order of arguments should be
gpg [--homedir name] [--options file] [options] command [args]
In this case '--gen-revoke' is the command, '$KEYID' is an argument and
'--output $GNUPGHOME/revoke.asc' is an option. Previously this was
incorrect (option came first) and would spawn an error.
|
|
This is specifically during setup when rotating keys.
|
|
There are two anchors with the same name and this breaks navigation.
|
|
|
