aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/README.md (unfollow)
Commit message (Collapse)AuthorFilesLines
2021-02-04Update README.mdberwag1-1/+1
2021-01-28Update README.mdberwag1-1/+1
changed wording according to yubischiess' comment
2021-01-27Additions to "Required Software"berwag1-0/+6
proposed change according to Issue#215
2021-01-13Fix: "quit" to save -> "save" to saveAndreas Klöckner1-1/+1
2021-01-10add fish configbasbebe1-0/+7
2021-01-10Add SSH setup for macOS GUI applicationsbasbebe1-2/+61
On macOS, a LaunchAgent needs to be created to overwrite the system's SSH agent. see https://github.com/drduh/YubiKey-Guide/issues/229
2020-12-24Rephrase one sentence according to one comment on drduh/YubiKey-Guide#225Zenithal1-1/+1
2020-12-24Add subsections on chained agent forwardingZenithal1-4/+35
2020-12-03Add note on chained agent forwardingZenithal1-0/+4
2020-12-03Correct WSL agent forwardingZenithal1-4/+8
This is a mix of two forwarding method, this commit separates them
2020-12-03Change note in alter agent sectionZenithal1-1/+2
Different methods have different requirements
2020-12-03Add new method for ssh-agent forwardingZenithal1-4/+45
2020-12-03Add details to GPG-Agent forward; Alter structureZenithal1-56/+73
GPG Agent forwarding has a broader usage, not only limited to ssh-agent forwarding. In this commit gpg-agent forwarding is raised as a separate section as it can not be contained by #SSH any longer. More details are added for gpg-agent forwarding, including some important notes taken from practice and analysis. For ssh-agent forward, older method are contained, and new method will be included as framework has been structured.
2020-12-02Change format of important notes in mutt subsectionZenithal1-1/+1
2020-12-02Add Mutt subsection in Email sectionZenithal1-0/+9
2020-12-02Add Mutt in Email introZenithal1-1/+1
2020-11-14Fix reset commandNemo1-1/+1
gpg-connect-agent uses `-r/--run` not `-R`
2020-10-31Change edit to create or editJean-Paul van Ravensberg1-1/+1
As gpg-agent.conf didn't exist on my system
2020-10-31Add PowerShell command to get YubiKey nameJean-Paul van Ravensberg1-2/+9
2020-09-25Update verification of Debian ISO to not hardcode the version.Anthony Muller1-2/+2
2020-09-25Change Debian ISO url to be generated from the contents of SHA512SUM.Anthony Muller1-2/+2
This removes the need to maintain the version number, which is currently out of date.
2020-09-17Fix links with parenthesesandy1-2/+2
2020-09-01unset GNUPGHOME variableRudy Gevaert1-0/+2
if not done, in the next step you get error: gpg: keyblock resource '/home/..../gnupg-workspace/pubring.kbx': No such file or directory gpg: no writable keyring found: Not found
2020-08-29Add option to retrieve additionaly entropy from YubiKey itselfMirko Vogt1-0/+13
2020-08-26change defaults and add info to #Require touchAmolith1-3/+35
As mentioned in #197, the previous behaviour would require users to touch their key any time an authentication, signing, or encryption operation was performed. In some situations, this behaviour would be undesirable and the only way to revert it would be fully resetting the key and starting from scratch. Rather than using `fixed`, this commit simply turns the feature `on` so the user can change it later if they wish. Additionally, a note about the other policies was included so users can decide for themselves which fits their situation better.
2020-08-22Update README.mdbengim1-0/+2
fixing wrong cryptography version by explicitly installing PyOpenSSL
2020-08-21Python2 is EOL, update packages/references to Py3dragon7881-3/+3
2020-08-14Correct spellingStefano Figura1-3/+3
2020-08-14Update wording Stefano Figura1-1/+3
Ensure that is clear that we do not need to modify keys or even plug the yubikey
2020-08-13Update notation sectionStefano Figura1-1/+1
2020-08-13Add notations sectionStefano Figura1-0/+25
2020-08-11Fix usage inconsistencyb1f6c1c41-5/+5
Master key shall only be used to certify other keys. The usage indicator in README.md is inconsistently shown as SC and C.
2020-05-27Set touch policy to fixed.Kenny MacDermid1-3/+3
Setting the touch policy to `on` does not prevent the policy from later being turned off again. Setting it to `fixed` is more secure because it can not be turned off. If someone wants to disable the touch policy they can always restore the keys from the backups created in the guide.
2020-05-27Add information on potential PIN issues and how to debug themSebastian Schmieschek1-2/+5
I missed the error message when attempting to set a PIN of only 5 characters due to the UI repeating the options below it. Pinentry happily stores the bogus PIN and even counts down the retry counter when entering the correct (default) one. This can be resolved by unblocking the PIN. Once I ran the gpg-agent with debug output (a tip found in the added link), the issue was obvious.
2020-05-25Stack rank secure environment and add a few tipsdrduh1-19/+42
2020-05-24Fix order of revocation command.Max Mäusezahl1-1/+1
According to 'man gpg' the order of arguments should be gpg [--homedir name] [--options file] [options] command [args] In this case '--gen-revoke' is the command, '$KEYID' is an argument and '--output $GNUPGHOME/revoke.asc' is an option. Previously this was incorrect (option came first) and would spawn an error.
2020-05-17Include --expert when editing master keyMike Mazur1-1/+1
This is specifically during setup when rotating keys.
2020-05-04Fix broken anchorVladyslav Krylasov1-5/+5
There are two anchors with the same name and this breaks navigation.
2020-05-04Clarified wordingJason Stelzer1-1/+1
2020-05-04GPG keys on multiple computersJason Stelzer1-0/+1
I feel like this took me longer to figure out than it should have.
2020-05-03Address throw-keyids issue with mailvelope to fix #178drduh1-14/+18
2020-05-03Split export pubkey from backup to fix #175drduh1-86/+95
2020-05-03Disambiguate backup volume label to fix #176.drduh1-77/+127
2020-04-29Describe card serial number errorVladyslav Krylasov1-28/+15
2020-04-28Describe ykman PGP keys resetVladyslav Krylasov1-0/+6
2020-04-28Add instruction to create a revoke certificateapiraino1-0/+15
2020-03-24Add steps for renewing (not rotating) sub-keysDaniel Sockwell1-1/+102
As discussed in issue #164, the current section on Rotating Keys presents two alternatives: replacing the existing keys with a newly generated key or extending the validity of existing keys by changing their expiration. However, it only provides instructions for the first approach. This commit adds instructions for renewing sub-keys. I am far from an expert, and am submitting this change mostly in hopes that it will provide documentation for the next time I need to renew my sub-keys. I would welcome any changes or clarifications others would care to offer.
2020-03-02Added some additonal text describing alternatives that may be usedMurphy Laptop1-0/+15
2020-02-12Bump Debian version, license yeardrduh1-8/+32
2020-01-22Add instructions for NixOSRodney Lorrimar1-0/+51
I just tested these steps on a spare laptop.