aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/README.md (unfollow)
Commit message (Collapse)AuthorFilesLines
2024-02-11grammar and standardize storage terminologydrduh1-141/+156
2024-02-11standardize Certify/Subkeys, easier command copy, organize linksdrduh1-424/+409
2024-02-11fix rookie mistakePhill Kelley1-1/+1
Add a one-liner that works. Then think about the context and decide to recommend a rearrangement. And then muck up the consequential adjustment of the original one-liner. I think I got a badge for that in the scouts. Well spotted. Sorry. Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2024-02-10add step to set `disable-ccid` in `scdaemon.conf`Phill Kelley1-1/+21
Issue #404 reports "GPG acts like my YubiKey isn't plugged in". With GnuPG 2.3 and later, the system can get into a loop where it prompts for insertion of a YubiKey even though that YubiKey is already connected. The solution for this is to set `disable-ccid` in `~/.gnupg/scdaemon.conf`. Testing suggests setting `disable-ccid` does not interfere with earlier versions of GnuPG (eg 2.2.27 on Debian Bullseye or 2.2.40 on Debian Bookworm). This problem has also been mentioned in #277 and #256. Including a step in the Guide to set `disable-ccid` may help minimise recurrence. Also takes the opportunity to ensure `~/.gnupg` directory exists on a new system before downloading `gpg.conf`. References: * Ludovic Rousseau - [GnuPG and PC/SC conflicts](https://ludovicrousseau.blogspot.com/2019/06/gnupg-and-pcsc-conflicts.html) * GnuPG.org: - [Scdaemon Options](https://www.gnupg.org/documentation/manuals/gnupg/Scdaemon-Options.html#index-disable_002dccid) * YubiCo: - [Resolving GPG's CCID conflicts](https://support.yubico.com/hc/en-us/articles/4819584884124-Resolving-GPG-s-CCID-conflicts) - [Troubleshooting Issues with GPG](https://support.yubico.com/hc/en-us/articles/360013714479-Troubleshooting-Issues-with-GPG) * Closed issues: - [277 pcscd: Error Reader Exclusive](https://github.com/drduh/YubiKey-Guide/issues/277) - [256 Update scdaemon.conf for gnupg 2.3 with MacOS (and possibly others)](https://github.com/drduh/YubiKey-Guide/issues/256) Fixes #404 Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2024-02-04NixOS Live Image: convert to a flakeMotiejus Jakštys1-208/+21
Now `nixpkgs` will be pointing to a specific release, which has a much smaller chance to unexpectedly break. Currently 23.11. The next one will be 24.05, 24.11, etc. NixOS *releases* receive security updates, but packages are upgraded conservatively, thus don't generally break. As a result, we should need to worry about NixOS upgrades every 6-12 months. The upgrade means "bump the version number and try to build it". If it breaks, it will generally break only then. Less reactive, more proactive surprises. `flake.nix` was written by @thomaseizinger in https://github.com/drduh/YubiKey-Guide/issues/406. Changes from the original: - change Gnome to xfce. Now it loads with 384MB of RAM and works well with the simplest graphics (hello qemu). - less nasty workaround for hopenpgp-tools. Fixed upstream (https://github.com/NixOS/nixpkgs/pull/279117). - do not default `copytoram`, user can select this option in the bootloader. Here is how to test it: ``` $ nix run .#nixosConfigurations.yubikeyLive.x86_64-linux.config.system.build.vm ``` *Note for the maintainer*: it would be great if you could occasionally run `nix flake update --commit-lock-file`, *especially* after updating github.com/drduh/config.git. Fixes #406 Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
2024-01-25Update link to genuine device check infoColin Grady1-1/+1
2024-01-04Update README.mdJordan Pickwell1-3/+3
Quote ISO URL, and add `$` RegExp end-of-string anchor to return only the ISO file and none of the other entries that contain `xfce.iso`. This avoids unnecessary cURL errors.
2023-10-21Fix deprecated boot.cleanTmpDir for boot.tmp.cleanOnBootWest1-1/+1
2023-10-15Update debian versiondrduh1-5/+9
2023-10-15Remove ancient keyserversdrduh1-10/+11
2023-10-14fix: use `nix-build` instead of `nix build`Xandor Schiefer1-1/+1
`nix build` is a new "Nix command" that is technically still experimental.
2023-10-14fix: update `hopenpgp-tools` in the NixOS buildXandor Schiefer1-2/+32
Fixes https://github.com/drduh/YubiKey-Guide/issues/370.
2023-10-10Update rpmsphere versionaskiiart1-1/+1
2023-09-22Add link to "makegpg" toolAlex Hirzel1-0/+1
2023-08-18add note for installing yubikey-manager on Debian 12Csanad Beres1-0/+3
2023-08-18add note on installing hopenpgp-tools on Debian 12Csanad Beres1-0/+19
2023-08-14fix bad copy pasteDalibor Karlović1-1/+1
2023-07-16Required Software/NixOS: Replace yubioath-desktop with yubioath-flutterFederico Damián Schonborn1-1/+1
Trying to use yubioath-desktop results on this error: yubioath-desktop has been deprecated by upstream in favor of yubioath-flutter On the current stable channel (23.05). Signed-off-by: Federico Damián Schonborn <fdschonborn@gmail.com>
2023-06-29add missing code-fence language indicators + zap extraneous tabsPhill Kelley1-9/+9
Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2023-06-29explain use of card URL field to obtain public key from keyserverPhill Kelley1-0/+69
Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2023-06-282023-06-28 Add section on setting up multiple hostsPhill Kelley1-0/+74
Issue #382 suggests adding a section explaining how to use the same YubiKey on multiple hosts. This PR incorporates most of the suggestions. Fixes: #382 Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2023-06-26fix typoDalibor Karlović1-1/+1
2023-06-26fix: add an explicit example about publishing the pubkey when expiringDalibor Karlović1-1/+13
2023-05-15Update ykman set-touch instructionsOmar Kotb1-17/+18
2023-04-15Add instructions for adding a new identityShane Friedman1-1/+126
2023-03-31Fix typoKumiko as a Service1-2/+2
pegant -> pageant
2023-03-21add polkit rule troubleshooting tipTai Groot1-0/+18
2023-02-16Update README.mdPhilip May1-1/+1
2023-02-16Update README.mdPhilip May1-1/+1
2022-12-26Update tocdrduh1-55/+57
2022-12-26More entropy cleanup, move batch instructions to altdrduh1-87/+68
2022-12-26Clean up entropy instructionsdrduh1-92/+45
2022-12-26Fix spacingdrduh1-4/+3
2022-12-26mention gnupg on tpmdrduh1-0/+1
2022-12-26mention wsl2-ssh-pageant altdrduh1-1/+1
2022-12-26mention KO attacksdrduh1-0/+2
2022-12-26mention forcesig flag to prompt pin each timedrduh1-1/+1
2022-12-26Note public key recovery articledrduh1-0/+2
2022-12-26safe quote remove-keygrips.shdrduh1-4/+4
2022-12-26Update admin command order, plink quotes and keytocard notedrduh1-9/+15
2022-11-21reorder cleanupSteve Thomson1-2/+2
2022-10-24Update README.mdBartłomiej Jakub Kwiatek1-1/+1
openpgp set-pin-retries is moved to openpgp access set-retries
2022-10-03feat: offline NixOS LiveCD imageXandor Schiefer1-25/+165
Includes inspiration from https://github.com/dhess/nixos-yubikey
2022-09-12Add link to list of PGP-compatible keysHexPandaa1-1/+1
2022-09-12Mention Bio Series - FIDO EditionHexPandaa1-1/+1
Per Yubico's documentation, these do not support OpenPGP: - https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP - https://support.yubico.com/hc/en-us/articles/4407752687378-YubiKey-C-Bio-FIDO-Edition - https://www.yubico.com/fr/store/#yubikey-bio-series-fido-edition
2022-08-10make launchctl commands more copy 'n paste friendlyFelix Kronlage-Dammers1-2/+2
2022-08-09Quick VMware name correctionFranciosi1-1/+1
s/VMWare/VMware
2022-06-19Update the command to change the pin retry attemptsDouglas Reis1-1/+1
Signed-off-by: Douglas Reis <doreis@lowrisc.org>
2022-05-14State release date of Yubico press releaseDavid Isaksson1-1/+1
2022-04-28Add Fedora required software sectionSeanOMik1-0/+10
generated by cgit, for Dennis Eriksen