Setup YubiKey (Windows 11 and Linux)

...
profile picture of ghostzero
GhostZero
Software Developer
Published at October 5, 2021

Setup YubiKey via Putty (Windows 10 and above)

Install Gpg4win

Download the latest Gpg4win version at https://www.gpg4win.org/get-gpg4win.html and install them with all default options. After installation create the following shortcut in your startup folder. You can reach your startup folder by pressing the Windows key + R, type shell:startup, then hit enter. This opens the Startup folder.

"C:\Program Files (x86)\GnuPG\bin\gpg-connect-agent.exe" /bye

Enable Gpg4win support in Putty

Create a file within the %appdata%\gnupg folder (you may have to start gpg in advance so that the folder is created), called gpg-agent.conf which contains the following content:

enable-putty-support

Restart your computer and then you are ready to use Putty with GPG support.

Setup YubiKey via OpenSSH (Ubuntu 20.04 and above)

The following setup is inspired by the following resources:

Install GnuPG + YubiKey Tools

sudo apt update

sudo apt -y upgrade

sudo apt -y install \
	wget gnupg2 gnupg-agent dirmngr cryptsetup scdaemon pcscd secure-delete hopenpgp-tools yubikey-personalization \

Check GPG installation with your YubiKey

After installation your can use the gpg --card-edit command to verify your installation, this should give your a response like this:

Reader ...........: Yubico YubiKey OTP FIDO CCID 0
Application ID ...: D2760001240103040006154200280000
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: Yubico
Serial number ....: 15420028
Name of cardholder: [not set]
Language prefs ...: [not set]
Salutation .......:
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: rsa4096 rsa4096 rsa4096
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 0 3
Signature counter : 1251
KDF setting ......: off
Signature key ....: 24FA DADB 789B B4E0 6E5D  78EF 0471 94F7 7C59 63F0
      created ....: 2020-11-05 19:42:56
Encryption key....: D152 139B 551D DD65 B193  AC95 583E 07FB 720F BFF7
      created ....: 2020-11-05 19:44:22
Authentication key: 498F 080B 4B33 832E 6B18  4CA9 6750 8A8B 4B11 819C
      created ....: 2020-11-05 19:47:07
General key info..: [none]

Replace the SSH_AUTH_SOCK your RC file (.zshrc)

You may want to change your SSH_AUTH_SOCK for the GPG Agent instead of the default SSH Agent, you can use:

# GPG agent configuration for ssh
export GPG_TTY="$(tty)"
export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
gpg-connect-agent updatestartuptty /bye > /dev/null

Recommended GnuPG Configuration

Apply this changes to your .gnupg/gpg-agent.conf configuration. Mabe optimize this for your needs:

# https://github.com/drduh/config/blob/master/gpg-agent.conf
# https://www.gnupg.org/documentation/manuals/gnupg/Agent-Options.html
enable-ssh-support
ttyname $GPG_TTY
default-cache-ttl 60
max-cache-ttl 120
#pinentry-program /usr/bin/pinentry-curses
#pinentry-program /usr/bin/pinentry-tty
#pinentry-program /usr/bin/pinentry-gtk-2
#pinentry-program /usr/bin/pinentry-x11
#pinentry-program /usr/local/bin/pinentry-curses
#pinentry-program /usr/local/bin/pinentry-mac
pinentry-program /usr/bin/pinentry-gnome3

Header Graphic: www.yubico.com

Follow me!

Related stories

You liked Setup YubiKey (Windows 11 and Linux)? You may also be interested in these following articles...
...

With SUBtember right around the corner, you might be wondering what all the fuss is about. What's the difference between a subathon and SUBtember? Let's take a closer look.

GhostZero
1 year ago
...

Düsseldorf. 70,000 visitors came to the DoKomi for manga fans and cosplay in Düsseldorf. This means that DoKomi set a new record for visitor numbers and a growth of +27 percent (compared to 2019).

GhostZero
1 year ago
...

Mit YAFS (Yet Another Firmware Selector) ist es nun möglich die Freifunk Ense Firmware für unterstützte Router zu finden und herunterzuladen.

GhostZero
2 years ago
GhostZero is live on Twitch!
Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy.