Setup YubiKey (Windows 11 and Linux)
Setup YubiKey via Putty (Windows 10 and above)
Install Gpg4win
Download the latest Gpg4win version at https://www.gpg4win.org/get-gpg4win.html and install them with all default options. After installation create the following shortcut in your startup folder. You can reach your startup folder by pressing the Windows key + R, type shell:startup, then hit enter. This opens the Startup folder.
"C:\Program Files (x86)\GnuPG\bin\gpg-connect-agent.exe" /bye
Enable Gpg4win support in Putty
Create a file within the %appdata%\gnupg folder (you may have to start gpg in advance so that the folder is created), called gpg-agent.conf which contains the following content:
enable-putty-support
Restart your computer and then you are ready to use Putty with GPG support.
Setup YubiKey via OpenSSH (Ubuntu 20.04 and above)
The following setup is inspired by the following resources:
Install GnuPG + YubiKey Tools
sudo apt update
sudo apt -y upgrade
sudo apt -y install \
wget gnupg2 gnupg-agent dirmngr cryptsetup scdaemon pcscd secure-delete hopenpgp-tools yubikey-personalization \
Check GPG installation with your YubiKey
After installation your can use the gpg --card-edit command to verify your installation, this should give your a response like this:
Reader ...........: Yubico YubiKey OTP FIDO CCID 0
Application ID ...: D2760001240103040006154200280000
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: Yubico
Serial number ....: 15420028
Name of cardholder: [not set]
Language prefs ...: [not set]
Salutation .......:
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: rsa4096 rsa4096 rsa4096
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 0 3
Signature counter : 1251
KDF setting ......: off
Signature key ....: 24FA DADB 789B B4E0 6E5D 78EF 0471 94F7 7C59 63F0
created ....: 2020-11-05 19:42:56
Encryption key....: D152 139B 551D DD65 B193 AC95 583E 07FB 720F BFF7
created ....: 2020-11-05 19:44:22
Authentication key: 498F 080B 4B33 832E 6B18 4CA9 6750 8A8B 4B11 819C
created ....: 2020-11-05 19:47:07
General key info..: [none]
Replace the SSH_AUTH_SOCK your RC file (.zshrc)
You may want to change your SSH_AUTH_SOCK for the GPG Agent instead of the default SSH Agent, you can use:
# GPG agent configuration for ssh
export GPG_TTY="$(tty)"
export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
gpg-connect-agent updatestartuptty /bye > /dev/null
Recommended GnuPG Configuration
Apply this changes to your .gnupg/gpg-agent.conf configuration. Mabe optimize this for your needs:
# https://github.com/drduh/config/blob/master/gpg-agent.conf
# https://www.gnupg.org/documentation/manuals/gnupg/Agent-Options.html
enable-ssh-support
ttyname $GPG_TTY
default-cache-ttl 60
max-cache-ttl 120
#pinentry-program /usr/bin/pinentry-curses
#pinentry-program /usr/bin/pinentry-tty
#pinentry-program /usr/bin/pinentry-gtk-2
#pinentry-program /usr/bin/pinentry-x11
#pinentry-program /usr/local/bin/pinentry-curses
#pinentry-program /usr/local/bin/pinentry-mac
pinentry-program /usr/bin/pinentry-gnome3
Header Graphic: www.yubico.com
Related stories
With SUBtember right around the corner, you might be wondering what all the fuss is about. What's the difference between a subathon and SUBtember? Let's take a closer look.
Düsseldorf. 70,000 visitors came to the DoKomi for manga fans and cosplay in Düsseldorf. This means that DoKomi set a new record for visitor numbers and a growth of +27 percent (compared to 2019).
Mit YAFS (Yet Another Firmware Selector) ist es nun möglich die Freifunk Ense Firmware für unterstützte Router zu finden und herunterzuladen.