Last active
October 5, 2022 12:15
-
-
Save fedme/2897246395d7a37c4408be8c9d2c16ec to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Install the following on Windows: | |
| # - Install CLI https://github.com/dorssel/usbipd-win/releases | |
| # - and GUI https://gitlab.com/alelec/wsl-usb-gui/-/releases | |
| # - Build custom WSL kernel following the "Build Custom Kernel" instructions at https://github.com/dorssel/usbipd-win/wiki/WSL-support | |
| # BUT also enable the following: | |
| # Device Drivers ---> | |
| # HID Support ---> | |
| # Check /dev/hidraw raw HID device support | |
| # Check HID Support -> User-space I/O driver support for HID subsystem | |
| # Check ALL drivers under HID Support -> USB HID support | |
| # Manually configure the default user for the custom WSL distro | |
| # so that it's not root: | |
| # Use regedit and navigate to the key: | |
| # HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Lxss | |
| # Examine its subkeys for a distribution that has the right name in the item DistributionName | |
| # Create or modify a DWORD item named DefaultUid and set it to the user-id (uid) of your default user. Here root user is id 0 while the first user id is 1000 (0x3e8). | |
| # On the new wsl linux, install scdaemon | |
| sudo apt install scdaemon | |
| # Daemon need to be stertedmanually at every WSL startup | |
| sudo service pcscd start | |
| # Install ykman with brew (so it's up to date) | |
| brew install ykman | |
| # - Connect the Yubikey | |
| # - Use the WSL USB Manager app on windows to attach the Yunikey to WSL | |
| # On WSL, Check that they key is visible both in ykman and gpg | |
| ykman info | |
| gpg --card-status | |
| # Import GPG key from yubikey | |
| $ gpg --card-edit | |
| > fetch | |
| > quit | |
| gpg — list-keys | |
| $ gpg --edit-key YOUR_KEY_ID # In my case 1E9... | |
| > trust # Change trust level | |
| > 5 # Set trust level to ultimate | |
| > y | |
| > save # Save the changes | |
| gpg — list-keys | |
| # configure git with GPG key | |
| # WSL2 | |
| git config --global user.signingkey YOUR_KEY_ID # In my case 1E9... | |
| git config --global gpg.program gpg | |
| git config --global commit.gpgsign true | |
| git config --global user.name "<your-name>" | |
| git config --global user.email "<your-email>" | |
| # Add this to .bashrc | |
| export GPG_TTY=$(tty) | |
| # test that you can sign with the yubikey and that you get asked for the PIN in the terminal | |
| echo "test" | gpg --clearsign | |
| # if needed, gpg-agent can bestarted with: | |
| gpg-agent --daemon | |
| # or: | |
| gpg-connect-agent reloadagent /bye | |
| # Install pass password manager | |
| sudo apt install pass | |
| # generate a new GPG key (not stored on the yubikey!) to use for pass | |
| gpg --full-generate-key | |
| # Then init pass with that key id | |
| pass init KEY-ID | |
| # Store something in pass and check that it can be read back | |
| pass generate website/test.com 15 | |
| pass -c website/test.com | |
| # Add this to .bashrc to use pass as the aws vault backend | |
| export AWS_VAULT_BACKEND=pass | |
| # Sometimes, after a bit of usage the Yubikey won't be detected anymore unless you are root. | |
| # To fix that, run: | |
| sudo udevadm trigger | |
| sudo service pcscd restart | |
| ykman info | |
| gpg --card-status | |
| # These two commands might be useful too | |
| sudo service udev restart | |
| sudo udevadm control --reload | |
| # You can add those as aliases in your .bashrc for simplicity | |
| # Aliases to reload USB permission services | |
| alias fixusb='sudo udevadm trigger; sudo service pcscd restart' | |
| alias fixusb2='sudo service udev restart; sudo udevadm control --reload; sudo udevadm trigger; sudo service pcscd restart' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment