jjones646/70-yubikey-u2f.rules

## 70-yubikey-u2f.rules
# Put this file in /etc/udev/rules.d/ and run this command:
#     $ /etc/init.d/udev restart

# This file contains the udev rule for allowing access to a Yubikey for U2F authentication.

ACTION!="add|change", GOTO="yubikey_u2f_end"
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", TAG+="uaccess"
LABEL="yubikey_u2f_end"

## 70-yubikey-usb.rules
# Put this file in /etc/udev/rules.d/ and run this command:
#     $ /etc/init.d/udev restart

# This file contains udev rules for allowing user access to the USB section of a Yubikey.

# Replace YOUR_USERNAME below with the output from `whoami`.

ACTION!="add|change", GOTO="yubikey_usb_end"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0010|0110|0111|0114|0116|0401|0403|0405|0407|0410", OWNER="YOUR_USERNAME"
LABEL="yubikey_usb_end"

## gpg-agent.conf
# Options for GnuPG located at ~/.gnupg/gpg-agent.conf

enable-ssh-support
write-env-file
use-standard-socket
default-cache-ttl 600
pinentry-program /usr/bin/pinentry-gtk-2

## gpg-jail.sh
#!/bin/bash

# gpg-jail.sh

# The DOS label of your USB stick
LABEL="YOUR_LABEL"

# The pathname to the file containing your private keys
# on that stick
KEYFILE="gpg-top-secret.gpg-key"

# Identify the device file corresponding to your USB stick
device="$(/sbin/findfs LABEL=$LABEL)"

if [ -n "$device" ]; then

    # Create temporary GnuPG home directory
    tmpdir="$(mktemp -d gpg.XXXXXX)"

    # Mount the stick
    udisksctl mount --block-device "$device" --options ro
    # Import the private keys
    mntpoint="$(df "$device" | tail -1 | awk '{print $6}')"
    gpg2 --homedir "$tmpdir" --import "${mntpoint}/${KEYFILE}"
    # Unmount the stick
    udisksctl unmount --block-device "$device"

    # Launch GnuPG from the temporary directory, with the default public keyring
    # and with any arguments given to us on the command line
    gpg2 --homedir "$tmpdir" --keyring "${GNUPGHOME:-$HOME/.gnupg}/pubring.gpg" $@

    # Cleaning up
    [ -f "$tmpdir/S.gpg-agent" ] && gpg-connect-agent --homedir "$tmpdir" KILLAGENT /bye
    rm -rf "$tmpdir"
fi

## gpg.conf
# Options for GnuPG located at ~/.gnupg/gpg.conf

keyserver hkp://pool.sks-keyservers.net
use-agent
personal-digest-preferences SHA256
cert-digest-algo SHA256
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed

## sys-setup.sh
#!/bin/bash

# These are the required packages you will need to install for getting full use from your Yubikey.
#     https://www.yubico.com

# Install dependencies for building all of the Yubikey programs
sudo apt-get install -y git autoconf automake libtool asciidoc

# Build and install the low level C library
git clone https://github.com/Yubico/yubico-c.git
cd yubico-c
autoreconf --install
./configure
make check
sudo make install
cd -
sudo rm -r yubico-c/

# We will need the yubikey development libraries along with libusb
sudo apt-get install -y libyubikey-dev libusb-1.0-0-dev

# The json library is optional
#sudo apt-get install -y libjson0-dev

# Install the ykpersonalize CLI utility
git clone https://github.com/Yubico/yubikey-personalization.git
cd yubikey-personalization
autoreconf --install
./configure
make check
sudo make install
cd -
sudo rm -r yubikey-personalization

# Now we refresh the shared libraries
sudo ldconfig

## yubikey-setup.sh
#!/bin/bash

# Here are a few example configuration commands that you can run after your local
# computer is setup for use with a Yubikey.
#     https://www.yubico.com

# Enable OTP+U2F+CCID
ykpersonalize -m86

# after you confirm the above command, take out and plug back in your
# yubikey - it should show up as 1050:0407 when issuing the `lsusb` command
	# Put this file in /etc/udev/rules.d/ and run this command:
	# $ /etc/init.d/udev restart

	# This file contains the udev rule for allowing access to a Yubikey for U2F authentication.

	ACTION!="add\|change", GOTO="yubikey_u2f_end"
	KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113\|0114\|0115\|0116\|0120\|0402\|0403\|0406\|0407\|0410", TAG+="uaccess"
	LABEL="yubikey_u2f_end"
	# Put this file in /etc/udev/rules.d/ and run this command:
	# $ /etc/init.d/udev restart

	# This file contains udev rules for allowing user access to the USB section of a Yubikey.

	# Replace YOUR_USERNAME below with the output from `whoami`.

	ACTION!="add\|change", GOTO="yubikey_usb_end"
	SUBSYSTEMS=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0010\|0110\|0111\|0114\|0116\|0401\|0403\|0405\|0407\|0410", OWNER="YOUR_USERNAME"
	LABEL="yubikey_usb_end"
	# Options for GnuPG located at ~/.gnupg/gpg-agent.conf

	enable-ssh-support
	write-env-file
	use-standard-socket
	default-cache-ttl 600
	pinentry-program /usr/bin/pinentry-gtk-2
	#!/bin/bash

	# gpg-jail.sh

	# The DOS label of your USB stick
	LABEL="YOUR_LABEL"

	# The pathname to the file containing your private keys
	# on that stick
	KEYFILE="gpg-top-secret.gpg-key"

	# Identify the device file corresponding to your USB stick
	device="$(/sbin/findfs LABEL=$LABEL)"

	if [ -n "$device" ]; then

	# Create temporary GnuPG home directory
	tmpdir="$(mktemp -d gpg.XXXXXX)"

	# Mount the stick
	udisksctl mount --block-device "$device" --options ro
	# Import the private keys
	mntpoint="$(df "$device" \| tail -1 \| awk '{print $6}')"
	gpg2 --homedir "$tmpdir" --import "${mntpoint}/${KEYFILE}"
	# Unmount the stick
	udisksctl unmount --block-device "$device"

	# Launch GnuPG from the temporary directory, with the default public keyring
	# and with any arguments given to us on the command line
	gpg2 --homedir "$tmpdir" --keyring "${GNUPGHOME:-$HOME/.gnupg}/pubring.gpg" $@

	# Cleaning up
	[ -f "$tmpdir/S.gpg-agent" ] && gpg-connect-agent --homedir "$tmpdir" KILLAGENT /bye
	rm -rf "$tmpdir"
	fi
	# Options for GnuPG located at ~/.gnupg/gpg.conf

	keyserver hkp://pool.sks-keyservers.net
	use-agent
	personal-digest-preferences SHA256
	cert-digest-algo SHA256
	default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
	#!/bin/bash

	# These are the required packages you will need to install for getting full use from your Yubikey.
	# https://www.yubico.com

	# Install dependencies for building all of the Yubikey programs
	sudo apt-get install -y git autoconf automake libtool asciidoc

	# Build and install the low level C library
	git clone https://github.com/Yubico/yubico-c.git
	cd yubico-c
	autoreconf --install
	./configure
	make check
	sudo make install
	cd -
	sudo rm -r yubico-c/

	# We will need the yubikey development libraries along with libusb
	sudo apt-get install -y libyubikey-dev libusb-1.0-0-dev

	# The json library is optional
	#sudo apt-get install -y libjson0-dev

	# Install the ykpersonalize CLI utility
	git clone https://github.com/Yubico/yubikey-personalization.git
	cd yubikey-personalization
	autoreconf --install
	./configure
	make check
	sudo make install
	cd -
	sudo rm -r yubikey-personalization

	# Now we refresh the shared libraries
	sudo ldconfig
	#!/bin/bash

	# Here are a few example configuration commands that you can run after your local
	# computer is setup for use with a Yubikey.
	# https://www.yubico.com

	# Enable OTP+U2F+CCID
	ykpersonalize -m86

	# after you confirm the above command, take out and plug back in your
	# yubikey - it should show up as 1050:0407 when issuing the `lsusb` command