Skip to content

Instantly share code, notes, and snippets.

@ruudud

ruudud/notes.md

Last active April 15, 2016 10:00
Show Gist options
  • Save ruudud/95be52bbdb01cde04c01 to your computer and use it in GitHub Desktop.
Save ruudud/95be52bbdb01cde04c01 to your computer and use it in GitHub Desktop.
Download ZIP
gpg yubikey ssh
Raw
notes.md

Preparing Yubikeys

Use neoman to change connection mode to OTP + UTF + CCID.

Setting up yubi with existing secret keys

Please note keytocard removes key from key ring, so you better have backup!

gpg --import /media/encrypted-media/mastersubkeys.txt
gpg --card-edit
> admin
> passwd
(change pins, default: 12345678 admin, 123456 user)
> name
gpg --edit-key <master key ID>
> toggle
> key <idx of E key>
> keytocard 
> save

Using yubi on new computer

Import public key to use private key residing on yubikey:

$ gpg --import < pubkey.txt

Insert the YubiKey NEO and generate secret key stubs:

$ gpg --card-status

Mark the key as ultimately trusted.

$ gpg --edit-key <fingerprint of master key>
> trust
(choose ultimately)
> save

Using GPG key on Yubikey for SSH auth

Make sure ssh-agent is not running, and that gpg-agent is running with --enable-ssh-support. Run ssh-add -L to get a public key to be added on ~/.ssh/authorized_keys on the remote side.

Sources

http://blog.josefsson.org/2014/06/23/offline-gnupg-master-key-and-subkeys-on-yubikey-neo-smartcard/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment