diff options
| author | Patrick Spek <p.spek@tyil.nl> | 2018-09-08 13:01:25 +0200 |
|---|---|---|
| committer | Patrick Spek <p.spek@tyil.nl> | 2018-09-08 13:01:25 +0200 |
| commit | 7f80bf0f4c6a3b47609ebc33ecd619d30bbd887c (patch) | |
| tree | f9945861ec028a5a2075cbb491ad7878364652b9 /_posts | |
| parent | 1fde446442a45fe9358b6027b8d789be3445e983 (diff) | |
Update "Setting up PGP with a Yubikey"
Diffstat (limited to '_posts')
| -rw-r--r-- | _posts/2018-09-04-setting-up-pgp-with-a-yubikey.adoc | 36 |
1 files changed, 22 insertions, 14 deletions
diff --git a/_posts/2018-09-04-setting-up-pgp-with-a-yubikey.adoc b/_posts/2018-09-04-setting-up-pgp-with-a-yubikey.adoc index 5dd279a..736efa6 100644 --- a/_posts/2018-09-04-setting-up-pgp-with-a-yubikey.adoc +++ b/_posts/2018-09-04-setting-up-pgp-with-a-yubikey.adoc @@ -32,7 +32,11 @@ distribution, some of it might already be installed. Everything not installed yet should be installed with your distribution's package manager. For encrypting the disk and the USB key, you will need `cryptsetup`. To -generate and use the PGP keys, you will need `gpg`, at least version 2.0.12. +generate and use the PGP keys, you will need `gpg`, at least version 2.0.12. To +interface with the Yubikey itself, you'll need `pcsc-lite`, and start the +service as well. It may be necessary to restart the `gpg-agent` after +installing `pcsc-lite`, which you can do by simply killing the existing +`gpg-agent` process. It restarts itself when needed. To securely remove the temporary data we need, you should make sure you have `secure-delete` available on your system as well. @@ -356,27 +360,31 @@ full control of your identity. == Storing the private keys on the Yubikey -The Yubikey has key slots for encryption, signing and authentication. -These need to be set individually, which can be done using `gpg`. First, you -need to select a key using the `key` command, then store it on the card using -`keytocard` and finally deselect the key by using the `key` command again. +The Yubikey has key slots for encryption, signing and authentication. These +need to be set individually, which can be done using `gpg`. First, you need to +select a key using the `key` command, then store it on the card using +`keytocard` and select a slot to store it in, then finally deselect the key by +using the `key` command again. [source] ---- gpg --edit-key $KEYID -> key 1 -> keytocard -> key 1 +gpg> key 1 +gpg> keytocard +Your selection? 1 +gpg> key 1 -> key 2 -> keytocard -> key 2 +gpg> key 2 +gpg> keytocard +Your selection? 2 +gpg> key 2 -> key 3 -> keytocard +gpg> key 3 +gpg> keytocard +Your selection? 3 -> save +gpg> save ---- You can verify whether the keys are available on the Yubikey now using `gpg |