website

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README

pgp-yubikey.html (6044B)

      1 <!DOCTYPE html>
      2 <html dir="ltr" lang="en">
      3 <head>
      4 	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
      5 	<meta http-equiv="Content-Language" content="en" />
      6 	<meta name="viewport" content="width=device-width" />
      7 	<meta name="keywords" content="blog, git, dev-log, life-log" />
      8 	<meta name="description" content="Setup for pgp supported by a yubikey" />
      9 	<meta name="author" content="linusbehrens" />
     10 	<meta name="generator" content="saait (https://git.codemadness.org/saait/file/README.html)" />
     11 	<title>yubikey pgp config - Linus Blog</title>
     12 
     13     <link rel="preconnect" href="https://rsms.me/">
     14     <link rel="stylesheet" href="https://rsms.me/inter/inter.css">
     15 	<link rel="preconnect" href="https://fonts.googleapis.com">
     16     <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
     17     <link href="https://fonts.googleapis.com/css2?family=Noto+Sans+Mono:wght@100..900&display=swap" rel="stylesheet">
     18 
     19 	<link rel="stylesheet" href="style.css" type="text/css" media="screen" />
     20 	<link rel="stylesheet" href="typeface.css" type="text/css" media="screen" />
     21 	<link rel="stylesheet" href="print.css" type="text/css" media="print" />
     22 
     23 	<link rel="alternate" href="atom.xml" type="application/atom+xml" title="Linus Blog Atom Feed" />
     24 	<link rel="alternate" href="atom_content.xml" type="application/atom+xml" title="Linus Blog Atom Feed with content" />
     25 	<link rel="icon" href="/favicon.png" type="image/png" />
     26 </head>
     27 <body>
     28 	<nav id="menuwrap">
     29 		<table id="menu" width="100%" border="0">
     30 		<tr>
     31 			<td id="links" align="left">
     32 				<a href="index.html">Blog</a> |
     33 				<a href="/git/" title="Git repository with some of my projects">Git</a> <!-- | -->
     34 				<!-- <a href="/releases/">Releases</a> | -->
     35 				<!-- <a href="gopher://codemadness.org">Gopherhole</a> -->
     36 			</td>
     37 			<td id="links-contact" align="right">
     38 				<span class="hidden"> | </span>
     39 				<!-- <a href="feeds.html">Feeds</a> | -->
     40 				<a href="pgp.asc">PGP</a> |
     41 				<a href="mailto:mail@linus-behrens.de">Mail</a>
     42 			</td>
     43 		</tr>
     44 		</table>
     45 	</nav>
     46 	<hr class="hidden" />
     47 	<main id="mainwrap">
     48 		<div id="main">
     49 			<article>
     50 <header>
     51 	<h1>yubikey pgp config</h1>
     52 	<p>
     53 	<strong>Last modification on </strong> <time>2025-07-05</time>
     54 	</p>
     55 </header>
     56 
     57 <div class="sourceCode" id="cb1"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb1-1"><a href="#cb1-1" aria-hidden="true" tabindex="-1"></a><span class="ex">gpg</span> <span class="at">--expert</span> <span class="at">--full-gen-key</span></span></code></pre></div>
     58 <ul>
     59 <li>Enter <code>RSA</code></li>
     60 <li>Enter <code>4096</code></li>
     61 <li>Enter expiration date</li>
     62 <li>Enter user information and email</li>
     63 <li>Enter random input (mouse, keyboard) to gain entropy</li>
     64 </ul>
     65 <p>Output:</p>
     66 <pre><code>gpg: key &lt;keyID&gt; marked as ultimately trusted</code></pre>
     67 <h2 id="add-authentication-key-if-not-default">Add authentication key
     68 (if not default)</h2>
     69 <div class="sourceCode" id="cb3"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb3-1"><a href="#cb3-1" aria-hidden="true" tabindex="-1"></a><span class="ex">gpg</span> <span class="at">--expert</span> <span class="at">--edit-key</span> <span class="op">&lt;</span>keyID<span class="op">&gt;</span></span></code></pre></div>
     70 <div class="sourceCode" id="cb4"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb4-1"><a href="#cb4-1" aria-hidden="true" tabindex="-1"></a><span class="ex">addkey</span></span></code></pre></div>
     71 <ul>
     72 <li>Enter the <code>passphrase</code></li>
     73 <li>Enter <code>8</code> for RSA</li>
     74 <li>Enter <code>S</code> for disabling “sign”</li>
     75 <li>Enter <code>E</code> for disabling “encrypt”</li>
     76 <li>Enter <code>A</code> for enabling “authentication”</li>
     77 <li>Enter <code>Q</code> for leaving dialoge</li>
     78 <li>Enter key size</li>
     79 <li>Enter same expiration date as before</li>
     80 <li>Enter <code>Y</code> to safe the changes</li>
     81 </ul>
     82 <h2 id="back-pgp-key-up">Back pgp-Key up</h2>
     83 <div class="sourceCode" id="cb5"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb5-1"><a href="#cb5-1" aria-hidden="true" tabindex="-1"></a><span class="ex">gpg</span> <span class="at">--export-secret-key</span> <span class="at">--armor</span> <span class="op">&lt;</span>KeyID<span class="op">&gt;</span></span></code></pre></div>
     84 <ul>
     85 <li>Store output safe</li>
     86 </ul>
     87 <h2 id="add-pgp-keys-to-the-yubikey">Add pgp-keys to the YubiKey</h2>
     88 <ul>
     89 <li>Insert YubiKey into a USB port</li>
     90 </ul>
     91 <div class="sourceCode" id="cb6"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb6-1"><a href="#cb6-1" aria-hidden="true" tabindex="-1"></a><span class="ex">gpg</span> <span class="at">--edit-key</span> <span class="op">&lt;</span>KeyID<span class="op">&gt;</span></span></code></pre></div>
     92 <div class="sourceCode" id="cb7"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb7-1"><a href="#cb7-1" aria-hidden="true" tabindex="-1"></a><span class="ex">keytocard</span></span></code></pre></div>
     93 <ul>
     94 <li>Signature subkey:
     95 <ul>
     96 <li>Enter <code>keytocard</code></li>
     97 <li>Enter <code>Y</code> to continue</li>
     98 <li>Enter <code>1</code> to move the signature subkey to a slot in the
     99 yubikey</li>
    100 <li>Enter <code>key 1</code></li>
    101 </ul></li>
    102 <li>Encryption subkey:
    103 <ul>
    104 <li>Enter <code>keytocard</code></li>
    105 <li>Enter <code>Y</code> to continue</li>
    106 <li>Enter <code>2</code> to move the encryption subkey to a slot in the
    107 yubikey</li>
    108 <li>Enter <code>key 1</code></li>
    109 <li>Enter <code>key 2</code></li>
    110 </ul></li>
    111 <li>Authentication subkey
    112 <ul>
    113 <li>Enter <code>keytocard</code></li>
    114 <li>Enter <code>3</code> to move the authentication subkey to a slot in
    115 the yubikey</li>
    116 </ul></li>
    117 <li>Enter <code>quit</code> to leave</li>
    118 </ul>
    119 <p>When asked <strong>do not safe</strong> your changes enabling you to
    120 copy the key to another Yubikey.</p>
    121 <hr />
    122 <p><a
    123 href="https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP">article
    124 by yubikey</a></p>
    125 
    126 			</article>
    127 		</div>
    128 	</main>
    129 </body>
    130 </html>