Use the yubikey personalization tool to configure the two slots on your yubikey on windows, macos, and linux operating systems. If you are using git for windows, it will likely try to use the wrong gpg binary. This is a guide to using yubikey as a smartcard for storing gpg encryption, signing and authentication keys, which can also be used for ssh. Your microsoft account can be configured to use strong authentication using the yubikey to.
The yubikey 4 and yubikey neo support the openpgp interface for smart cards which can be used with gpg4win for encryption and signing, as well as for ssh authentication. Using a yubikey for ssh authentication mcqueen lab. Keys stored on yubikey are nonexportable as opposed to filebased keys that are stored on disk and are convenient for everyday use. This document will outline the process of installing.
If youre looking for the full graphical application, which also includes the command line tool, its here. Use the yubikey manager to pair your yubikey with your macos user account for local login windows. Many of the principles in this document are applicable to other smart card devices. Similarly, if you had to install gnupg2 package to get modern gpg. Open command prompt windows or terminal macos linux. The tool works with any currently supported yubikey. Get the same set of codes across all yubico authenticator apps for desktops as well as for all leading mobile platforms.
This guide will help you set up the required software for getting things to work. If you used gpg inside wsl to generate your keys, you will have to first set up a bridge between gpgagent inside wsl and gpgagent inside windows. First, we need to check that gpg can see the yubikey when it is plugged in if it does not, check section extras. You can also use the tool to check the type and firmware of a yubikey. Insert the yubikey into the usb port if it is not already plugged in. However, this has also caused issues for many other people. You can also use the tool to check the type and firmware of a yubikey, or to perform batch programming of a large number of yubikeys. Generating the pgp on the yubikey ensures that malware can never steal your pgp private key, but it means that the key can not be backed up so if your yubikey is lost or damaged the pgp key is irrecoverable. This was one of the most painful parts of the entire process due to the environment that i am working with. The yubico authenticator app works across windows, macos, linux, ios and android. It is strongly recommended for you to generate the keys not on the same machine where youll be using the yubikey. With other authenticator apps, when a user has a new phone or os upgrade, it often.
The tool works with any yubikey except the security key. A yubikey with openpgp support yubikey 44c and nano variants, neo and neon. These are my notes on how to set up gpg with the private key stored on the hardware. Using a yubikey for gpg in wsl windows subsystem for linux on. It administrators can set up their windows domain to allow yubikeys to be used as smart cards for login to connected windows systems. If you have a comment or suggestion, please open an issue on github. Put the file nf from above into the home directory listed. Openpgp is an open standard available as free software for windows, macos and linux. Download the opensc minidriver and install before installing gpg4win. Smart card drivers and tools yubico yubikey strong two. Use the yubikey manager for windows, which includes both a graphical user interface and a command line tool to create pin unlock keys puks on. These in turn can be used by several other useful tools, like git, pass, etc. It is wise and more secure to check out for their integrity remarks.
1157 1401 776 1043 677 355 656 207 925 326 1013 1267 322 367 142 1241 1145 821 1057 886 843 386 684 1390 1348 373 101 791 77 1296 845 80 550 1231 175 256 1093 945 371 30 19