Developers Guide to GPG and YubiKey

Developers Guide to GPG and YubiKey

Tutorial: Set up a YubiKey for GPG and SSH!

Soner Kalonya

Hey Brian! This is the best explanation I’ve ever seen on the entire Web! I’d have rated 10-stars if I could :slight_smile:

Brian Demers

You may need to restart your gpg agent (guess)? gpg-connect-agent reloadagent /bye

Either way, run gpg --list-secret-keys and you shouldn’t see a > next to your sec key.

Brian Demers

I’m guessing you cannot import your key because the the stub of the key (the one the yubikey) already exists.

I’m sure there is a better way to do this, but the quick and dirty way would be to create a new key ring:
1. stop the GPG agent
2. move your ~/.gnupg directory out of the way mv ~/.gnupg ~/.gnupg.bak
3. import your secret key (a new key ring should be created)

Assuming that works you could move the keys to a new device, and restore your old ~/.gnupg.bak directory.

Again, I’m sure there is a better way to do this by telling GPG that you no longer want to use the smart card to manage the key.

Anyway, give that a shot, and let me know, if something like that works, maybe I can spend a bit of time adding another section to this post about managing multiple keys :smiley:

Brian Demers

Thanks Chuck!!

I’ll try to find some time to add a section on using multiple keys!

Thanks for that, Brian. Really well written and succinct.

I found one issue. This won’t work for users of ARM based Macs because the Homebrew directory is different.

# configure gpg-agent to use this pinentry application
echo "pinentry-program /usr/local/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf

This will work on all Macs:

echo "pinentry-program $(which pinentry-mac)" >>  ~/.gnupg/gpg-agent.conf
1 Like

Thanks @ritchiey
Great idea!!