Developers Guide to GPG and YubiKey
Tutorial: Set up a YubiKey for GPG and SSH!
Developers Guide to GPG and YubiKey
Tutorial: Set up a YubiKey for GPG and SSH!
Soner Kalonya
Hey Brian! This is the best explanation I’ve ever seen on the entire Web! I’d have rated 10-stars if I could
Brian Demers
You may need to restart your gpg agent (guess)? gpg-connect-agent reloadagent /bye
Either way, run gpg --list-secret-keys
and you shouldn’t see a >
next to your sec
key.
Brian Demers
I’m guessing you cannot import your key because the the stub of the key (the one the yubikey) already exists.
I’m sure there is a better way to do this, but the quick and dirty way would be to create a new key ring:
1. stop the GPG agent
2. move your ~/.gnupg
directory out of the way mv ~/.gnupg ~/.gnupg.bak
3. import your secret key (a new key ring should be created)
Assuming that works you could move the keys to a new device, and restore your old ~/.gnupg.bak
directory.
Again, I’m sure there is a better way to do this by telling GPG that you no longer want to use the smart card to manage the key.
Anyway, give that a shot, and let me know, if something like that works, maybe I can spend a bit of time adding another section to this post about managing multiple keys
Brian Demers
Thanks Chuck!!
I’ll try to find some time to add a section on using multiple keys!
Thanks for that, Brian. Really well written and succinct.
I found one issue. This won’t work for users of ARM based Macs because the Homebrew directory is different.
# configure gpg-agent to use this pinentry application
echo "pinentry-program /usr/local/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf
This will work on all Macs:
echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf
Thanks @ritchiey
Great idea!!
Thanks for sharing this great info about cloud. In Unique prompt i read about cloud but i can’t solve it codes.
I know this is an old post, but it was an amazing help for me getting my YubiKey setup with GPG signing and SSH! Thank you for that!
I had a question about the SSH keys. When I run ssh-add -L
I see two ssh-keys. And in the guide the one with the card serial number is not shown. I am not sure if I am doing something wrong here. Both ssh-key values are the same also other than the ending.
I will also add that when I remove the yubi-key I only see the ssh key (none).