Download the opensc minidriver and install before installing gpg4win. Use the yubikey manager for windows, which includes both a graphical user interface and a command line tool to create pin unlock keys puks on. A yubikey with openpgp support yubikey 44c and nano variants, neo and neon. If youre looking for the full graphical application, which also includes the command line tool, its here. If you have a comment or suggestion, please open an issue on github. This document will outline the process of installing.
Generating the pgp on the yubikey ensures that malware can never steal your pgp private key, but it means that the key can not be backed up so if your yubikey is lost or damaged the pgp key is irrecoverable. Instructions generating keys externally from the yubikey recommended note. Use the yubikey manager to pair your yubikey with your macos user account for local login windows. Keys stored on yubikey are nonexportable as opposed to filebased keys that are stored on disk and are convenient for everyday use. It is wise and more secure to check out for their integrity remarks. Similarly, if you had to install gnupg2 package to get modern gpg. Python library and command line tool for configuring a yubikey. Many of the principles in this document are applicable to other smart card devices. First, we need to check that gpg can see the yubikey when it is plugged in if it does not, check section extras.
Smart card drivers and tools yubico yubikey strong two. It administrators can set up their windows domain to allow yubikeys to be used as smart cards for login to connected windows systems. If you used gpg inside wsl to generate your keys, you will have to first set up a bridge between gpgagent inside wsl and gpgagent inside windows. Use the yubikey personalization tool to configure the two slots on your yubikey on windows, macos, and linux operating systems. However, this has also caused issues for many other people. Your microsoft account can be configured to use strong authentication using the yubikey to. Put the file nf from above into the home directory listed. This is a guide to using yubikey as a smartcard for storing gpg encryption, signing and authentication keys, which can also be used for ssh.
Openpgp is an open standard available as free software for windows, macos and linux. On older versions of windows vista7, you may need to install the yubikey driver. Use the yubikey manager to configure fido2, otp and piv functionality on your yubikey on windows, macos, and linux operating systems. The yubikey 4 and yubikey neo support the openpgp interface for smart cards which can be used with gpg4win for encryption and signing, as well as for ssh authentication. These in turn can be used by several other useful tools, like git, pass, etc. You can also use the tool to check the type and firmware of a yubikey. Get the same set of codes across all yubico authenticator apps for desktops as well as for all leading mobile platforms. The tool works with any yubikey except the security key. These are my notes on how to set up gpg with the private key stored on the hardware. With other authenticator apps, when a user has a new phone or os upgrade, it often. Open command prompt windows or terminal macos linux. The smart card drivers and tools work on all yubikeys except for the security key series. Insert the yubikey into the usb port if it is not already plugged in. Using a yubikey for gpg in wsl windows subsystem for linux on.
The yubico authenticator app works across windows, macos, linux, ios and android. You can also use the tool to check the type and firmware of a yubikey, or to perform batch programming of a large number of yubikeys. Using a yubikey for ssh authentication mcqueen lab. This guide will help you set up the required software for getting things to work. The tool works with any currently supported yubikey. If you are using git for windows, it will likely try to use the wrong gpg binary. It is strongly recommended for you to generate the keys not on the same machine where youll be using the yubikey.
1041 1590 1062 1080 1509 312 138 365 757 1161 1173 403 123 72 804 462 494 386 60 991 1339 570 818 203 643 686 1585 1101 456 840 1245 987 985 1111 219 482 743 19 1466 995 149 382 1358