Many of the principles in this document are applicable to other smart card devices. The tool works with any currently supported yubikey. Openpgp is an open standard available as free software for windows, macos and linux. If you are using git for windows, it will likely try to use the wrong gpg binary.
First, we need to check that gpg can see the yubikey when it is plugged in if it does not, check section extras. However, this has also caused issues for many other people. Generating the pgp on the yubikey ensures that malware can never steal your pgp private key, but it means that the key can not be backed up so if your yubikey is lost or damaged the pgp key is irrecoverable. This guide will help you set up the required software for getting things to work. It is strongly recommended for you to generate the keys not on the same machine where youll be using the yubikey. Download the opensc minidriver and install before installing gpg4win. This document will outline the process of installing. These in turn can be used by several other useful tools, like git, pass, etc.
These are my notes on how to set up gpg with the private key stored on the hardware. If you have a comment or suggestion, please open an issue on github. The yubico authenticator app works across windows, macos, linux, ios and android. Use the yubikey personalization tool to configure the two slots on your yubikey on windows, macos, and linux operating systems. It administrators can set up their windows domain to allow yubikeys to be used as smart cards for login to connected windows systems. Using a yubikey for gpg in wsl windows subsystem for linux on. Your microsoft account can be configured to use strong authentication using the yubikey to. The smart card drivers and tools work on all yubikeys except for the security key series. It is wise and more secure to check out for their integrity remarks. This is a guide to using yubikey as a smartcard for storing gpg encryption, signing and authentication keys, which can also be used for ssh.
Insert the yubikey into the usb port if it is not already plugged in. With other authenticator apps, when a user has a new phone or os upgrade, it often. Use the yubikey manager to configure fido2, otp and piv functionality on your yubikey on windows, macos, and linux operating systems. Keys stored on yubikey are nonexportable as opposed to filebased keys that are stored on disk and are convenient for everyday use. Instructions generating keys externally from the yubikey recommended note. If you used gpg inside wsl to generate your keys, you will have to first set up a bridge between gpgagent inside wsl and gpgagent inside windows.
On older versions of windows vista7, you may need to install the yubikey driver. Smart card drivers and tools yubico yubikey strong two. Similarly, if you had to install gnupg2 package to get modern gpg. The tool works with any yubikey except the security key. You can also use the tool to check the type and firmware of a yubikey, or to perform batch programming of a large number of yubikeys. A yubikey with openpgp support yubikey 44c and nano variants, neo and neon. The yubikey 4 and yubikey neo support the openpgp interface for smart cards which can be used with gpg4win for encryption and signing, as well as for ssh authentication. This was one of the most painful parts of the entire process due to the environment that i am working with. You can also use the tool to check the type and firmware of a yubikey. Open command prompt windows or terminal macos linux. If youre looking for the full graphical application, which also includes the command line tool, its here. Use the yubikey manager for windows, which includes both a graphical user interface and a command line tool to create pin unlock keys puks on. Using a yubikey for ssh authentication mcqueen lab. Python library and command line tool for configuring a yubikey.
1024 573 959 1164 1510 73 991 585 1443 578 1341 531 644 952 1576 1650 333 501 1002 200 108 1268 536 1637 1659 580 169 1343 696 292 948 648 455 1089 1355