![]() ![]() Reader-port "Yubico Yubikey NEO OTP U2F CCID 0" If you want to know what string should go in that file, go to Device Manager, then View | Show Hidden Devices and look under Software Devices. You may need to reboot or at least restart/kill the GPG services/background apps for it to notice you made a change. Mine is a NEO, yours might be a 4, etc, so be aware. IMPORTANT: Sometimes Windows machines and Corporate Laptops have multiple smart card readers, especially if they have Windows Hello installed like my SurfaceBook2! If you hit this, you'll want to create a text file at %appdata%\gnupg\nf and include a reader-port that points to your YubiKey. Go to the command line and run this to confirm that your Yubikey can be see as a smart card by the GPG command line. ![]() Test that your YubiKey can be seen as a Smart Card If it's older or not in this combo mode, you may need to download the YubiKey NEO Manager and switch modes. When you plug your YubiKey in (assuming it's newer than 2015) it should get auto-detected and show up like this " Yubikey NEO OTP U2F CCID." You want it so show up as this kind of "combo" or composite device. When you make changes like this, you can export your public key and update it in Keybase.io (again, if you're using Keybase). > gpg -list-secret-keys -keyid-format LONG List them again and you'll see the added uid. You can adduid in the gpg command line or you can add it in the Kleopatra GUI. You will know you got it right when you run this command and see your email address inside it. If not - as in my case since I'm using a key from keybase - you'll need to add a new uid to your private key. That could be the main email or might be an alias or "uid" that you'll add. Take your private key - either the one you got from Keybase or one you generated locally - and make sure that your UID ( your email address that you use on GitHub) is a part of it. I download and installed (and optionally donated) a copy of Gpg4Win here. ) Make sure you have a private PGP key that has your Git Commit Email Address associated with it I love and support you and your choice though. I use Windows and I like it, so if you want to use a Mac or Linux this blog post likely isn't for you. You can feel free to get/generate your key from wherever makes you happy and secure. I like Keybase and trust them so I'm starting there with a Private Key. It depends on your tolerance, patience, technical ability, and if you trust any online services. Until this is Super Easy (TM) on Windows, there's gonna be guides like this.Īs with all things security, there is a balance between Capital-S Secure with offline air-gapped what-nots, and Ease Of Use with tools like Keybase. This isn't The Bible On The Topic but rather what happened with me and what I ran into and how I got past it. Some are complete and encyclopedic, some include recommendations and details that are "too much," but this one was my experience. ![]() Note also that there are a LOT of guides out there. Let me know if something here is wrong (be nice) and I'll update it. I am most concerned with it acting like a Smart Card that holds a PGP (Pretty Good Privacy) key since the YubiKey can look like a "PIV (Personal Identity Verification) Smart Card." They're happy to tell you that it supports a BUNCH of stuff that you have never heard of like Yubico OTP, OATH-TOTP, OATH-HOTP, FIDO U2F, OpenPGP, Challenge-Response. I just want to be able to sign my code commits to GitHub so I might avoid people impersonating my Git Commits (happens more than you'd think and has happened recently.) However, I also was hoping to make it more secure by using a YubiKey 4 or Yubikey NEO security key. This is one of those "it's good for you" things like diet and exercise and setting up 2 Factor Authentication. This week in obscure blog titles, I bring you the nightmare that is setting up Signed Git Commits with a YubiKey NEO and GPG and Keybase on Windows. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |