Yubikey-GPG on linux :: stumbl.ing

Table of Contents

Yubikey-SSH
Important Links

TLDR; man 1 gpg

What started as two independent efforts trying to get yubikey-ssh and gpg-signed-git commits turned into 1 combined effort.

Yubikey-SSH

Requirements:

openssh build with support for security keys On Gentoo:
Lang: shell
```
    USE=security-key emerge -aq net-misc/openssh
```

Then you unlock the ability to create new ssh-keys with the *-sk suffix. You also probably want to add the options to make the key resident on the key and to require authorization every time a la:

Lang:
shell
 ssh-keygen -t ecdsa-sk -O resident -O application=ssh:text -O verify-required

Note that the “text” portion can be anything

Important Links

Start with the gentoo setup instructions, as they’re consistently decent.

Yubikey on Gentoo
Yubikey/GPG
Yubikey/GPG + SSH
Gentoo Dev GPG guide
Gentoo GnuPG

Then follow them up with the actual YubiKey Docs

Adding gpg to git commits:

https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work