Table of Contents
A Yubikey is a smart key. You can use it to create a private key and authenticate yourself to different online services. This guide will focus on GPG and SSH key generation and how to use them to:
- login to servers
- sign your git commits
- authenticate yourself with github/bitbucket/etc.
This guide will be split of into different sections based on which operating system you use. Please visit contributing.md to add support for other operating systems.
If this guide was useful for you, please make sure to star it. It helps with the visibility of it on search engines.
This section of the guide is for windows users. Windows is one of the more complicated of the platforms to use Yubikey with, however it is possible.
Install all the features provided by putty.
Definitely make sure plink is being installed..
- Pick the components you want to install (I recommend all of them).
- Enable use Git and optional Unix tools from the Windows Command Prompt.
- The second option could be used as well, however you might need to do extra steps to make sure your PATH variable has everything you need.
- IMPORTANT Pick Use (Tortoise)Plink and make sure the path is correct.
- Pick the checkout you want.
- I recommend choosing MinTTY.
- Enable the first two options (you can enable the third option but it is not necessary).
- Install
I recommend you install all components. Especially GPA makes creating the settings easier, however the guide will cover both the cases of it being installed and not being installed.
Open Git Bash that you installed earlier and do the following commands and check if they include the proper variables.
echo $GIT_SSH # Make sure it points to where plink is installed.
echo $PATH # Make sure it contains the path to putty, git, and gnupg
If it does not contains one of them, make sure you add them through windows' envrionment variable interface.
If you installed the program:
- Open GPA
- Edit->Backend Preferences
- GPG Agent Tab
- Mark enable-putty-support
- Apply and close
If you have not installed the program
- Open explorer
- Go to
%appdata%\gnupg\ - Open
gpg-agent.confin a proper text editor (Seriously, don't use Windows' Notepad) - Put this line inside the file
enable-putty-support - Save it
Once you're done with one of the above, you need to restart the agent.
Run the following two commands:
gpg-connect-agent.exe killagent /bye
gpg-connect-agent.exe /bye
This is probably the most important part this guide. There are hundreds of guides out there that make you generate the private key on your host and then push it to your Yubikey. This is a terrible idea and effectively reduces your security by a large amount. Simply, do not do this.
Make sure your environment variables are correct before you start.
-
Ensure your Yubikey is recognized by gpg:
gpg2 --card-statusIf it isn't then make sure the drivers are being recognized for it.
-
Run the following commands, we need to change the default passwords for your Yubikey:
gpg2 --card-edit
admin
passwd
# Select change pin