├── .gitignore
├── .travis.yml
├── README.md
├── Yubikey-Passwords.md
└── pub_key.asc


/.gitignore:
--------------------------------------------------------------------------------
 1 | ## Java
 2 | *.class
 3 | *.jar
 4 | *.war
 5 | *.ear
 6 | 
 7 | ## Maven
 8 | target/
 9 | dependency-reduced-pom.xml
10 | 
11 | ## NetBeans
12 | nbproject/
13 | build/
14 | nbbuild/
15 | dist/
16 | nbdist/
17 | nbactions.xml
18 | nb-configuration.xml
19 | 
20 | ## IntelliJ IDEA
21 | *.iml
22 | *.ipr
23 | *.iws
24 | .idea/
25 | 
26 | ## Windows
27 | Thumbs.db
28 | ehthumbs.db
29 | Desktop.ini
30 | $RECYCLE.BIN/
31 | 
32 | ## Linux
33 | .*
34 | !.gitattributes
35 | !.gitignore
36 | *~
37 | ## Bower
38 | node_components/
39 | bower_components/
40 | node_modules/
41 | *.log
42 | !.travis.yml


--------------------------------------------------------------------------------
/.travis.yml:
--------------------------------------------------------------------------------
 1 | language: generic
 2 | addons:
 3 |   apt:
 4 |     packages:
 5 |     - gnupg2
 6 |     - curl
 7 | 
 8 | before_script:
 9 |   - cd $TRAVIS_BUILD_DIR
10 |   - gpg2 --import pub_key.asc
11 |   - gpg2 --list-keys |sed -n -E 's/^pub.*\/([0-9A-F]{8}).*$/\1/p' | xargs gpg2 --export-ssh-key > openssh
12 |   - cat openssh | nc termbin.com 9999 > url
13 |   - cat url
14 | 
15 | 
16 | 
17 | 
18 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # Yubikey-Guide
  2 | 
  3 | Table of Contents
  4 | 
  5 | 1. [Introduction](#introduction)
  6 | 1. [Windows](#windows)
  7 |     1. [Required Software](#win-requiredsoftware)
  8 |     1. [Software Configuration](#win-softwareconfiguration)
  9 |     1. [Key Generation](#win-keygeneration)
 10 | 1. [Linux](#linux)
 11 | 
 12 | ## Introduction <a name="introduction">
 13 | 
 14 | A Yubikey is a smart key. You can use it to create a private key and authenticate yourself to different online services.
 15 | This guide will focus on GPG and SSH key generation and how to use them to:
 16 | 
 17 | * login to servers
 18 | * sign your git commits
 19 | * authenticate yourself with github/bitbucket/etc.
 20 | 
 21 | This guide will be split of into different sections based on which operating system you use. Please visit contributing.md to add support for other operating systems.
 22 |  
 23 | If this guide was useful for you, please make sure to star it. It helps with the visibility of it on search engines.
 24 | 
 25 | ## Windows <a name="windows">
 26 | 
 27 | This section of the guide is for windows users. Windows is one of the more complicated of the platforms to use Yubikey with, however it is possible.
 28 | 
 29 | ### Required Software <a name="win-requiredsoftware">
 30 | 
 31 | 1. [PuTTY](http://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html)
 32 | 1. [git for Windows](https://git-scm.com/)
 33 | 1. [gpg4win](https://www.gpg4win.org/)
 34 | 
 35 | 
 36 | #### PuTTY
 37 | Install all the features provided by putty.
 38 |  
 39 | Definitely make sure plink is being installed..
 40 | 
 41 | #### git for windows
 42 |     
 43 | * Pick the components you want to install (I recommend all of them).
 44 | * Enable use Git and optional Unix tools from the Windows Command Prompt.
 45 |     * _The second option could be used as well, however you might need to do extra steps to make sure your PATH variable has everything you need._
 46 | * **IMPORTANT** Pick Use (Tortoise)Plink and make sure the path is correct.
 47 | * Pick the checkout you want.
 48 | * I recommend choosing MinTTY.
 49 | * Enable the first two options (you can enable the third option but it is not necessary).
 50 | * Install
 51 | 
 52 | #### gpg4win
 53 | 
 54 | I recommend you install all components. Especially GPA makes creating the settings easier, however the guide will cover both the cases of it being installed and not being installed.
 55 | 
 56 | ## Software Configuration
 57 | 
 58 | ### Environment Variables <a href="win-environmentvariables">
 59 | Open `Git Bash` that you installed earlier and do the following commands and check if they include the proper variables.
 60 | 
 61 | ```
 62 | echo $GIT_SSH # Make sure it points to where plink is installed.
 63 | echo $PATH # Make sure it contains the path to putty, git, and gnupg 
 64 | ```
 65 | 
 66 | If it does not contains one of them, make sure you add them through windows' envrionment variable interface.
 67 | 
 68 | ### GPA (GNU Privacy Assistant)
 69 | 
 70 | If you installed the program:
 71 | 
 72 | * Open GPA
 73 | * Edit->Backend Preferences
 74 | * GPG Agent Tab
 75 | * Mark enable-putty-support
 76 | * Apply and close
 77 | 
 78 | If you have not installed the program
 79 | 
 80 | * Open explorer
 81 | * Go to `%appdata%\gnupg\`
 82 | * Open `gpg-agent.conf` in a proper text editor (Seriously, don't use Windows' Notepad)
 83 | * Put this line inside the file `enable-putty-support`
 84 | * Save it
 85 | 
 86 | Once you're done with one of the above, you need to restart the agent.
 87 | 
 88 | Run the following two commands:
 89 | 
 90 | ```
 91 | gpg-connect-agent.exe killagent /bye
 92 | gpg-connect-agent.exe /bye
 93 | ```
 94 | 
 95 | ## Key Generation <a name="win-keygeneration">
 96 | 
 97 | This is probably the most important part this guide. There are hundreds of guides out there that make you generate the private key on your host and then push it to your Yubikey. This is a terrible idea and effectively reduces your security by a large amount. Simply, do not do this.
 98 | 
 99 | Make sure your [environment variables](#win-environmentvariables) are correct before you start.
100 | 
101 | 1. Ensure your Yubikey is recognized by gpg:
102 | 
103 |     `gpg2 --card-status`
104 |     
105 |     If it isn't then make sure the drivers are being recognized for it.
106 | 1. Run the following commands, we need to change the default passwords for your Yubikey:
107 | 
108 | ```
109 | gpg2 --card-edit
110 | admin
111 | passwd
112 | 
113 | # Select change pin
114 | 
115 | ```
116 | 
117 | 
118 | 
119 |  
120 | 
121 | 


--------------------------------------------------------------------------------
/Yubikey-Passwords.md:
--------------------------------------------------------------------------------
 1 | # Yubikey Passwords
 2 | 
 3 | ## Personal Pin
 4 | This pin is used to authorize normal operations on your Yubikey. For example, signing a commit requires this pin.
 5 | 
 6 | If you enter this pin incorrectly three times in a row, your Yubikey gets locked and you will need the admin/management pin to unlock it.
 7 | 
 8 | ## Admin Password
 9 | 
10 | 
11 | ## Reset Key / PUK


--------------------------------------------------------------------------------
/pub_key.asc:
--------------------------------------------------------------------------------
 1 | -----BEGIN PGP PUBLIC KEY BLOCK-----
 2 | Version: GnuPG v2
 3 | 
 4 | mQINBFi3sbABEACZsQ+bc/PNGzSbB/IBQWWcbk+OFE/cxXPvaJXTJS+3DHTPAWAe
 5 | Ex1I4lEdhANFPBRyETz3KDtoNepodyVuF6nRc3XvxmAjOfP/kl7VcunpjzPumuZA
 6 | CMv6bynsmqVezs8tdjup+GuVYT/v1JteASad4QM/3SD/oV7JzloPcQ96m0FPWK6R
 7 | c3Q3NoNdd+sJ3TOvQ6Nh8NAOLpdUL/IOLxSJrU1VaZryVtN0t8VGOqImxxKRVe22
 8 | lEv5lQQXDaoEsk7LQ6UNINtpnfRrRS1Wxp54gZg981HHRkmn9UI54+Se6QcIQPAL
 9 | x5Jrzth88GVyBaC2rLmYOoESlag+QpX+SbAGKJv4t651hkLq/FaegEy4Re6s+50N
10 | Q+Tpp9MRkWuxspeoORLOqCNdq4CcyG91AX6K3Rrx4P52YQtQ94z//2ilEmJIWCQr
11 | BramI8mdB5kigTx9b4ItsUzwt/uxH881Fq6Xa2vwKB89GDAiSl5wHiiXGNAhDnJm
12 | lpA7nY4WYRkg1KTs8shc0k5IGdGRNno94z7CF/TeNOjsibPIJncyl2nliubVjh+X
13 | hcQcIorwQjIqCQp+lvVMuTXt/NpUbbsIZegDHLXGF+8t46NrHUM9/TZnmB7irsHR
14 | vHeoB5jWsZD8bPvdfAtkLAWaIneX0RgPmY6r96HdNvS1uQkugW3Jj67bywARAQAB
15 | tCtBbWlyIE9taWRpIChZdWJpa2V5IEdQRykgPGFtaXJAYWFvbWlkaS5jb20+iQI9
16 | BBMBCAAnBQJYt7GwAhsDBQkFo5qABQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJ
17 | EA48sDIHmK2maRoP/A/cer5luYkL5uR4mjbh1piz4absaOsZVLD/rKE8eeHOisza
18 | ARRQB7iHMRI7MderNpZpls7aAks/BW+NYo6sYAXEV6F+zftbX4kSO5GDjTWZoZIC
19 | lzYeAE0OXiXfyB3o8uuoVjTCjzHU1RXDGeQ7w0DZ/YPzDpOx4ZQBnjLo6XXreJ/z
20 | +Mh9xHGGiTvihN8IAhw/2w94sCWtGz+YrHga7dhWfuYXmDTBzLyqCfgu2ixTivyi
21 | hT38AQiApmd7Q8oZu08BTBW24+4kLuOlsmJUAJxw9GeJGFQBWkOkbh5F2a5fqk78
22 | uFWNhEPeB0jEqsJYM9xtTYgfXphZZAMTDjjR8i6jOpSu0TgY36yTtWt5n4j1kAJW
23 | /9SZ4wMjuWVHVZ+hbJSYRJkBThlqAfwj9SdS9/rv5H5MYC5me+kGCdULORy8jJWS
24 | GJq9ySkqTexol1OWXZSFgGH92x2zgKrf72jMS1nrtGAk861ArhdA2IyDjVm+dFlx
25 | W286+KE5TCM0pj64BXNymD11h8fXqvHA+vWVdnDf8T/B6Uk4xXFNSN5Ey+tnE9Ob
26 | hKgaLY/5VJylHYnjvKUUUU7EPzWwhO6kUCtlTKL1j3eQRPdKHXbYMCG/cnn2BpzU
27 | 4xgvy0Cma50FVaPySCROViS78EavE6lVAf7TzbMhBIcngqg100ZDtWvi15RPuQIN
28 | BFi3sbABEACZ3LihSrgy7aVvtHmJ8GwlDpXqSEPNtg897PUN5dHOMkJmlJK88kYR
29 | K/DdMHaeHoNXPlkWMkKx6McsgmX+TbqtBnzs2pm7IrkJeC0LmTN5EusolOLin2c3
30 | lXpApHtq9BgqaMmUrYUbOU0QAd9x9aW1jdeOnMAGX58f7hSAeUddkYvSW7G6ecwb
31 | oWViZRF9bg91FTEONf/Aa+jPRgbpbSKms2jflNzn05u1b99himRIr0zkZfAl9Baj
32 | KJq4Fucx/vDz/M2YE14etps/XBdRobAV+asN2+nr2pSGtAo4xqDfvvKkblSVe+yn
33 | gG/5J0bbwGmOduXYmsW4sEja1V2YzdPWYzDCn0BiLoulGG9kbVB6JWtbsaOJynDi
34 | cHwIjdyLtjqxnf3mwyugdUD+0vl+gKJyB7ZjOUXA2rflkz+21QBK9GdKjSBAs2ZK
35 | RyWfpAncxkf7t+WD+b42K93PW0LjqiCU6+VS2+wNK2m/e7J/x0ay84KOriYrSvbZ
36 | t048xUOMBMdSUZ/YVmVv+6KldIUrKQMb6pB8HEoFYNaWM/vUhmld51cvYwXsRshj
37 | zz0FX+8ZaUBxVysBmM7v2ulI22qewKj0LjraobrKYVDFbwUgzLUwui4RbPr8ixTj
38 | 4sDHhKF6DPktF7F/vfrB0LuWavwuuc3lMeXMmE7dQcX2C67zvIC77QARAQABiQIl
39 | BBgBCAAPBQJYt7GwAhsgBQkFo5qAAAoJEA48sDIHmK2mcR4P/1xb0VELufAx/PCG
40 | 6Z1qfgjcZcKXofM8WVxm7b7RJFmqLFpzt47ED+obrBUISwm20dyX2fPRFKwXxut4
41 | q/uCdw9oEVtsY90wTBY1jJBUvdyavgRa6+rvYOal19Rh7exhU0jLT7O2usFsEYQ7
42 | kajcRrSQ2pJNy8A3Y3aBQuT7WsiSSlZTUZwtoW0r3FPhQiDFQeCEODPBYEHBu6dj
43 | iHiVv72LAfBPBqdybmmynu4H+6S5jYCB8yuCnrgyMkFba7TS6vCeJzZc7zWXGJfn
44 | JtesPINLEbVhL8vSZ683e1Yrq6/LITwXzHlIZpIqOPrWvn9jkFazJVo5L0zC5rKN
45 | uxmT/WhmqE1DqjEGzkH3Gn1Su62hVhU1AxN4tCqg4hOlp4wWAY2cYddrgj7POAAe
46 | FkwvLsRO4IXLewPUCUhqA1lDRaezxOKcdlSUUAjT7PoeLJIaYhwwOS0PF84J34G3
47 | fBv+j1udWh8HCJ05EzVq1u8CJzT3FMetfh/KFga4qPGZcmkmdmzmZS8iS5PzUOKs
48 | xsUpFFF9se3QmywVRKTGPeAxfThnENfngrPXieDLJaTEIWZVAVI2u5f+e/gWq9yv
49 | 91UGjUH57IDfrnbcJWq11xA3E6hIkIFTvf586lqd3MkuuiYS6GeRe+8XZCOhPuF8
50 | Pjrn2cnFXd1rplBl9Z77uh7H3e0QuQINBFi3sbABEACc4ozUKxGlr1fdn72Jyghq
51 | KaOOwuzocwfs70hFJf+29Gn9VnZcw/gz0KqUmX88yNLbIhK3uf2BegTQggycuIgR
52 | o2xsET3FuXmrCqnSmDAd7rePIhgWSDJU7+1J32XC0WEvk+FXaoOeMpQAZ8/K4S6L
53 | jVafG0jGea6mdhAFGS+WAmNx4HbtFBENVQd4YGN+j2yyajhGtbzretjObayNsuef
54 | lvXSRFwEelxE3IuY+/rQtl8OsrEYErO4ouK+1dBS8haKluWxDdg+1imWjEGpEtEN
55 | 9rtOiz6lkzYChu3HLZL75n3N11ngDH7XquwalaSbrWyHXe50NRpPraYInJ5SpW3x
56 | 7y/RiCxloPZS+N8pSJPRHygPw75S+R5oeAAKPRu1ONzZ7wq2fVuWaqKTTzjCr4qW
57 | wsimfIykxDVwMZxuhfp/e20sQTUVmMAVp3VuZsTz1zw5TpnNzpvsar99s6OTO79q
58 | PH8sRF6g8aSwYDp/+c/Gt/ODIbJsJis/C6AbX3s5ew2d1bXjj5ySzWPW/Pwjj06V
59 | aZZqAx+CB8NVWWhe4oUcut57YKb67dmW4JkuSv9qTQjn7RvaLwNCyFoJAcpP8OWK
60 | ZOGjzsOsN2fdE4k1GX0958iL/w/URV94+/2NtViWx6LoOqHWL3yCq2jEpSrHQKMM
61 | GaQtAA3ixv1Ccpq1Oy0ViQARAQABiQIlBBgBCAAPBQJYt7GwAhsMBQkFo5qAAAoJ
62 | EA48sDIHmK2mu4IP/1gGNKhgg5hqp0n+/w09tLzVIagmAVsR7LCFOhy8GBp2Swj5
63 | z6aFYiiQ8bO9FK6/qLchdl1Z9/Eg3gTusHR3hIVGy6NuTx3kmY4FbRxdsgcE4oko
64 | tAtDPxZpMWBhFs4VlZiJCKcihnlCPf+LVxXCO6YHbNXmjUGVqsASagg9noToRRzt
65 | 0oqp0U+5AKK9UkC9BfvvmTFZ1Op3G1w9HHtdNvNtYCQjyOUvPe8+UdDCG5lkv3v/
66 | dWRd2yPJtKIbu7tET0/PRRd/E6ReFQNkIC83cd9WfRKGQRWAkPDKv96kmNb8TLmX
67 | kaXguZc7mWsrJGpj2Wp4rhPsorrrTi4KXSEwSi7PU6hzvkQZqoE3sbVTqtpIlnM3
68 | Q573bTimuMIeiFhM/gM1OBLhST4RkKlcr99SDMG9jSAwc0N98ERWMd+018ixKsjc
69 | j0An57QqiIQGDfSE4ra3MXzUJ3THl4RoSuXMz4pSZeJyjAPjXnauKNMfsj8r86Ty
70 | DNtEWYAOYOkY1gYcjtcQDZjQpSHg+7r/se1k+RvstiURIEXiNh9EB6IFYPptiItZ
71 | BqbEWT6uHvis+N567Wff/HgYeXmA/IBijGRJv8r42d4T5Y4geWIWWZ4icsfq3ce4
72 | /ezFjapCldvqJJoWJXlIaKixc1V6NO1+HELKwE1hbV7OwAiKIk+yHPkQnca/
73 | =BKpU
74 | -----END PGP PUBLIC KEY BLOCK-----


--------------------------------------------------------------------------------