Updated by Alex FornutoContributed byHuw Evans
sudo apt-get update && sudo apt-get upgrade
)brew install gnupg2
if you have Homebrew.(1) RSA and RSA
.4096
. If you want to store your key on a YubiKey Neo or certain smartcards, you may be restricted to a 2048-bit key size, so ensure that you aware of limitations for your device, if applicable.O
for ‘Okay’.key-id
with the eight-character string output from the key generation process. This will be found in the line beginning with pub
. In the example above, the ID is 71735D23
.gpg>
prompt, enter:(8) RSA (set your own capabilities)
.S
to toggle the ‘Sign’ action off.E
to toggle the ‘Encrypt’ action off.A
to toggle the ‘Authenticate’ action on. The output should now include Current allowed actions: Authenticate
, with nothing else on that line.Q
to continue.4096
. The same limitation from Step 4 in the first section applies, so ensure your card/YubiKey can support this key size.y
at the Really create? (y/N)
prompt to complete the process.quit
to leave the gpg prompt, and y
at the prompt to save changes.~/.gnupg
folder with the following command, replacing USB_DEVICE
with the name of your device:/Volumes/USB_DEVICE/
. Different operating systems may use different naming conventions for this path. You can safely ignore any Operation not supported on socket
warnings that appear when you enter this command.key-id
with the eight-character key ID for your private key:key-id
with the eight-character key ID for each subkey:~/.gnupg
directory with your copy, and using:key-file
with the location of each of your files.key-id
with your own key ID.gpg2 --import key-file
command.ykpersonalise -m82
. ykpersonalise
can be installed through your package manager.123456
, and the default Admin PIN is usually 12345678
. If these don’t work, contact the manufacturer or review online documentation.2 - unblock PIN
. This will unblock your PIN, and prompt you to change it. This PIN will be required every time you want to access your GPG key (e.g. every time you authenticate with SSH), and has a limit of eight characters.3 - change Admin PIN
. This PIN is required to make administrative changes, like in step 2, and has a limit of 6 characters. For optimum security, never store this PIN in a digital location, since it will be unnecessary for daily use of the YubiKey.Q
and then typing quit
.key-id
with your own key ID:(3) Authentication key
to store your key on the third slot of the device. If this is not an option, ensure that you’ve selected the appropriate subkey.save
to exit this menu.key-id
. You can reimport these with an ordinary gpg2 --import <stub file>
on your private machine.~/.bash_profile
file (or similar shell startup file) to include:gpg-agent
as needed.~/.gnupg/gpg-agent.conf
: R studo for os x 10.11.6.The agent has no identities
, try the steps to restart the GPG agent from above.ssh-rsa
. If you see multiple strings beginning with ssh-rsa
, copy the one that ends with cardno:
. It might look like this:~/gpg-key.pub
) and save it.authorized_hosts
file: