Programster's Blog

Tutorials focusing on Linux, programming, and open-source

Yubikey - Link With GPG

This tutorial will make sure that GPG is linked with your Yubikey device and is aimed at Ubuntu users.

Test Not Connected

The first thing we should do is check that you don't already have a working configuration.

Run the following command:

gpg --card-edit

If you get the following output, this tutorial is for you:

gpg: error getting version from 'scdaemon': No SmartCard daemon
gpg: OpenPGP card not available: No SmartCard daemon

Steps

Install the necessary packages

sudo apt-get install pcscd scdaemon gnupg2 pcsc-tools -y

Gnome Keyring Service Configuration

Because I am using Ubuntu 18.04 Mate, which uses the Gnome keyring service, I need to perform this step:

Edit the gnome keyring daemon

sudo editor /usr/local/bin/gnome-keyring-daemon

Input the following content:

#!/bin/sh
/usr/bin/gnome-keyring-daemon --start -c pkcs11,secrets

Enable GnuPG Agents

echo "use-agent" >> ~/.gnupg/gpg.conf
echo "enable-ssh-support" >> ~/.gnupg/gpg-agent.conf

Scan For Yubikey Card Reader Info

Use the pcsc_scan tool to scan for our Yubikey.

pcsc_scan -n

You should get some output like below:

PC/SC device scanner
V 1.5.2 (c) 2001-2017, Ludovic Rousseau <ludovic.rousseau@free.fr>
Using reader plug'n play mechanism
Scanning present readers...
0: Yubico Yubikey 4 OTP+U2F+CCID 00 00

Sun May 13 17:44:26 2018
 Reader 0: Yubico Yubikey 4 OTP+U2F+CCID 00 00
  Card state: Card inserted, Shared Mode, 
  ATR: 3B F8 13 00 00 81 31 FE 15 59 75 62 69 6B 65 79 34 D4

My card is located at CCID 00 00 so I will add it to the daemon like so:

echo "reader-port \"Yubico Yubikey NEO CCID 00 00\"" > ~/.gnupg/scdaemon.conf

I then found I had to reboot before running the test again worked.

sudo reboot

Now run:

gpg --card-edit

If the steps above were successfully executed, you should now see something like:

Reader ...........: Yubico Yubikey 4 OTP U2F CCID 00 00
Application ID ...: D2760001240102010006069157900000
Version ..........: 2.1
Manufacturer .....: Yubico
Serial number ....: 06915790
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 0 3
Signature counter : 0
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]

References