Yubikey - Link With GPG
This tutorial will make sure that GPG is linked with your Yubikey device and is aimed at Ubuntu users.
Test Not Connected
The first thing we should do is check that you don't already have a working configuration.
Run the following command:
If you get the following output, this tutorial is for you:
gpg: error getting version from 'scdaemon': No SmartCard daemon gpg: OpenPGP card not available: No SmartCard daemon
Install the necessary packages
sudo apt-get install pcscd scdaemon gnupg2 pcsc-tools -y
Gnome Keyring Service Configuration
Because I am using Ubuntu 18.04 Mate, which uses the Gnome keyring service, I need to perform this step:
Edit the gnome keyring daemon
sudo editor /usr/local/bin/gnome-keyring-daemon
Input the following content:
#!/bin/sh /usr/bin/gnome-keyring-daemon --start -c pkcs11,secrets
Enable GnuPG Agents
echo "use-agent" >> ~/.gnupg/gpg.conf echo "enable-ssh-support" >> ~/.gnupg/gpg-agent.conf
Scan For Yubikey Card Reader Info
Use the pcsc_scan tool to scan for our Yubikey.
You should get some output like below:
PC/SC device scanner V 1.5.2 (c) 2001-2017, Ludovic Rousseau <firstname.lastname@example.org> Using reader plug'n play mechanism Scanning present readers... 0: Yubico Yubikey 4 OTP+U2F+CCID 00 00 Sun May 13 17:44:26 2018 Reader 0: Yubico Yubikey 4 OTP+U2F+CCID 00 00 Card state: Card inserted, Shared Mode, ATR: 3B F8 13 00 00 81 31 FE 15 59 75 62 69 6B 65 79 34 D4
My card is located at CCID 00 00 so I will add it to the daemon like so:
echo "reader-port \"Yubico Yubikey NEO CCID 00 00\"" > ~/.gnupg/scdaemon.conf
I then found I had to reboot before running the test again worked.
If the steps above were successfully executed, you should now see something like:
Reader ...........: Yubico Yubikey 4 OTP U2F CCID 00 00 Application ID ...: D2760001240102010006069157900000 Version ..........: 2.1 Manufacturer .....: Yubico Serial number ....: 06915790 Name of cardholder: [not set] Language prefs ...: [not set] Sex ..............: unspecified URL of public key : [not set] Login data .......: [not set] Signature PIN ....: not forced Key attributes ...: rsa2048 rsa2048 rsa2048 Max. PIN lengths .: 127 127 127 PIN retry counter : 3 0 3 Signature counter : 0 Signature key ....: [none] Encryption key....: [none] Authentication key: [none] General key info..: [none]