Yubikey - Link With GPG
This tutorial will make sure that GPG is linked with your Yubikey device and is aimed at Ubuntu users.
Test Not Connected
The first thing we should do is check that you don't already have a working configuration.
Run the following command:
gpg --card-edit
If you get the following output, this tutorial is for you:
gpg: error getting version from 'scdaemon': No SmartCard daemon
gpg: OpenPGP card not available: No SmartCard daemon
Steps
Install the necessary packages
sudo apt-get install pcscd scdaemon gnupg2 pcsc-tools -y
Gnome Keyring Service Configuration
Because I am using Ubuntu 18.04 Mate, which uses the Gnome keyring service, I need to perform this step:
Edit the gnome keyring daemon
sudo editor /usr/local/bin/gnome-keyring-daemon
Input the following content:
#!/bin/sh
/usr/bin/gnome-keyring-daemon --start -c pkcs11,secrets
Enable GnuPG Agents
echo "use-agent" >> ~/.gnupg/gpg.conf
echo "enable-ssh-support" >> ~/.gnupg/gpg-agent.conf
Scan For Yubikey Card Reader Info
Use the pcsc_scan tool to scan for our Yubikey.
pcsc_scan -n
You should get some output like below:
PC/SC device scanner
V 1.5.2 (c) 2001-2017, Ludovic Rousseau <ludovic.rousseau@free.fr>
Using reader plug'n play mechanism
Scanning present readers...
0: Yubico Yubikey 4 OTP+U2F+CCID 00 00
Sun May 13 17:44:26 2018
Reader 0: Yubico Yubikey 4 OTP+U2F+CCID 00 00
Card state: Card inserted, Shared Mode,
ATR: 3B F8 13 00 00 81 31 FE 15 59 75 62 69 6B 65 79 34 D4
My card is located at CCID 00 00 so I will add it to the daemon like so:
echo "reader-port \"Yubico Yubikey NEO CCID 00 00\"" > ~/.gnupg/scdaemon.conf
I then found I had to reboot before running the test again worked.
sudo reboot
Now run:
gpg --card-edit
If the steps above were successfully executed, you should now see something like:
Reader ...........: Yubico Yubikey 4 OTP U2F CCID 00 00
Application ID ...: D2760001240102010006069157900000
Version ..........: 2.1
Manufacturer .....: Yubico
Serial number ....: 06915790
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 0 3
Signature counter : 0
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]
References
First published: 16th August 2018