Skip to content

Instantly share code, notes, and snippets.

@VictorKoenders

VictorKoenders/gpg_is_a_fuck.md

Last active May 31, 2022 13:10
Show Gist options
  • Save VictorKoenders/8c84ab7d4b2b48c909b41fabfac94ae5 to your computer and use it in GitHub Desktop.
Save VictorKoenders/8c84ab7d4b2b48c909b41fabfac94ae5 to your computer and use it in GitHub Desktop.
Download ZIP
Getting yubikey to work with code signing on a new machine
Raw
gpg_is_a_fuck.md

Install

On ubuntu, install:

sudo apt install wget gnupg2 gnupg-agent dirmngr cryptsetup scdaemon pcscd secure-delete hopenpgp-tools yubikey-personalization
libssl-dev swig libpcsclite-dev

On macos, install homebrew and run

brew install gnupg yubikey-personalization hopenpgp-tools ykman pinentry-mac wget

Fetch the card keys (may not work)

Verify the card can be found by running (only seems to work on ubuntu)

gpg --card-edit
# Should output your card info
> fetch
# Should output something like:
# /home/trangar/.gnupg/pubring.kbx
# --------------------------------
# ...
> quit

The old way

If the fetch does not work (you get no output) you have to do it the old way.

Locate your GPG key somewhere. Mine is at keys.opengpg.org.

Then run gpg --import ~/Downloads/<code>.asc

Get the KEYID

gpg --keyid-format LONG -k
# look for line:
# sub   rsa4096/XXXXXXXXXXXXXXXX 2021-09-04 [S] [expires: 2022-09-04]

Configure git

git config --global user.name "yourname"
git config --global user.email "your_email" #NOTE: MUST Be the one associated with your github signing key
git config --global user.signingKey "XXXXXXXXXXXXXXXX"
git config --global commit.gpgsign true

Troubleshooting

error: gpg failed to sign the data
fatal: failed to write commit object

Try setting export GPG_TTY=$(tty).

If this does not work, try running the same git commit with GIT_TRACE=1 environment variable. You can also run gpg --status-fd=2 -bsau <KEY> for more info.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment