USB WSL

# Install the following on Windows:
# - Install CLI https://github.com/dorssel/usbipd-win/releases
# - and GUI https://gitlab.com/alelec/wsl-usb-gui/-/releases

# - Build custom WSL kernel following the "Build Custom Kernel" instructions at https://github.com/dorssel/usbipd-win/wiki/WSL-support
# BUT also enable the following:
# Device Drivers --->
#  HID Support --->
#    Check /dev/hidraw raw HID device support
#    Check HID Support -> User-space I/O driver support for HID subsystem
#    Check ALL drivers under HID Support -> USB HID support

# Manually configure the default user for the custom WSL distro
# so that it's not root:
# Use regedit and navigate to the key:
# HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Lxss
# Examine its subkeys for a distribution that has the right name in the item DistributionName
# Create or modify a DWORD item named DefaultUid and set it to the user-id (uid) of your default user. Here root user is id 0 while the first user id is 1000 (0x3e8).

# On the new wsl linux, install scdaemon
sudo apt install scdaemon

# Daemon need to be stertedmanually at every WSL startup
sudo service pcscd start

# Install ykman with brew (so it's up to date)
brew install ykman

# - Connect the Yubikey
# - Use the WSL USB Manager app on windows to attach the Yunikey to WSL

# On WSL, Check that they key is visible both in ykman and gpg
ykman info
gpg --card-status

# Import GPG key from yubikey
$ gpg --card-edit
> fetch
> quit

gpg — list-keys

$ gpg --edit-key YOUR_KEY_ID # In my case 1E9...
> trust # Change trust level
> 5     # Set trust level to ultimate
> y
> save  # Save the changes

gpg — list-keys

# configure git with GPG key
# WSL2
git config --global user.signingkey YOUR_KEY_ID # In my case 1E9...
git config --global gpg.program gpg
git config --global commit.gpgsign true
git config --global user.name "<your-name>"
git config --global user.email "<your-email>"

# Add this to .bashrc
export GPG_TTY=$(tty)

# test that you can sign with the yubikey and that you get asked for the PIN in the terminal
echo "test" | gpg --clearsign

# if needed, gpg-agent can bestarted with:
gpg-agent --daemon
# or:
gpg-connect-agent reloadagent /bye

# Install pass password manager
sudo apt install pass

# generate a new GPG key (not stored on the yubikey!) to use for pass
gpg --full-generate-key

# Then init pass with that key id
pass init KEY-ID

# Store something in pass and check that it can be read back
pass generate website/test.com 15
pass -c website/test.com

# Add this to .bashrc to use pass as the aws vault backend
export AWS_VAULT_BACKEND=pass

# Sometimes, after a bit of usage the Yubikey won't be detected anymore unless you are root.
# To fix that, run:
sudo udevadm trigger
sudo service pcscd restart
ykman info
gpg --card-status

# These two commands might be useful too
sudo service udev restart
sudo udevadm control --reload

# You can add those as aliases in your .bashrc for simplicity
# Aliases to reload USB permission services
alias fixusb='sudo udevadm trigger; sudo service pcscd restart'
alias fixusb2='sudo service udev restart; sudo udevadm control --reload; sudo udevadm trigger; sudo service pcscd restart'