Setting a Windows 10 computer up w/ existing OpenPGP and Yubikey
This covers getting a new Windows 10 instance working with an existing openpgp setup and yubikey. It doesn't cover creating the openpgp key and linking it with the yubikey in the first place.
- Official Yubico Page
- drduh's amazing github page
- Anti-random's guide for various ways of SSHing in Windows with a Yubikey
- Yubikey, gpg, ssh and WSL2
- GPG-sign your Git commits and remember your SSH key passwords in WSL2 including Yubikey PGP support
I use winget to install my packages, but you can grab the packages individually, or use choco or something else.
- Grab winget and install it (double click on the appbundle downloaded).
- Open up Powershell as administrator and run:
winget install gpg4win,
winget install putty, and
winget install git(git is optional)
- In a normal Powershell window, import your existing key with:
gpg --import [publickeyfile].gpg
gpg --edit-key [keyhash]to go to the edit interface for the key.
trustand trust your key ultimately. Type 'save' to save and quit.
- Open the Kleopatra app (installed as part of gpg4win).
- Go to Settings->Configure Kleopatra->GnuPG System->Private Keys->Options controlling the configuration and select “Enable ssh support” and “Enable putty support”
- Hit WIN-R and type “shell:startup”
- Create a shortcut to “gpg-connect-agent /bye”. Mark it to start minimised.
- Set an evironment variable of GIT_SSH to C:\Program Files\PuTTY\plink.exe
- Download and install WSL-SSH-Pagaent and install it.
- Follow the instructions here for setting it up and automating it.
- Set an environment variable making SSH_AUTH_SOCK map to the pipe created in step 12 ('\\.\pipe\winssh-pageant')
- Follow the instructions here for the WSL2 scripts (not the windows-side-setup, which was already done), however modify the socat command for SSH_AUTH_SOCK to be '\/\/.\/pipe\/winssh-pageant', with the backslashes included.
- Start a new WSL2 session and SSH keys and GPG should be working in WSL2.