This is a step-by-step guide on how to configure WSL 2.0 so it can work with YubiKey as the SSH/gpg client.
1. Download & Install Gpg4Win.
a.) Reboot
enable-ssh-support
enable-putty-support
3. Configure %APPDATA%\gnugp\gpg.conf
# Avoid information leaked
no-emit-version
no-comments
export-options export-minimal
# Displays the long format of the ID of the keys and their fingerprints
keyid-format 0xlong
with-fingerprint
# Displays the validity of the keys
list-options show-uid-validity
verify-options show-uid-validity
# Limits the algorithms used
personal-cipher-preferences AES256
personal-digest-preferences SHA512
default-preference-list SHA512 SHA384 SHA256 RIPEMD160 AES256 TWOFISH BLOWFISH ZLIB BZIP2 ZIP Uncompressed
cipher-algo AES256
digest-algo SHA512
cert-digest-algo SHA512
compress-algo ZLIB
disable-cipher-algo 3DES
weak-digest SHA1
s2k-cipher-algo AES256
s2k-digest-algo SHA512
s2k-mode 3
s2k-count 65011712
###+++--- GPGConf ---+++###
utf8-strings
4. Configure %APPDATA%\gnugp\gpa.conf
default-key GPG-KEY-ID-40-CHAR-LONG
5. Configure %APPDATA%\gnugp\scdaemon.conf
reader-port Yubico Yubikey
6. Copy https://github.com/NZSmartie/npiperelay/releases/tag/v0.1 to %APPDATA%\npiperelay
7. Run gpg --keyserver hkps://keys.openpgp.org --recv-keys <gpg-key-id>
8. Copy https://github.com/benpye/wsl-ssh-pageant/releases/tag20201121.2 to %APPDATA%\wsl-ssh-pageant
9. cd \ && mkdir Programs && cd Programs && mklink /J GnuPG "C:\Program Files (x86)\GnuPG"
10. Create environment variable in Windows with SSH_AUTH_SOCK = \\.\pipe\ssh-pageant
11. Follow Script instructions from: https://gist.github.com/Hegi/d7f4a1cdd91a2ae82e6f2abc7c2842ff
12. Ensure that gpg-connect-agent /bye runs during windows startup
13. configure git and set gpg.program to /mnt/c/Programs/GnuPG/bin/gpg.exe and commit.gpgSign to true
No comments:
Post a Comment