Configuring YubiKey with WSL 2.0

 This is a step-by-step guide on how to configure WSL 2.0 so it can work with YubiKey as the SSH/gpg client.

1. Download & Install Gpg4Win.
    a.) Reboot

2. Configure %APPDATA%\gnugp\gpg-agent.conf:


3. Configure %APPDATA%\gnugp\gpg.conf

# Avoid information leaked
export-options export-minimal

# Displays the long format of the ID of the keys and their fingerprints
keyid-format 0xlong

# Displays the validity of the keys
list-options show-uid-validity
verify-options show-uid-validity

# Limits the algorithms used
personal-cipher-preferences AES256
personal-digest-preferences SHA512
default-preference-list SHA512 SHA384 SHA256 RIPEMD160 AES256 TWOFISH BLOWFISH ZLIB BZIP2 ZIP Uncompressed

cipher-algo AES256
digest-algo SHA512
cert-digest-algo SHA512
compress-algo ZLIB

disable-cipher-algo 3DES
weak-digest SHA1

s2k-cipher-algo AES256
s2k-digest-algo SHA512
s2k-mode 3
s2k-count 65011712

###+++--- GPGConf ---+++###

4. Configure %APPDATA%\gnugp\gpa.conf

default-key GPG-KEY-ID-40-CHAR-LONG

5. Configure %APPDATA%\gnugp\scdaemon.conf

reader-port Yubico Yubikey

6. Copy https://github.com/NZSmartie/npiperelay/releases/tag/v0.1 to %APPDATA%\npiperelay

7. Run gpg --keyserver hkps://keys.openpgp.org --recv-keys <gpg-key-id>

8. Copy https://github.com/benpye/wsl-ssh-pageant/releases/tag20201121.2 to %APPDATA%\wsl-ssh-pageant

9. cd \ && mkdir Programs && cd Programs && mklink /J GnuPG "C:\Program Files (x86)\GnuPG"

10. Create environment variable in Windows with SSH_AUTH_SOCK = \\.\pipe\ssh-pageant

12. Ensure that gpg-connect-agent /bye runs during windows startup

13. configure git and set gpg.program to /mnt/c/Programs/GnuPG/bin/gpg.exe and commit.gpgSign to true

No comments:

Post a Comment