A shell script to properly configure GNOME to play nice with a Yubikey. This script allows you to use your Yubikey for GPG and SSH while leaving passwords and PK11 for GNOME keyring (Ubuntu 15.04-17.10) Copied from hyper3xpl0iter@github I just modified the deb source locations since the country mirrors of archive.ubuntu.org do not contain vivid anymore. Download it here CAVE: The removal of the new versions of gpg and so on also removes gnome-control-center so a sudo apt-get -y install gnome-control-center has to be done afterwards.
After a recent apt-get update && apt-get dist-upgrade which also updated gpg-agent my smart cards (and therefore ssh auth for my servers) stopped to work. A ps aux|grep gpg-agent revealed that it´s now started with --supervised instead of the options given by me. Even a pkill gpg-agent and eval $(gpg-agent --options) didn´t help. A quick search in google found out that developers changed the start up but I did not want to dig any deeper and edit scripts or whatsoever again…
… due to being stupid and not remembering my private key passphrase and therefore unable to interact with my private key anymore I deceided to revoke the old key pub 4096R/0x73538126032AD297 2014-11-12 [expires: 2016-11-11] Key fingerprint = F5DE 3184 F042 30E7 0CD0 84F2 7353 8126 032A D297 The new key is as follows pub 4096R/0xEFD7808C60A82FF1 2015-08-22 [expires: 2018-08-21] Key fingerprint = E04B 3279 3DAD 5F29 CA5F FD48 EFD7 808C 60A8 2FF1 It can be found and retrieved via the usual ways and also via this link
After this has been giving me a lot of headache and throwing curses at all and everything because nothing worked nearly out of the box – it looks like I finally managed to get gpg cards (yubi key and the one from kernelconcepts) working as intended … sudo apt-get purge --remove libpam-gnome-keyring -y && \ sudo apt-get install pcscd pcsc-tools gpgsm gnupg-agent scdaemon -y && \ sudo reboot and check out this link
I am transitioning PGP keys from an old RSA key to a new 4096-bit RSA master key with subkeys.
You can find the signed tansition statement signed by both keys here: