YubiKey-Guide icon indicating copy to clipboard operation
YubiKey-Guide copied to clipboard

Published 20 hours ago verified publisher icon drduh

Fetch Public Key from YubiKey URL

Open codemonkee opened this issue 2 years ago • 3 comments

I find it handy to upload my public key to something like Keybase.io or Public Dropbox folder and set the URL of the YubiKey to the public key URL. Then when you want to import it quickly

gpg --edit-card
gpg/card> url
URL to retrieve public key: https://keybase.io/<username>/pgp_keys.asc
gpg/card>save

From here if you want to import/fetch the public key

Insert YubiKey

gpg --edit-card
gpg/card> fetch
gpg: requesting key from 'https://keybase.io/<username>/pgp_keys.asc'
gpg: key AAAAAAAAAAAAAA: public key "First Last <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg/card> quit

gpg --edit-key AAAAAAAA
gpg> trust

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y
gpg> quit

codemonkee avatar Jan 02 '22 23:01 codemonkee

@codemonkee Please send a PR with this suggestion, it's really helpful!

drduh avatar Apr 09 '22 18:04 drduh

@menduz implemented something similar for his bootstrap script

sp8c3 avatar Apr 09 '22 19:04 sp8c3

Thanks for mentioning @sp8c3! to add to the original thread, using github's or gitlab's infrastructure can save you some work:

https://github.com/<username>.gpg -> https://github.com/menduz.gpg

menduz avatar Apr 09 '22 19:04 menduz

This also works with keys.openpgp.org:

https://keys.openpgp.org/vks/v1/by-fingerprint/FINGERPRINT

zeorin avatar Oct 05 '22 09:10 zeorin

Seems there are several ways to do this - PRs welcome!

drduh avatar Dec 26 '22 19:12 drduh