Take your private key - either the one you got from Keybase or one you generated locally - and make sure that your UID ( your email address that you use on GitHub) is a part of it. I download and installed (and optionally donated) a copy of Gpg4Win here.
) Make sure you have a private PGP key that has your Git Commit Email Address associated with it I love and support you and your choice though. I use Windows and I like it, so if you want to use a Mac or Linux this blog post likely isn't for you. You can feel free to get/generate your key from wherever makes you happy and secure. I like Keybase and trust them so I'm starting there with a Private Key. It depends on your tolerance, patience, technical ability, and if you trust any online services. Until this is Super Easy (TM) on Windows, there's gonna be guides like this.Īs with all things security, there is a balance between Capital-S Secure with offline air-gapped what-nots, and Ease Of Use with tools like Keybase. This isn't The Bible On The Topic but rather what happened with me and what I ran into and how I got past it. Some are complete and encyclopedic, some include recommendations and details that are "too much," but this one was my experience. Note also that there are a LOT of guides out there.
Keybase global update#
Let me know if something here is wrong (be nice) and I'll update it. I am most concerned with it acting like a Smart Card that holds a PGP (Pretty Good Privacy) key since the YubiKey can look like a "PIV (Personal Identity Verification) Smart Card." They're happy to tell you that it supports a BUNCH of stuff that you have never heard of like Yubico OTP, OATH-TOTP, OATH-HOTP, FIDO U2F, OpenPGP, Challenge-Response.
Keybase global code#
I just want to be able to sign my code commits to GitHub so I might avoid people impersonating my Git Commits (happens more than you'd think and has happened recently.) However, I also was hoping to make it more secure by using a YubiKey 4 or Yubikey NEO security key. This is one of those "it's good for you" things like diet and exercise and setting up 2 Factor Authentication. This week in obscure blog titles, I bring you the nightmare that is setting up Signed Git Commits with a YubiKey NEO and GPG and Keybase on Windows.
0 kommentar(er)
