search
🐱 Source ☕️ Java SampleGo Sample Angular Sample
githubEdit

YubiKey

Guide to setup YubiKeyarrow-up-right for encryption, SSH authentication and signing Git commits.

Store the passphrase of all of your SSH keys securely in iCloud Keychain, from which ssh-agent will read them on startup.

hashtag
Prerequisites

Verify a YubiKey is genuine, open a browser to https://www.yubico.com/genuine/

hashtag
Install

brew install gnupg yubikey-personalization hopenpgp-tools ykman pinentry-mac

There is a private key file stored on your machine, but your private SSH key is a reference to the security key device itself. If your private key file on your computer is stolen, it would be useless without the security key.

# where the “sk” suffix is short for “security key.”
 ssh-keygen -t ecdsa-sk -C <email address> 
 ssh-keygen -t ecdsa-sk -O verify-required # password-less
 ssh-keygen -t ed25519-sk

hashtag
passphrase

Configure SSH-agent to always use the Keychain

Add the following lines to your ~/.ssh/config file:

Any key you add to the ssh-agent using the ssh-add --apple-use-keychain ~/.ssh/[your-private-key] command will be automatically added to the keychain, and should be automatically loaded upon reboot.

You should be able to see the keys in the Keychain Access app, as well as from the command line via:

hashtag
Static secrets

The Yubikey can be configured to type in a string when its button is long-pressed. To setup, follow Yubikeys for Static Secretsarrow-up-right blog

To auto type secret, Press and hold the Yubikey button for 3-4 seconds.

hashtag
Reference

PreviousmkcertNextMonorepo

Last updated