In the Previous part we configured OpenGPG with Yubikey. In case you have it done, we can continue on how to access your YubiKey in WSL2.
Disclaimer: This tutorial is written for WSL2 with Ubuntu. It may differ distro from distro.
Install socat and wsl2-ssh-pageant in WSL:
# WSL2 $ sudo apt install socat $ mkdir ~/.ssh $ wget https://github.com/BlackReloaded/wsl2-ssh-pageant/releases/download/v1.2.0/wsl2-ssh-pageant.exe -O ~/.ssh/wsl2-ssh-pageant.exe $ chmod +x ~/.ssh/wsl2-ssh-pageant.exe
This part is inspired by this tutorial.
~/.bashrc (e.g. via nano or vim) and add following content:
# SSH Socket # Removing Linux SSH socket and replacing it by link to wsl2-ssh-pageant socket export SSH_AUTH_SOCK=$HOME/.ssh/agent.sock ss -a | grep -q $SSH_AUTH_SOCK if [ $? -ne 0 ]; then rm -f $SSH_AUTH_SOCK setsid nohup socat UNIX-LISTEN:$SSH_AUTH_SOCK,fork EXEC:$HOME/.ssh/wsl2-ssh-pageant.exe &>/dev/null & fi # GPG Socket # Removing Linux GPG Agent socket and replacing it by link to wsl2-ssh-pageant GPG socket export GPG_AGENT_SOCK=$HOME/.gnupg/S.gpg-agent ss -a | grep -q $GPG_AGENT_SOCK if [ $? -ne 0 ]; then rm -rf $GPG_AGENT_SOCK setsid nohup socat UNIX-LISTEN:$GPG_AGENT_SOCK,fork EXEC:"$HOME/.ssh/wsl2-ssh-pageant.exe --gpg S.gpg-agent" &>/dev/null & fi
Restart WSL by running
# CMD wsl.exe --shutdown
When you open Ubuntu Terminal now and run
gpg --card-status you should be able to see something like this:
If you check GPG keys availible in WSL2 via
gpg --list-keys or
gpg --list-secret-keys you get empty results. We have to first import them. It’s quite easy just run:
# WSL2 $ gpg --card-edit
gpg --import PATH_TO_ASC_FILE
Exit the gpg command interface via
If you now run
gpg --list-keys you finally get your keys.
Now we are missing one small step. As you can see. The trustworthiness of our certificate is unknown (information next to the name). We can change it via running:
# WSL2 $ gpg --edit-key YOUR_KEY_ID # In my case 1E9...
This opens gpg console insterface. Write:
# WSL2 trust # Change trust level 5 # Set trust level to ultimate save # Save the changes
If you list keys via
gpg --list-keys now. You should be able to see
[ultimate] next to your name.