DEV Community

Cover image for The ultimate guide to Yubikey on WSL2 [Part 3]
Jaroslav Živný
Jaroslav Živný

Posted on • Edited on • Originally published at jardazivny.Medium

The ultimate guide to Yubikey on WSL2 [Part 3]

If you haven’t setup GPG on Yubikey or you cannot access YubiKey from within WSL. Please check previous parts (1, 2) of this series.

Disclaimer I: This tutorial is written for WSL2 with Ubuntu. It may differ distro from distro.

Disclaimer II: I’m going to use Github in this tutorial, but process of setup for other major GIT servers (GitLab, Bitbucket, …) are pretty much the same.

Let’s continue where we left off in part 2.


Authenticate against Git server via GPG

In order to authenticate against GIT server we need a public ssh key. We connected WSL’s ssh agent in the 2nd part of this tutorial to GPG key over socket. So now we can use the public key from there.

Get SSH public key:

# WSL2
$ ssh-add -L
Enter fullscreen mode Exit fullscreen mode

Take the output and paste it to GitHub settings -> SSH and GPG Keys -> New SSH Key.

When you now try to pull or push from remote GIT repository, there will show up a modal requesting your GPG PIN on your screen.


Signing git commits with GPG

1 - Configure Git by

# WSL2
git config --global user.signingkey YOUR_KEY_ID # In my case 1E9...
git config --global gpg.program gpg
git config --global commit.gpgsign true
Enter fullscreen mode Exit fullscreen mode

2 - Export Public Key

# WSL2
gpg --armor --export YOUR_KEY_ID # In my case 1E9...
Enter fullscreen mode Exit fullscreen mode

3 - Put this public GPG key to GitHub Setting -> SSH and GPG keys -> New GPG Key. In case you’re using GitLab, Bitbucket or other Git servers, there is a similar way to configure GPG Key.

Now when you create a new commit, there will show up a dialog requesting your PIN on your screen.

Dialog requesting your GPG PIN

In case you’re using verified Email address (in Github) for the GPG key and you configured the same address in Git git config --global user.email. You should be able to see Verified badge next to your commit.

A Commit with Verified badge

Top comments (5)

Collapse
 
kgrandemange profile image
Kevin Grandemange

Amazing work thank you!

A small typo you wrote:

Put this public GPG key to Gitlab Setting -> SSH and GPG keys ->
Enter fullscreen mode Exit fullscreen mode

instead of:

Put this public GPG key to Github Setting -> SSH and GPG keys ->
Enter fullscreen mode Exit fullscreen mode

the link redirect to github.

Collapse
 
dzerycz profile image
Jaroslav Živný

Many thanks. Fixed :)

Collapse
 
sourabhalten profile image
Sourabh-ALTEN • Edited

Hello,
Thanks for the detailed tutorial.

Butwhen I run ssh-add -L I get error fetching identities: agent refused operation.
ps aux | grep ssh-agent shows no ssh-agent running
So tried to invoke ssh-add with eval ssh-agent -s and now ssh-add -L returns The agent has no identities.
Could you please let me know what is the issue here?

Collapse
 
dppdppd profile image
dppdppd

Hi and thanks for the great write up. It worked like a charm. Question:

Which gpg-agent.conf should I be modifying at this point? the WSL ~/.gnugp/ one?

Collapse
 
dzerycz profile image
Jaroslav Živný

The agent runs on Windows, so the one in %HOMEPATH%\AppData\Roaming\gnupg\gpg-agent.conf