mirror/YubiKey-Guide
1
0
Fork 0
mirror of https://github.com/drduh/YubiKey-Guide.git synced 2025-12-26 12:24:57 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions

document keysigning issue with offline certify key

Browse source
This commit is contained in:
Adam Monsen 2025-10-13 08:12:02 -07:00
parent 37296f7ae9
commit 57998be067
No known key found for this signature in database
GPG key ID: 0E895A1A7A090CFC
1 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -2231,6 +2231,8 @@ Now connect networking.
1. To use YubiKey on multiple computers, import the corresponding public keys, then confirm YubiKey is visible with `gpg --card-status`. Trust the imported public keys ultimately with `trust` and `5`, then `gpg --list-secret-keys` will show the correct and trusted key. 1. To use YubiKey on multiple computers, import the corresponding public keys, then confirm YubiKey is visible with `gpg --card-status`. Trust the imported public keys ultimately with `trust` and `5`, then `gpg --list-secret-keys` will show the correct and trusted key.
1. When your Certify key is offline, *caveat emptor*: If you wish to [participate in keysigning parties](https://www.gnupg.org/gph/en/manual/x334.html), you'll find [signing others' imported public keys](https://gist.github.com/F21/b0e8c62c49dfab267ff1d0c6af39ab84) requires first setting up a secure enclave such as the ephemeral environment described above and importing your Certify key into that enclave. [A signing subkey cannot be used to sign others' imported public keys](https://security.stackexchange.com/questions/153057/possible-to-sign-an-imported-key-with-a-subkey-using-gpg).
# Troubleshooting # Troubleshooting
- Use `man gpg` to understand GnuPG options and command-line flags. - Use `man gpg` to understand GnuPG options and command-line flags.