YubiKey with SSH via OpenPGP on macOS High Sierra

10.11.2017 19:48

since the internet is full of outdated information on configuring the Yubikey to work with GnuPG on macOS I’ll get you an update for High Sierra.

Personally I’d recommend to use GPG Suite from https://gpgtools.org/ to install gnupg on a macOS. It brings a lot of features and a plugin for Mail.

Use Yubikey’s OpenPGP with SSH

Create a gpg-agent.conf config and update your ~/.bash_profile to enable gnupg’s ssh agent.

~/.gnupg/gpg-agent.conf

pinentry-program /usr/local/MacGPG2/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac
default-cache-ttl 600
max-cache-ttl 7200
enable-ssh-support

just update the ttl’s if you want different ones

~/.bash_profile

# on OS X with GPGTools, comment out the next line:
#eval $(gpg-agent --daemon)
GPG_TTY=$(tty)
export GPG_TTY
if [ -S "$HOME/.gnupg/S.gpg-agent.ssh" ]; then
    export SSH_AUTH_SOCK="$HOME/.gnupg/S.gpg-agent.ssh"
fi

If you installed gnupg via gpgtools.org's GPG Suite you don’t need to worry about starting the daemon. It gets automatically installed. If you used brew or something else you might need to uncomment the eval line and start the gpg-agent daemon