- plug in yubikey and connect it to the tk-online vm
- to connect the yubiky click the USB icon (6th from the left) in the top menu bar
- this should give a dropdown with devices
- hover over the Yubico_Yubikey, this should show another dropdown with the tk-online. Click tk-online
ykman config mode FIDO+CCID
mkdir ~/.gnupg
cat > ~/.gnupg/scdaemon.conf <<'EOF'
disable-ccid
pcsc-driver /usr/lib/x86_64-linux-gnu/libpcsclite.so.1
card-timeout 1
# Always try to use yubikey as the first reader
# even when other smart card readers are connected
# Name of the reader can be found using the pcsc_scan command
# If you have problems with gpg not recognizing the Yubikey
# then make sure that the string here matches exacly pcsc_scan
# command output. Also check journalctl -f for errors.
reader-port Yubico YubiKey
EOFcat > ~/.gnupg/gpg.conf <<'EOF'
trust-model tofu+pgp
EOFecho "Create required directories"
mkdir ~/.config/autostart
mkdir ~/.config/environment.d
echo "==> Disable Gnome-Keyring ssh component"
cp /etc/xdg/autostart/gnome-keyring-ssh.desktop ~/.config/autostart
echo "Hidden=true" >> ~/.config/autostart/gnome-keyring-ssh.desktop
echo "==> Point ssh agent socket environment variable to GnuPG"
cat > ~/.config/environment.d/99-gpg-agent_ssh.conf <<'EOF'
SSH_AUTH_SOCK=${XDG_RUNTIME_DIR}/gnupg/S.gpg-agent.ssh
EOF
echo "==> Done"
echo
echo "Restart you computer and then GnuPG will be your ssh-agent"
echonow restart with sudo reboot