Here we are again in a new year, so it’s time for a new blog tuneup. In the past, I’ve always kept comments disabled on my blog because I don’t want to wade through the cesspool of spam and trolls that inevitably result from allowing open comments …
Improving Private Key Security with a Yubikey: Replacing ssh-agent with gpg-agent
gpg-agent has support for the ssh-agent protocol, but first we need to enable it:
echo enable-ssh-support >> $HOME/.gnupg/gpg-agent.conf
gpg-connect-agent reloadagent /bye
This lets you use the authentication keys saved on your Yubikey for ssh authentication. To point at gpg-agent instead of ssh-agent, we …
Improving Private Key Security with a Yubikey: Using the key for GPG
In the previous steps, you should have ended up with one or more Yubikeys each containing a unique authentication key and shared encryption and signing keys. However, since all the setup was done with GNUPGHOME set to an alternate location, your normal gnupg keyring doesn’t know anything about the …
Improving Private Key Security with a Yubikey: Updating Key Settings
Now that we have all our cards set up with keys, we need to change some settings for better security:
- PIN
- Admin PIN (PUK in Yubikey terms)
- Force PIN for signatures
And a few other settings just for convenience:
- Name
- Language
- URL
- Sex
- Login name
$ gpg2 --edit-card
Reader ...........: Yubico …
Green Chile Chili
What’s that, you say? Aren’t chile and chili the same thing? No! But this vegetarian chili bean recipe uses green chile, so people on both sides get to be right when cooking this one. It comes out similar to Texas-style chili, but with tempeh instead of beef.
Lo Mein with Sriracha Soy Sauce
I doubt this is the first time anybody has thought of putting sriracha into their lo mein, but it turned out well enough to write it down. We’ll be making this one again!
Parsley Salad with Millet
This salad started off as a tabbouleh recipe, but we kept tweaking and substituting until it deserves its own recipe now. Instead of grain with some greens, this is mostly greens with some grain.
Improving Private Key Security with a Yubikey: Creating the Master Key
Now that the Yubikeys are set up to work with OpenPGP, we need to generate a master key. The master key is used to create and revoke subkeys, but doesn’t need to be used for day-to-day operations. If you’re interested in more details about keys vs subkeys, Debian …
Improving Private Key Security with a Yubikey: Setting CCID Mode
The first thing we need to do is make sure each Yubkikey has CCID mode enabled. This can be quickly checked with lsusb:
$ lsusb -d 1050:
Bus 003 Device 010: ID 1050:0116 Yubico.com Yubikey NEO(-N) OTP+U2F+CCID
This key already has CCID enabled. In fact, most …
Updating an Optiplex 9020 BIOS from Linux
Given all the recent noise about Intel ME vulnerabilities, I decided it was time to finally update my BIOS on my Dell Optiplex 9020. I thought the process would be similar to updating the BIOS on my previous HP desktop, so off I went to the Dell website. I found …