The ultimate guide to Yubikey on WSL2 [Part 3]

If you haven’t setup GPG on Yubikey or you cannot access YubiKey from within WSL. Please check previous parts (1, 2) of this series.

Disclaimer I: This tutorial is written for WSL2 with Ubuntu. It may differ distro from distro.

Disclaimer II: I’m going to use Github in this tutorial, but process of setup for other major GIT servers (GitLab, Bitbucket, …) are pretty much the same.

Let’s continue where we left off in part 2.

---

Authenticate against Git server via GPG

In order to authenticate against GIT server we need a public ssh key. We connected WSL’s ssh agent in the 2nd part of this tutorial to GPG key over socket. So now we can use the public key from there.

Get SSH public key:

# WSL2
$ ssh-add -L

Take the output and paste it to GitHub settings -> SSH and GPG Keys -> New SSH Key.

When you now try to pull or push from remote GIT repository, there will show up a modal requesting your GPG PIN on your screen.

---

Signing git commits with GPG

1 - Configure Git by

# WSL2
git config --global user.signingkey YOUR_KEY_ID # In my case 1E9...
git config --global gpg.program gpg
git config --global commit.gpgsign true

2 - Export Public Key

# WSL2
gpg --armor --export YOUR_KEY_ID # In my case 1E9...

3 - Put this public GPG key to GitHub Setting -> SSH and GPG keys -> New GPG Key. In case you’re using GitLab, Bitbucket or other Git servers, there is a similar way to configure GPG Key.

Now when you create a new commit, there will show up a dialog requesting your PIN on your screen.

In case you’re using verified Email address (in Github) for the GPG key and you configured the same address in Git git config --global user.email. You should be able to see Verified badge next to your commit.

Comments

[Kevin Grandemange]

Amazing work thank you!

A small typo you wrote:

Put this public GPG key to Gitlab Setting -> SSH and GPG keys ->

instead of:

Put this public GPG key to Github Setting -> SSH and GPG keys ->

the link redirect to github.

[Jaroslav Živný]

Many thanks. Fixed :)

[Sourabh-ALTEN]

Hello,
Thanks for the detailed tutorial.

Butwhen I run ssh-add -L I get error fetching identities: agent refused operation.
ps aux | grep ssh-agent shows no ssh-agent running
So tried to invoke ssh-add with eval ssh-agent -s and now ssh-add -L returns The agent has no identities.
Could you please let me know what is the issue here?

[dppdppd]

Hi and thanks for the great write up. It worked like a charm. Question:

Which gpg-agent.conf should I be modifying at this point? the WSL ~/.gnugp/ one?

[Jaroslav Živný]

The agent runs on Windows, so the one in %HOMEPATH%\AppData\Roaming\gnupg\gpg-agent.conf