# PC/SC driver pcsc-driver /usr/lib/libpcsclite.so # Disable CCID (for YubiKey) disable-ccid # Enable card removal notification card-timeout 5 Edit ~/.gnupg/gpg-agent.conf :
ssh -T git@github.com # Should prompt for PIN then authenticate Sign a file gpg --sign document.txt # Prompts for PIN on the dongle Decrypt a file gpg --decrypt secret.gpg List keys on card gpg --card-status Change PIN gpg --card-edit gpg/card> admin gpg/card> passwd Step 7: Backup & Recovery Critical : Backup your revocation certificate immediately: gpg dongle setup
Reader ...........: Yubico YubiKey OTP+FIDO+CCID 0 Application ID ...: D276000124010200... Version ..........: 3.4 Manufacturer .....: Yubico If not detected, restart pcscd : # PC/SC driver pcsc-driver /usr/lib/libpcsclite
sudo systemctl restart pcscd Edit ~/.gnupg/scdaemon.conf : gpg dongle setup
gpg --export-ssh-key YOUR_KEYID > ~/.ssh/id_rsa_gpg.pub Add to ~/.ssh/config :
sudo pacman -S gnupg pcsc-tools Plug in your dongle and check if the system sees it:
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) Test SSH: