The ultimate guide to Yubikey on WSL2 [Part 3]

Jaroslav Živný
2 min readFeb 15, 2021

--

If you haven’t setup GPG on Yubikey or you cannot access Yubikey from within WSL. Please check previous parts (1 & 2) of this series.

Disclaimer I: This tutorial is written for WSL2 with Ubuntu. It may differ distro from distro.

Disclaimer II: I’m going to use Github in this tutorial, but process of setup for other major GIT servers (GitLab, Bitbucket, …) are pretty much the same.

Let’s continue where we left off in part 2.

Authenticate against Git server via GPG

In order to authenticate against GIT server we need a public ssh key. We connected WSL’s ssh agent in the 2nd part of this tutorial to GPG key over socket. So now we can use the public key from there.

Get SSH public key:

# WSL2
$ ssh-add -L

Take the output and paste it to GitHub settings -> SSH and GPG Keys -> New SSH Key.

When you now try to pull or push from remote GIT repository, there will show up a modal requesting your GPG PIN on your screen.

Signing git commits with GPG

  1. Configure Git by
# WSL2
git config --global user.signingkey YOUR_KEY_ID # In my case 1E9...
git config --global gpg.program gpg
git config --global commit.gpgsign true

2. Export Public Key

# WSL2
gpg --armor --export YOUR_KEY_ID # In my case 1E9...

3. Put this public GPG key to GitHub Setting -> SSH and GPG keys -> New GPG Key. In case you’re using GitLab, Bitbucket or other Git servers, there is a similar way to configure GPG Key.

Now when you create a new commit, there will show up a dialog requesting your PIN on your screen.

Dialog requesting your GPG PIN

In case you’re using verified Email address (in Github) for the GPG key and you configured the same address in Git git config — global user.email. You should be able to see Verified badge next to your commit.

A Commit with Verified badge

We’ll continue in the part 4

--

--