Setting a Windows 10 computer up w/ existing OpenPGP and Yubikey

This covers getting a new Windows 10 instance working with an existing openpgp setup and yubikey. It doesn't cover creating the openpgp key and linking it with the yubikey in the first place.


Winget/Powershell (Core)

I use winget to install my packages, but you can grab the packages individually, or use choco or something else.

  1. Grab winget and install it (double click on the appbundle downloaded).
  2. Open up Powershell as administrator and run: winget install gpg4win, winget install putty, and winget install git (git is optional)
  3. In a normal Powershell window, import your existing key with: gpg --import [publickeyfile].gpg
  4. Run gpg --edit-key [keyhash] to go to the edit interface for the key.
  5. Type trust and trust your key ultimately. Type 'save' to save and quit.
  6. Open the Kleopatra app (installed as part of gpg4win).
  7. Go to Settings->Configure Kleopatra->GnuPG System->Private Keys->Options controlling the configuration and select “Enable ssh support” and “Enable putty support”
  8. Hit WIN-R and type “shell:startup”
  9. Create a shortcut to “gpg-connect-agent /bye”. Mark it to start minimised.
  10. Set an evironment variable of GIT_SSH to C:\Program Files\PuTTY\plink.exe
  11. Download and install WSL-SSH-Pagaent and install it.
  12. Follow the instructions here for setting it up and automating it.
  13. Set an environment variable making SSH_AUTH_SOCK map to the pipe created in step 12 ('\\.\pipe\winssh-pageant')
  14. Follow the instructions here for the WSL2 scripts (not the windows-side-setup, which was already done), however modify the socat command for SSH_AUTH_SOCK to be '\/\/.\/pipe\/winssh-pageant', with the backslashes included.
  15. Start a new WSL2 session and SSH keys and GPG should be working in WSL2.