SUMMARY.md

Summary

• Introduction
  • About the author
• Personal Identity Verification (PIV)
  • Use cases for a PIV-enabled Yubikey
  • Yubikey PIV Manager
• Device initialization
• Authenticating SSH with PIV and PKCS#11 (client)
  • Troubleshooting
• Authenticating SSH via User Certificates (server)
  • Generating the Key Revocation List (KRL)
• Authenticating SSH Host Certificates (client)
  • Additional resources
• 2FA via Yubico OTP (server)
  • Setting up a remote server
    • Prerequisites (demonstration only)
    • Configuring OpenSSH (sshd) for 2FA authentication
    • Installing libpam-yubico
    • Creating the Yubikey PAM authentication policy
    • Yubikey authentication module
  • Testing
• OATH (TOTP and HOTP)
  • Using the Yubico Authenticator
• U2F (Security Keys)
• Docker Content Trust
  • Key Management
  • Running Notary services
    • Configuring Notary
    • Managing certificates
    • Additional resources
  • Pushing a signed Docker image
    • Generate the root key on the Yubikey
    • Pushing the image
  • Listing signed images on a remote repository
  • Delegation roles
    • Generating a delegation key
    • Importing a delegation certificate
    • Using a delegation key
    • Automating image signing on CI systems
  • Removing a delegation key
  • Rotating a key
    • Snapshot key
    • Timestamp key
    • Targets key
  • Threshold validation signing
• OpenPGP
  • Touch protection
    • Enabling touch protection
  • Importing keys
  • Editing metadata
  • Git signing
    • Signing tags
    • Verifying tags
    • Signing commits
    • Verifying commits
    • Signing merges
    • Signing pushes
  • Authenticating SSH with GPG
  • Troubleshooting
    • gpg failed to sign the data
• macOS integration
  • Offline authentication using HMAC-SHA1 Challenge-Response
    • Configuring HMAC-SHA1 Challenge-Response
  • Login and keychain authentication
    • Managing pairing