Before YubiKey can be used for signing, you must enable two-factor authentication on your account. If you already have two factor authentication enabled, you can skip to the next section.
Go to the Account Security Tab in Github
In the Two-factor Authentication section, click the "Enable two-factor authentication" button
There will be two methods available. Select "Set up using an app":
Download your recovery codes and store them in a safe offline area
Add the displayed QR code to your Yubico Authenticator application
Join the SS organization to complete setup
Sign out of your account and sign back in to ensure your credentials are set up properly
Go to the Account Security Tab in Github
In the Two-factor Authentication section, click the "Add" button in the "Security keys" row
Click the "Register new security key" option
Name your key, select the device correct USB device, and follow the prompts to complete registration
Sign out of your account and sign back in to ensure your credentials are set up properly
Ensure GPG is installed correctly, on version 2.2.x by running:
gpg --version
Update your ZSH/Bash Profile
export SSH_AUTH_SOCK=“${HOME}/.gnupg/S.gpg-agent.ssh”
Note: if you are using ZSH, change ~/.bash_profile to ~/.zshrc
Edit your ~/.gnupg/gpg-agent.conf to include the following lines.
BE SURE TO REPLACE ${USER} WITH YOUR macOS USER NAME!!
pinentry-program /usr/local/MacGPG2/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac
default-cache-ttl 10
default-cache-ttl-ssh 10
max-cache-ttl 7200
enable-ssh-support
extra-socket /Users/**{$USER}**/.gnupg/S.gpg-agent.remote
Add your GPG authorization subkey to SSH
ssh-add -l
The output should look similar to this:
ssh4096 SHA256:v2JxWaJVsy4r6pqGjEta79gRBtmjaXx26lcGEUNqdZE cardno:000608695208 (RSA)