This tutoriall will explain you how to use the YubiKey inside a WSL2 instance.
Install GPG4Win.
Start up Kleopatra and make sure your YubiKey is loaded there.
You can also add GPG4Win to Startup folder using a link with this Target:
"C:\Program Files (x86)\GnuPG\bin\gpg-connect-agent.exe"
/bye
This will only load the agent at Startup, and you won’t be bothered by any UI or tray agent.
Download wsl2-ssh-pageant
Put it into your Windows %userprofile%/.ssh
directory (Windows dir is important for performance).
Install socat
and gpg
inside WSL as you would in a “normal” distro, e.g.
sudo apt-get install -y gnupg gnupg-agent socat
Create profile
Create a ~/.bash_profile
or ~/.zprofile
(for ZSH) inside WSL:
### https://github.com/BlackReloaded/wsl2-ssh-pageant#bashzsh
WIN_USER="<your_windows_username_here>"
SSH_DIR="${HOME}/.ssh" #
mkdir -p "${SSH_DIR}"
wsl2_ssh_pageant_bin="${SSH_DIR}/wsl2-ssh-pageant.exe"
ln -sf "/mnt/c/Users/${WIN_USER}/.ssh/wsl2-ssh-pageant.exe" "${wsl2_ssh_pageant_bin}"
listen_socket() {
sock_path="$1" && shift
fork_args="${sock_path},fork"
exec_args="${wsl2_ssh_pageant_bin} $@"
if ! ps x | grep -v grep | grep -q "${fork_args}"; then
rm -f "${sock_path}"
(setsid nohup socat "UNIX-LISTEN:${fork_args}" "EXEC:${exec_args}" &>/dev/null &)
fi
}
# SSH
export SSH_AUTH_SOCK="${SSH_DIR}/agent.sock"
listen_socket "${SSH_AUTH_SOCK}"
# GPG
export GPG_AGENT_SOCK="${HOME}/.gnupg/S.gpg-agent"
listen_socket "${GPG_AGENT_SOCK}" --gpg S.gpg-agent
# GPG extra for agent forwarding to devcontainers in VS Code
export GPG_AGENT_SOCK_EXTRA="${HOME}/.gnupg/S.gpg-agent.extra"
listen_socket "${GPG_AGENT_SOCK_EXTRA}" --gpg S.gpg-agent.extra
unset wsl2_ssh_pageant_bin
###
You can also create this file inside a C: drive and then create a symlink to it, e.g.
ln -s ~/.zprofile /mnt/c/WSL/scripts/.zprofile
which enables sharing of the same file across multiple WSL distros.
Log out and back into WSL.
Import Key
Import your GPG key(s) inside WSL, just as you normally would.
You’re now ready to go!
Inspired by dinvlad/YubiKey GPG inside WSL2.md
Psst, you want to know how Git Sign with GPG inside WSL2 works? Take a look!