⭕Setting up CLI / GPG

Instructions on setting up the GPG command-line interface.

GPG (GNU Privacy Guard) is an interface / technology which is included with your Yubikey 5 Series security device. You can read a brief rundown on what GPG does with the documentation below:

GPG Introduction

Explains what GPG is and if you need it.

❊ How to Get

GPG as a technology is included on your Yubikey, however, if you want to actually do things with GPG or create keys, you'll need software which allows you to execute commands related to GPG itself.

Download the software based on your operating system:

Windows	https://gpg4win.org/
MacOS	https://gpgtools.org/
All Operating Systems	https://gnupg.org/download/

For the remainder of this guide, we'll be showing examples using Gpg4Win. I personally have never used a Mac before, but if I find any additional details; I'll surely add them.

❊ Where is it?

Once you have installed the software above, you'll notice a few new programs on your computer.

The main thing we're looking for, is the command-line version of GPG, which is located at:

C:\Program Files (x86)\GnuPG\bin

The command-line allows us to execute actions related to GPG from your Command Prompt, Terminal, or Powershell.

❊ Accessing GPG CLI

If you want to run commands with gpg, you have two options:

• Change to the directory where gpg's bin folder is every time you open Command Prompt, Terminal, or Powershell, OR;

• Create an environment variable which allows you to open Command Prompt, Terminal, or Powershell and immediately start typing your command no matter what folder you are in.

Setting up Environment Variables (Windows)

Click and type Environment.

The option Edit the system environment variables should appear.

Once the dialog box appears on the Advanced tab, at the bottom, click

You should see two seperate boxes labeled USER VARIABLES and SYSTEM VARIABLES.

In the System Variables box, locate the line which defines Path.

Highlight the Path line and then click

We need to add the GPG's bin folder as a new system variable.

Select on the right hand side of the new dialog window.

You will notice a box open up at the very bottom of the window where you can type.

In the box, enter C:\Program Files (x86)\GnuPG\bin

While you're here, if you plan on using ykman command-line with your Yubikey and are running Windows, you can also add:

C:\Program Files\Yubico\YubiKey Manager

Once you enter the path to GPG's bin folder, you can click

You have now created a System Environment Variable which will become extremely useful.

To test if it works, open Command Prompt, Terminal, or Powershell in a new window. You should start in your user's home folder which is C:\Users\yourusername.

In the box, simply type gpg --help and press enter.

You should see a large amount of text print in your window:

If you see the output of GPG without being in the gpg folder folder, that means your system environment variable is working. You can now run any gpg command from any folder.

This becomes extremely helpful and less annoying.

However, if you get any of the following:

The term 'gpg' is not recognized as a name of a cmdlet

'gpg' is not recognized as an internal or external command, operable program or batch file.

Go back to your system environment variables list again and confirm you typed the correct path. Open your File Manager and try to go to the folder C:\Program Files (x86)\GnuPG\bin

If you do not see the folder at all, make sure you have GPG4Win installed.

Finally, try rebooting your system after confirming everything else.

❊ Now What?

You have unlocked a whole new world of options on how you can configure your Yubikey.

We recommend checking out our Setting up a New Key guide to see if there's anything there you want to do.

You can also view our guide on Setting up CLI / ykman.