1
0
mirror of https://github.com/drduh/YubiKey-Guide.git synced 2024-12-22 05:38:13 +00:00

Merge pull request #231 from captn3m0/change-puk

Adds instructions on changing the PUK
This commit is contained in:
drduh 2021-05-31 16:19:29 +00:00 committed by GitHub
commit 1566801177
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -34,6 +34,7 @@ If you have a comment or suggestion, please open an [Issue](https://github.com/d
- [Export public keys](#export-public-keys)
- [Configure Smartcard](#configure-smartcard)
* [Change PIN](#change-pin)
* [Change PUK](#change-puk)
* [Set information](#set-information)
- [Transfer keys](#transfer-keys)
* [Signing](#signing-1)
@ -340,7 +341,7 @@ From YubiKey firmware version 5.2.3 onwards - which introduces "Enhancements to
## YubiKey
To feed the system's PRNG with entropy generated by the YubiKey itself, issue:
```console
```console
$ echo "SCD RANDOM 512" | gpg-connect-agent | sudo tee /dev/random | hexdump -C
```
This will seed the Linux kernel's PRNG with additional 512 bytes retrieved from the YubiKey.
@ -1283,9 +1284,17 @@ Use the [YubiKey Manager](https://developers.yubico.com/yubikey-manager) applica
## Change PIN
The default PIN is `123456` and default Admin PIN (PUK) is `12345678`. CCID-mode PINs can be up to 127 ASCII characters. They have to be at least 6 (PIN) or 8 (PUK) ASCII characters.
Your Yubikey has 2 PINs: The user PIN, which is used for end-user functionality such as signing and encryption and an admin PIN which is required for updating your information on the Yubikey. Entering the user PIN incorrectly three times consecutively will cause the PIN to become blocked.
The Admin PIN is required for some card operations and to unblock a PIN that has been entered incorrectly more than three times. See the GnuPG documentation on [Managing PINs](https://www.gnupg.org/howtos/card-howto/en/ch03s02.html) for details.
Name|Default Value
---|---
PIN|`123456`
Admin PIN|`12345678`
PUK|`12345678`
CCID-mode PINs can be up to 127 ASCII characters. They have to be at least 6 (PIN) or 8 (PUK) ASCII characters. See the GnuPG documentation on [Managing PINs](https://www.gnupg.org/howtos/card-howto/en/ch03s02.html) for details.
First set your admin and user PINs:
```console
gpg/card> admin
@ -1321,6 +1330,19 @@ Q - quit
Your selection? q
```
## Change PUK
The PUK (Pin Unlock Key) can be used to reset the PIN if it is ever lost or becomes blocked after the maximum number of incorrect attempts (default 3). The default PUK is `12345678`. If the PUK is also entered incorrectly three times, the key is permanently irrecoverable. You can set your PUK to the same as your daily PIN, giving you a total of 6 attempts.
```console
ykman piv change-puk
Enter your current PUK:
Enter your new PUK:
Repeat for confirmation:
New PUK set.
```
## Set information
Some fields are optional.