mirror of
https://github.com/drduh/YubiKey-Guide.git
synced 2024-12-22 05:38:13 +00:00
Merge pull request #231 from captn3m0/change-puk
Adds instructions on changing the PUK
This commit is contained in:
commit
1566801177
28
README.md
28
README.md
@ -34,6 +34,7 @@ If you have a comment or suggestion, please open an [Issue](https://github.com/d
|
||||
- [Export public keys](#export-public-keys)
|
||||
- [Configure Smartcard](#configure-smartcard)
|
||||
* [Change PIN](#change-pin)
|
||||
* [Change PUK](#change-puk)
|
||||
* [Set information](#set-information)
|
||||
- [Transfer keys](#transfer-keys)
|
||||
* [Signing](#signing-1)
|
||||
@ -340,7 +341,7 @@ From YubiKey firmware version 5.2.3 onwards - which introduces "Enhancements to
|
||||
## YubiKey
|
||||
|
||||
To feed the system's PRNG with entropy generated by the YubiKey itself, issue:
|
||||
```console
|
||||
```console
|
||||
$ echo "SCD RANDOM 512" | gpg-connect-agent | sudo tee /dev/random | hexdump -C
|
||||
```
|
||||
This will seed the Linux kernel's PRNG with additional 512 bytes retrieved from the YubiKey.
|
||||
@ -1283,9 +1284,17 @@ Use the [YubiKey Manager](https://developers.yubico.com/yubikey-manager) applica
|
||||
|
||||
## Change PIN
|
||||
|
||||
The default PIN is `123456` and default Admin PIN (PUK) is `12345678`. CCID-mode PINs can be up to 127 ASCII characters. They have to be at least 6 (PIN) or 8 (PUK) ASCII characters.
|
||||
Your Yubikey has 2 PINs: The user PIN, which is used for end-user functionality such as signing and encryption and an admin PIN which is required for updating your information on the Yubikey. Entering the user PIN incorrectly three times consecutively will cause the PIN to become blocked.
|
||||
|
||||
The Admin PIN is required for some card operations and to unblock a PIN that has been entered incorrectly more than three times. See the GnuPG documentation on [Managing PINs](https://www.gnupg.org/howtos/card-howto/en/ch03s02.html) for details.
|
||||
Name|Default Value
|
||||
---|---
|
||||
PIN|`123456`
|
||||
Admin PIN|`12345678`
|
||||
PUK|`12345678`
|
||||
|
||||
CCID-mode PINs can be up to 127 ASCII characters. They have to be at least 6 (PIN) or 8 (PUK) ASCII characters. See the GnuPG documentation on [Managing PINs](https://www.gnupg.org/howtos/card-howto/en/ch03s02.html) for details.
|
||||
|
||||
First set your admin and user PINs:
|
||||
|
||||
```console
|
||||
gpg/card> admin
|
||||
@ -1321,6 +1330,19 @@ Q - quit
|
||||
Your selection? q
|
||||
```
|
||||
|
||||
## Change PUK
|
||||
|
||||
The PUK (Pin Unlock Key) can be used to reset the PIN if it is ever lost or becomes blocked after the maximum number of incorrect attempts (default 3). The default PUK is `12345678`. If the PUK is also entered incorrectly three times, the key is permanently irrecoverable. You can set your PUK to the same as your daily PIN, giving you a total of 6 attempts.
|
||||
|
||||
```console
|
||||
ykman piv change-puk
|
||||
|
||||
Enter your current PUK:
|
||||
Enter your new PUK:
|
||||
Repeat for confirmation:
|
||||
New PUK set.
|
||||
```
|
||||
|
||||
## Set information
|
||||
|
||||
Some fields are optional.
|
||||
|
Loading…
Reference in New Issue
Block a user