Consider purchasing a pair and programming both in case of loss or damage.
Consider purchasing a pair and programming both in case of loss or damage to oneof them.
# Install required software
# Install required software
@ -94,9 +94,6 @@ Consider purchasing a pair and programming both in case of loss or damage.
## Create master key
## Create master key
$ gpg --gen-key
$ gpg --gen-key
gpg (GnuPG) 1.4.18; Copyright (C) 2014 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
Please select what kind of key you want:
(1) RSA and RSA (default)
(1) RSA and RSA (default)
@ -191,10 +188,6 @@ Consider purchasing a pair and programming both in case of loss or damage.
$ gpg --expert --edit-key 0x47FE984F98EE7407
$ gpg --expert --edit-key 0x47FE984F98EE7407
gpg (GnuPG) 1.4.18; Copyright (C) 2014 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
Secret key is available.
pub 4096R/0x47FE984F98EE7407 created: 2016-01-30 expires: never usage: SC
pub 4096R/0x47FE984F98EE7407 created: 2016-01-30 expires: never usage: SC
@ -404,9 +397,108 @@ Consider purchasing a pair and programming both in case of loss or damage.
## Back up everything
## Back up everything
Once keys are moved to hardware, they cannot be extracted again (otherwise, what would be the point?), so make sure you have made a backup before proceeding.
Once keys are moved to hardware, they cannot be extracted again (otherwise, what would be the point?), so make sure you have made an *encrypted* backup before proceeding.
To use a USB drive, attach it and check its label:
$ dmesg | tail
[ 7667.607011] scsi8 : usb-storage 2-1:1.0
[ 7667.608766] usbcore: registered new interface driver usb-storage
[ 7668.874016] scsi 8:0:0:0: USB 0: 0 ANSI: 6
[ 7668.874242] sd 8:0:0:0: Attached scsi generic sg4 type 0
@ -417,7 +509,7 @@ Once keys are moved to hardware, they cannot be extracted again (otherwise, what
Commit? (y/n) [n]: y
Commit? (y/n) [n]: y
>The -m option is the mode command. To see the different modes, enter ykpersonalize –help. Mode 82 (in hex) enables the YubiKey NEO as a composite USB device (HID + CCID) and allows OTPs to be emitted while in use as a smart card. Once you have changed the mode, you need to re-boot the YubiKey – so remove and re-insert it.
>The -m option is the mode command. To see the different modes, enter ykpersonalize –help. Mode 82 (in hex) enables the YubiKey NEO as a composite USB device (HID + CCID) and allows OTPs to be emitted while in use as a smart card. Once you have changed the mode, you need to re-boot the YubiKey – so remove and re-insert it.
gpg: encrypted with 4096-bit RSA key, ID 0x39988E0390CB4B0C, created 2016-01-30
gpg: encrypted with 4096-bit RSA key, ID 0x39988E0390CB4B0C, created 2016-01-30
@ -889,8 +975,9 @@ Type `key 1` again to deselect and switch to the next key.
- Don't write to drduh@users.noreply.github.com, open an issue on GitHub instead.
- Don't write to drduh@users.noreply.github.com, open an issue on GitHub instead.
- Programming YubiKey for GPG keys still lets you use its two slots - OTP and static password modes, for example.
- Programming YubiKey for GPG keys still lets you use its two slots - OTP and static password modes, for example.
- If you encounter problems, simply try unplugging and re-inserting your YubiKey, and restarting the `gpg-agent` process.
- ECC may be preferred to RSA 4096, but the 1.4.x branch of GnuPG does not support it.
- ECC may be preferred to RSA 4096, but the 1.4.x branch of GnuPG does not support it.
- If you encounter problems, try unplugging and re-inserting your YubiKey. Also try installing and using GnuPG 2.x (`sudo apt-get install gnupg2` and `gpg2`)
- Try installing and using the newer, more feature-rich [GnuPG 2.x](https://superuser.com/questions/655246/are-gnupg-1-and-gnupg-2-compatible-with-each-other) with `sudo apt-get install gnupg2`