arno
/
YubiKey-Guide
mirror of https://github.com/drduh/YubiKey-Guide.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Formatting fix.

Browse Source
pull/60/head
drduh 6 years ago committed by GitHub
parent 185d08591a
commit 254fd2c3d2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File

12
README.md
Unescape View File

@ -381,7 +381,6 @@ Finally, create an [authentication key](https://superuser.com/questions/390265/w
GPG doesn't provide a 'RSA (authenticate only)' key type out of the box, so select 'RSA (set your own capabilities)' and toggle the required capabilities to end up with an Authenticate-only key:
```
gpg> addkey
Please select what kind of key you want:
(3) DSA (sign only)
@ -467,7 +466,6 @@ GPG doesn't provide a 'RSA (authenticate only)' key type out of the box, so sele
gpg> save
## 3.6 Check your work
List your new secret keys:
@ -503,7 +501,6 @@ Save a copy of your keys:
$ gpg --armor --export-secret-keys $KEYID > $GNUPGHOME/mastersub.key
$ gpg --armor --export-secret-subkeys $KEYID > $GNUPGHOME/sub.key
The exported (primary) key will still have the passphrase in place.
In addition to the backup below, you might want to keep a separate copy of the
@ -616,12 +613,13 @@ Create a filesystem:
Writing superblocks and filesystem accounting information: done
Mount the filesystem:
$ sudo mkdir /mnt/usb
$ sudo mount /dev/mapper/encrypted-usb /mnt/usb
Finally, copy files to it:
$ sudo cp -avi $GNUPGHOME /mnt/usb
$ sudo cp -avi $GNUPGHOME /mnt/usb
/tmp/tmp.aaiTTovYgo -> /mnt/usb/tmp.aaiTTovYgo
/tmp/tmp.aaiTTovYgo/revoke.txt -> /mnt/usb/tmp.aaiTTovYgo/revoke.txt
/tmp/tmp.aaiTTovYgo/gpg.conf -> /mnt/usb/tmp.aaiTTovYgo/gpg.conf
@ -635,6 +633,7 @@ Finally, copy files to it:
/tmp/tmp.aaiTTovYgo/pubring.gpg -> /mnt/usb/tmp.aaiTTovYgo/pubring.gpg
Keep the backup mounted if you plan on setting up two or more keys (as `keytocard` will [delete](https://lists.gnupg.org/pipermail/gnupg-users/2016-July/056353.html) the local copy on save), otherwise unmount and disconnected the encrypted USB drive:
$ sudo umount /mnt/usb
$ sudo cryptsetup luksClose encrypted-usb
@ -651,6 +650,7 @@ YubiKey NEOs shipped after November 2015 have [all modes enabled](https://www.yu
Older versions of the YubiKey NEO may need to be reconfigured as a composite USB device (HID + CCID) which allows OTPs to be emitted while in use as a smart card.
Plug in your YubiKey and configure it:
$ ykpersonalize -m82
Firmware version 4.2.7 Touch level 527 Program sequence 4
@ -672,8 +672,8 @@ Use the [YubiKey NEO Manager](https://www.yubico.com/products/services-software/
## 3.10 Configure smartcard
Use GPG to configure YubiKey as a smartcard:
$ gpg --card-edit
$ gpg --card-edit
Reader ...........: Yubico Yubikey 4 OTP U2F CCID
Application ID ...: D2760001240102010006055532110000
Version ..........: 2.1
@ -1399,4 +1399,4 @@ The Yubikey has two configurations, one invoked with a short press, and the othe
<https://alexcabal.com/creating-the-perfect-gpg-keypair/>
<https://www.void.gr/kargig/blog/2013/12/02/creating-a-new-gpg-key-with-subkeys/>
<https://www.void.gr/kargig/blog/2013/12/02/creating-a-new-gpg-key-with-subkeys/>

Write Preview
Loading…
Cancel
Save