arno
/
YubiKey-Guide
mirror of https://github.com/drduh/YubiKey-Guide.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Formatting fix.

Browse Source
pull/60/head
drduh 6 years ago committed by GitHub
parent 185d08591a
commit 254fd2c3d2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File

12
README.md
Unescape View File

@ -381,7 +381,6 @@ Finally, create an [authentication key](https://superuser.com/questions/390265/w
GPG doesn't provide a 'RSA (authenticate only)' key type out of the box, so select 'RSA (set your own capabilities)' and toggle the required capabilities to end up with an Authenticate-only key: GPG doesn't provide a 'RSA (authenticate only)' key type out of the box, so select 'RSA (set your own capabilities)' and toggle the required capabilities to end up with an Authenticate-only key:
```
gpg> addkey gpg> addkey
Please select what kind of key you want: Please select what kind of key you want:
(3) DSA (sign only) (3) DSA (sign only)
@ -467,7 +466,6 @@ GPG doesn't provide a 'RSA (authenticate only)' key type out of the box, so sele
gpg> save gpg> save
## 3.6 Check your work ## 3.6 Check your work
List your new secret keys: List your new secret keys:
@ -503,7 +501,6 @@ Save a copy of your keys:
$ gpg --armor --export-secret-keys $KEYID > $GNUPGHOME/mastersub.key $ gpg --armor --export-secret-keys $KEYID > $GNUPGHOME/mastersub.key
$ gpg --armor --export-secret-subkeys $KEYID > $GNUPGHOME/sub.key $ gpg --armor --export-secret-subkeys $KEYID > $GNUPGHOME/sub.key
The exported (primary) key will still have the passphrase in place. The exported (primary) key will still have the passphrase in place.
In addition to the backup below, you might want to keep a separate copy of the In addition to the backup below, you might want to keep a separate copy of the
@ -616,12 +613,13 @@ Create a filesystem:
Writing superblocks and filesystem accounting information: done Writing superblocks and filesystem accounting information: done
Mount the filesystem: Mount the filesystem:
$ sudo mkdir /mnt/usb $ sudo mkdir /mnt/usb
$ sudo mount /dev/mapper/encrypted-usb /mnt/usb $ sudo mount /dev/mapper/encrypted-usb /mnt/usb
Finally, copy files to it: Finally, copy files to it:
$ sudo cp -avi $GNUPGHOME /mnt/usb $ sudo cp -avi $GNUPGHOME /mnt/usb
/tmp/tmp.aaiTTovYgo -> /mnt/usb/tmp.aaiTTovYgo /tmp/tmp.aaiTTovYgo -> /mnt/usb/tmp.aaiTTovYgo
/tmp/tmp.aaiTTovYgo/revoke.txt -> /mnt/usb/tmp.aaiTTovYgo/revoke.txt /tmp/tmp.aaiTTovYgo/revoke.txt -> /mnt/usb/tmp.aaiTTovYgo/revoke.txt
/tmp/tmp.aaiTTovYgo/gpg.conf -> /mnt/usb/tmp.aaiTTovYgo/gpg.conf /tmp/tmp.aaiTTovYgo/gpg.conf -> /mnt/usb/tmp.aaiTTovYgo/gpg.conf
@ -635,6 +633,7 @@ Finally, copy files to it:
/tmp/tmp.aaiTTovYgo/pubring.gpg -> /mnt/usb/tmp.aaiTTovYgo/pubring.gpg /tmp/tmp.aaiTTovYgo/pubring.gpg -> /mnt/usb/tmp.aaiTTovYgo/pubring.gpg
Keep the backup mounted if you plan on setting up two or more keys (as `keytocard` will [delete](https://lists.gnupg.org/pipermail/gnupg-users/2016-July/056353.html) the local copy on save), otherwise unmount and disconnected the encrypted USB drive: Keep the backup mounted if you plan on setting up two or more keys (as `keytocard` will [delete](https://lists.gnupg.org/pipermail/gnupg-users/2016-July/056353.html) the local copy on save), otherwise unmount and disconnected the encrypted USB drive:
$ sudo umount /mnt/usb $ sudo umount /mnt/usb
$ sudo cryptsetup luksClose encrypted-usb $ sudo cryptsetup luksClose encrypted-usb
@ -651,6 +650,7 @@ YubiKey NEOs shipped after November 2015 have [all modes enabled](https://www.yu
Older versions of the YubiKey NEO may need to be reconfigured as a composite USB device (HID + CCID) which allows OTPs to be emitted while in use as a smart card. Older versions of the YubiKey NEO may need to be reconfigured as a composite USB device (HID + CCID) which allows OTPs to be emitted while in use as a smart card.
Plug in your YubiKey and configure it: Plug in your YubiKey and configure it:
$ ykpersonalize -m82 $ ykpersonalize -m82
Firmware version 4.2.7 Touch level 527 Program sequence 4 Firmware version 4.2.7 Touch level 527 Program sequence 4
@ -672,8 +672,8 @@ Use the [YubiKey NEO Manager](https://www.yubico.com/products/services-software/
## 3.10 Configure smartcard ## 3.10 Configure smartcard
Use GPG to configure YubiKey as a smartcard: Use GPG to configure YubiKey as a smartcard:
$ gpg --card-edit
$ gpg --card-edit
Reader ...........: Yubico Yubikey 4 OTP U2F CCID Reader ...........: Yubico Yubikey 4 OTP U2F CCID
Application ID ...: D2760001240102010006055532110000 Application ID ...: D2760001240102010006055532110000
Version ..........: 2.1 Version ..........: 2.1
@ -1399,4 +1399,4 @@ The Yubikey has two configurations, one invoked with a short press, and the othe
<https://alexcabal.com/creating-the-perfect-gpg-keypair/> <https://alexcabal.com/creating-the-perfect-gpg-keypair/>
<https://www.void.gr/kargig/blog/2013/12/02/creating-a-new-gpg-key-with-subkeys/> <https://www.void.gr/kargig/blog/2013/12/02/creating-a-new-gpg-key-with-subkeys/>

Write Preview
Loading…
Cancel
Save