arno
/
YubiKey-Guide
mirror of https://github.com/drduh/YubiKey-Guide.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Update ykman set-touch instructions

Browse Source
pull/383/head
Omar Kotb 1 year ago
parent fec6e92b8f
commit 327307dc46
No known key found for this signature in database
GPG Key ID: FA4C051E528DFC1A
1 changed files with 18 additions and 17 deletions
Show Stats Download Patch File Download Diff File

35
README.md
Unescape View File

@ -2675,37 +2675,38 @@ $ ykman openpgp keys set-touch sig on
Encryption: Encryption:
```console ```console
$ ykman openpgp keys set-touch enc on $ ykman openpgp keys set-touch dec on
``` ```
**Note** Versions of YubiKey Manager before 5.1.0 use `enc` instead of `dec` for encryption.
Depending on how the YubiKey is going to be used, you may want to look at the policy options for each of these and adjust the above commands accordingly. They can be viewed with the following command: Depending on how the YubiKey is going to be used, you may want to look at the policy options for each of these and adjust the above commands accordingly. They can be viewed with the following command:
``` ```
$ ykman openpgp keys set-touch -h $ ykman openpgp keys set-touch -h
Usage: ykman openpgp keys set-touch [OPTIONS] KEY POLICY Usage: ykman openpgp keys set-touch [OPTIONS] KEY POLICY
Set touch policy for OpenPGP keys. Set the touch policy for OpenPGP keys.
KEY Key slot to set (sig, enc, aut or att).
POLICY Touch policy to set (on, off, fixed, cached or cached-fixed).
The touch policy is used to require user interaction for all operations using the private key on the YubiKey. The touch policy is set individually for each key slot. To see the current touch policy, run The touch policy is used to require user interaction for all operations using the private key on the YubiKey. The touch policy is set
individually for each key slot. To see the current touch policy, run the "openpgp info" subcommand.
$ ykman openpgp info
Touch policies: Touch policies:
Off (default) No touch required Off (default) no touch required
On Touch required On touch required
Fixed Touch required, can't be disabled without a full reset Fixed touch required, can't be disabled without deleting the private key
Cached Touch required, cached for 15s after use Cached touch required, cached for 15s after use
Cached-Fixed Touch required, cached for 15s after use, can't be disabled Cached-Fixed touch required, cached for 15s after use, can't be disabled
without a full reset without deleting the private key
KEY key slot to set (sig, dec, aut or att)
POLICY touch policy to set (on, off, fixed, cached or cached-fixed)
Options: Options:
-a, --admin-pin TEXT Admin PIN for OpenPGP. -a, --admin-pin TEXT Admin PIN for OpenPGP
-f, --force Confirm the action without prompting. -f, --force confirm the action without prompting
-h, --help Show this message and exit. -h, --help show this message and exit
``` ```
If the YubiKey is going to be used within an email client that opens and verifies encrypted mail, `Cached` or `Cached-Fixed` may be desirable. If the YubiKey is going to be used within an email client that opens and verifies encrypted mail, `Cached` or `Cached-Fixed` may be desirable.

Write Preview
Loading…
Cancel
Save