差異處

這裏顯示兩個版本的差異處。

--- yubikey [2017/12/17 20:56]
jz
+++ yubikey [2019/02/02 18:46] (目前版本)
jz
@@ 行 9: / 行 9: @@
 <code>
+# yubikey manager
+pacman -S yubikey-manager
 # smart card daemon
 systemctl start pcscd.service
@@ 行 14: / 行 17: @@
 # enable U2F/smartcard/CCID feature
-ykpersonalize -m86
+ykpersonalize -m86 # yubikey 4 or below
+ykman config usb --enable-all # yubikey 5 or up
 # generate key
@@ 行 51: / 行 55: @@
 </code>
-===== Chanage PIN =====
+===== Delete key slot =====
 <code>
+yubico-piv-tool -adelete-certificate -s9a -k
+</code>
+===== Chanage PIN & PUK & management key =====
+<code>
+yubico-piv-tool -achange-pin
+yubico-piv-tool -achange-puk
+key=`dd if=/dev/random bs=1 count=24 2>/dev/null | hexdump -v -e '/1 "%02X"'`
+echo $key
+yubico-piv-tool -aset-mgm-key -n$key
+</code>
+<code>
+The default PIN code is 123456. The default PUK code is 12345678.
+The default 3DES management key (9B) is 010203040506070801020304050607080102030405060708.
+</code>
+===== GPG key =====
+<code>
+# generate key
+gpg --full-gen-key
+# edit key
+gpg --expert --edit-key {KEYID}
+# add a pure authentication key
+addkey
+A
+S
+E
+Q
+y
+y
+quit
+y
+# Backup
+gpg --armor --output privkey.sec --export-secret-key {KEYID}
+gpg --armor --output subkeys.sec --export-secret-subkeys {KEYID}
+gpg --armor --output pubkey.sec --export {KEYID}
+# Import key to card
+gpg --expert --edit-key {KEYID}
+toggle
+keytocard
+y
+key 1
+keytocard
+key 1
+key 2
+keytocard
+quit
+y
+# Import key from card (Public key)
 gpg --card-edit
-admin
+fetch
-passwd
+quit
-# go ahead change PIN and Admin PIN
+# List keys
+gpg --card-status
+# Export public key
+gpg --export --armor {KEYID}
+</code>
+===== Unblock GPG PIN =====
+<code>
+gpg --card-status
+PIN retry counter : 0 0 3
+gpg --card-edit
+gpg/card> admin
+Admin commands are allowed
+gpg/card> passwd
+gpg: OpenPGP card no. … detected
+- change PIN
+- unblock PIN
+- change Admin PIN
+- set the Reset Code
+Q - quit
+Your selection? 2
+PIN unblocked and new PIN set.
+- change PIN
+- unblock PIN
+- change Admin PIN
+- set the Reset Code
+Q - quit
+Your selection? q
+</code>
+===== Reset Yubikey =====
+<code>
+# Attempt to use an invalid PIN multiple times to block it #
+yubico-piv-tool -a verify-pin -P 000000
+yubico-piv-tool -a verify-pin -P 000000
+yubico-piv-tool -a verify-pin -P 000000
+yubico-piv-tool -a verify-pin -P 000000
+# Attempt to change PUK using an invalid PUK multiple times to block it #
+yubico-piv-tool -a change-puk -P 000000 -N 000001
+yubico-piv-tool -a change-puk -P 000000 -N 000001
+yubico-piv-tool -a change-puk -P 000000 -N 000001
+yubico-piv-tool -a change-puk -P 000000 -N 000001
+Once PIN and PUK are both blocked, you can reset the YubiKey.
+yubico-piv-tool -a reset
 </code>
@@ 行 68: / 行 186: @@
 **Ref**
+  * https://developers.yubico.com/PIV/Guides/Device_setup.html
+  * https://forum.yubico.com/viewtopic.php?f=26&t=1344
+  * https://developers.yubico.com/yubico-piv-tool/YubiKey_PIV_introduction.html
   * https://ruimarinho.gitbooks.io/yubikey-handbook
   * https://github.com/drduh/YubiKey-Guide
@@ 行 76: / 行 197: @@
   * https://github.com/Yubico/yubico-piv-tool
   * https://wikitech.wikimedia.org/wiki/Yubikey-SSH
+  * https://developers.yubico.com/PGP/Importing_keys.html
+  * https://gist.github.com/ageis/5b095b50b9ae6b0aa9bf
+  * https://gist.github.com/ageis/14adc308087859e199912b4c79c4aaa4
+  * https://github.com/ruimarinho/yubikey-handbook/blob/master/openpgp/troubleshooting/gpg-failed-to-sign-the-data.md
+  * https://www.mjollnir.cc/archives/216.html