差異處
這裏顯示兩個版本的差異處。
| Both sides previous revision 前次修改 下次修改 | 前次修改 | ||
|
yubikey [2018/01/01 23:01] jz |
yubikey [2019/02/02 18:46] (目前版本) jz |
||
|---|---|---|---|
| 行 9: | 行 9: | ||
| <code> | <code> | ||
| + | # yubikey manager | ||
| + | pacman -S yubikey-manager | ||
| + | |||
| # smart card daemon | # smart card daemon | ||
| systemctl start pcscd.service | systemctl start pcscd.service | ||
| 行 14: | 行 17: | ||
| # enable U2F/smartcard/CCID feature | # enable U2F/smartcard/CCID feature | ||
| - | ykpersonalize -m86 | + | ykpersonalize -m86 # yubikey 4 or below |
| + | ykman config usb --enable-all # yubikey 5 or up | ||
| # generate key | # generate key | ||
| 行 49: | 行 53: | ||
| IdentitiesOnly yes | IdentitiesOnly yes | ||
| PKCS11Provider opensc-pkcs11.so | PKCS11Provider opensc-pkcs11.so | ||
| + | </code> | ||
| + | |||
| + | ===== Delete key slot ===== | ||
| + | <code> | ||
| + | yubico-piv-tool -adelete-certificate -s9a -k | ||
| </code> | </code> | ||
| 行 64: | 行 73: | ||
| The default PIN code is 123456. The default PUK code is 12345678. | The default PIN code is 123456. The default PUK code is 12345678. | ||
| The default 3DES management key (9B) is 010203040506070801020304050607080102030405060708. | The default 3DES management key (9B) is 010203040506070801020304050607080102030405060708. | ||
| + | </code> | ||
| + | |||
| + | ===== GPG key ===== | ||
| + | <code> | ||
| + | # generate key | ||
| + | gpg --full-gen-key | ||
| + | |||
| + | # edit key | ||
| + | gpg --expert --edit-key {KEYID} | ||
| + | |||
| + | # add a pure authentication key | ||
| + | addkey | ||
| + | 8 | ||
| + | A | ||
| + | S | ||
| + | E | ||
| + | Q | ||
| + | 4096 | ||
| + | 0 | ||
| + | y | ||
| + | y | ||
| + | quit | ||
| + | y | ||
| + | |||
| + | # Backup | ||
| + | gpg --armor --output privkey.sec --export-secret-key {KEYID} | ||
| + | gpg --armor --output subkeys.sec --export-secret-subkeys {KEYID} | ||
| + | gpg --armor --output pubkey.sec --export {KEYID} | ||
| + | |||
| + | # Import key to card | ||
| + | gpg --expert --edit-key {KEYID} | ||
| + | toggle | ||
| + | keytocard | ||
| + | y | ||
| + | 1 | ||
| + | key 1 | ||
| + | keytocard | ||
| + | 2 | ||
| + | key 1 | ||
| + | key 2 | ||
| + | keytocard | ||
| + | 3 | ||
| + | quit | ||
| + | y | ||
| + | |||
| + | # Import key from card (Public key) | ||
| + | gpg --card-edit | ||
| + | fetch | ||
| + | quit | ||
| + | |||
| + | # List keys | ||
| + | gpg --card-status | ||
| + | |||
| + | # Export public key | ||
| + | gpg --export --armor {KEYID} | ||
| + | </code> | ||
| + | |||
| + | ===== Unblock GPG PIN ===== | ||
| + | <code> | ||
| + | gpg --card-status | ||
| + | PIN retry counter : 0 0 3 | ||
| + | |||
| + | gpg --card-edit | ||
| + | gpg/card> admin | ||
| + | Admin commands are allowed | ||
| + | |||
| + | gpg/card> passwd | ||
| + | gpg: OpenPGP card no. … detected | ||
| + | |||
| + | 1 - change PIN | ||
| + | 2 - unblock PIN | ||
| + | 3 - change Admin PIN | ||
| + | 4 - set the Reset Code | ||
| + | Q - quit | ||
| + | |||
| + | Your selection? 2 | ||
| + | PIN unblocked and new PIN set. | ||
| + | |||
| + | 1 - change PIN | ||
| + | 2 - unblock PIN | ||
| + | 3 - change Admin PIN | ||
| + | 4 - set the Reset Code | ||
| + | Q - quit | ||
| + | |||
| + | Your selection? q | ||
| </code> | </code> | ||
| 行 103: | 行 197: | ||
| * https://github.com/Yubico/yubico-piv-tool | * https://github.com/Yubico/yubico-piv-tool | ||
| * https://wikitech.wikimedia.org/wiki/Yubikey-SSH | * https://wikitech.wikimedia.org/wiki/Yubikey-SSH | ||
| + | * https://developers.yubico.com/PGP/Importing_keys.html | ||
| + | * https://gist.github.com/ageis/5b095b50b9ae6b0aa9bf | ||
| + | * https://gist.github.com/ageis/14adc308087859e199912b4c79c4aaa4 | ||
| + | * https://github.com/ruimarinho/yubikey-handbook/blob/master/openpgp/troubleshooting/gpg-failed-to-sign-the-data.md | ||
| + | * https://www.mjollnir.cc/archives/216.html | ||
