upagge/digital-garden
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
00f118d336
digital-garden/_inbox/Yubikey.md
Struchkov Mark 21862337fc
init commit
2024-06-13 21:01:37 +03:00

3.1 KiB
Raw Blame History

aliases tags date zero-link linked
юбикей
зрелость/🌱
2024-01-09
00 DevOps

Заметки

Первичная настройка

Вставляем юбикей и вводим команду

gpg --card-status

В новом юбикей вывод будет примерно такой

Reader ...........: Yubico YubiKey OTP FIDO CCID
Application ID ...: D2760001240100000006223209330000
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: Yubico
Serial number ....: 22320933
Name of cardholder: [не установлено]
Language prefs ...: [не установлено]
Salutation .......: 
URL of public key : [не установлено]
Login data .......: [не установлено]
Signature PIN ....: не требуется
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 0 3
Signature counter : 0
KDF setting ......: off
UIF setting ......: Sign=off Decrypt=off Auth=off
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]

Смена пинкодов

  • Сменить pin.
    • По умолчанию pin: 123456
  • Сменить puk.
    • По умолчанию puk: 12345678
  • Сменить managment key

Сменить pin для gpg

ubuntu@ubuntu:~/Desktop$ gpg --edit-card

Reader ...........: 1050:04cccccccccccdf:0
Application ID ...: D2ccccccccc00
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: Yubico
Serial number ....: 2057xxxxx
Name of cardholder: [not set]
Language prefs ...: [not set]
Salutation .......: 
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 0 3
Signature counter : 0
KDF setting ......: off
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]

gpg/card> admin   (go to admin mode)
Admin commands are allowed

gpg/card> passwd 
gpg: OpenPGP card no. D2xxxxxxxxxxxxxxxxxxxxxxxx000 detected

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

Your selection? 1
Error changing the PIN: Bad PIN

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

Your selection? 1  (the default PIN is 123456)
PIN changed.

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

Your selection? 3 (the default admin PIN is 12345678)
PIN changed.

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

Your selection? q

gpg/card> quit

Перенос gpg ключа

Сначала генерируем gpg ключ

Для переноса существующего ключа используем команду

gpg --edit-key <KEY_ID>

После входа в режим редактирования можно использовать команду

keytocard

Полезные материалы