Yubikey: Difference between revisions
Jump to navigation
Jump to search
| Line 190: | Line 190: | ||
Install dependencies | Install dependencies | ||
# apt-get install gnupg-agent | # apt-get install gnupg-agent | ||
# apt-get install pcscd | |||
# apt-get install pgpsm | |||
Revision as of 18:51, 10 December 2013
setup
buy it
plug it in
dmesg says:
[176545.484426] usb 3-1.1: new full-speed USB device number 9 using xhci_hcd [176545.506841] usb 3-1.1: New USB device found, idVendor=1050, idProduct=0110 [176545.506844] usb 3-1.1: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [176545.506847] usb 3-1.1: Product: Yubikey NEO OTP [176545.506848] usb 3-1.1: Manufacturer: Yubico [176545.506954] usb 3-1.1: ep 0x81 - rounding interval to 64 microframes, ep desc says 80 microframes [176545.511076] input: Yubico Yubikey NEO OTP as /devices/pci0000:00/0000:00:04.0/0000:02:00.0/usb3/3-1/3-1.1/3-1.1:1.0/input/input16 [176545.511167] hid-generic 0003:1050:0110.0005: input,hidraw4: USB HID v1.10 Keyboard [Yubico Yubikey NEO OTP] on usb-0000:02:00.0-1.1/input0
install yubikey utilities and libraries
The first thing it tells you is to install and run ykpersonalize:
- download, unpack
./configure
Fails with this error:
checking for libyubikey... no configure: error: libyubikey v1.5+ not found, see http://code.google.com/p/yubico-c/
- apt-get install libyubikey-dev
- apt-get install pkg-config (already present)
- apt-get install libusb-1.0-0-dev
- apt-get install libjson0-dev (optional)
./configure
success.
make sudo make install
Now ykinfo should work but fails like this:
# ykinfo ykinfo: error while loading shared libraries: libykpers-1.so.1: cannot open shared object file: No such file or directory
Need to run ldconfig to pick up changes
ldconfig
# ykinfo -v version: 3.1.2
install yubico-c
https://github.com/Yubico/yubico-c
- download the zip from github
- unpack
- make -f simple.mk check
OK, the command line tools now work and tests pass for modhex, ykparse, ykgenerate.
setup as pgp key
# ykpersonalize -m82 Firmware version 3.1.2 Touch level 1285 Program sequence 1 The USB mode will be set to: 0x82 Commit? (y/n) [n]: y
- remove and re-insert the yubikey
look for CCID in the dmesg output:
[181879.686402] usb 3-1.1: new full-speed USB device number 10 using xhci_hcd [181879.709151] usb 3-1.1: New USB device found, idVendor=1050, idProduct=0111 [181879.709154] usb 3-1.1: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [181879.709156] usb 3-1.1: Product: Yubikey NEO OTP+CCID [181879.709158] usb 3-1.1: Manufacturer: Yubico [181879.709258] usb 3-1.1: ep 0x81 - rounding interval to 64 microframes, ep desc says 80 microframes [181879.713385] input: Yubico Yubikey NEO OTP+CCID as /devices/pci0000:00/0000:00:04.0/0000:02:00.0/usb3/3-1/3-1.1/3-1.1:1.0/input/input19 [181879.713482] hid-generic 0003:1050:0111.0008: input,hidraw4: USB HID v1.10 Keyboard [Yubico Yubikey NEO OTP+CCID] on usb-0000:02:00.0-1.1/input0
# gpg --card-edit gpg: WARNING: unsafe ownership on configuration file `/home/rday/.gnupg/gpg.conf' Application ID ...: D2760001240102000000000000010000 Version ..........: 2.0 Manufacturer .....: test card Serial number ....: 00000001 Name of cardholder: [not set] Language prefs ...: [not set] Sex ..............: unspecified URL of public key : [not set] Login data .......: [not set] Signature PIN ....: forced Key attributes ...: 2048R 2048R 2048R Max. PIN lengths .: 127 127 127 PIN retry counter : 3 3 3 Signature counter : 0 Signature key ....: [none] Encryption key....: [none] Authentication key: [none] General key info..: [none] gpg/card>
gpg/card> admin Admin commands are allowed
gpg/card> generate
Please note that the factory settings of the PINs are
PIN = `123456' Admin PIN = `12345678'
You should change them using the command --change-pin
gpg: 2 Admin PIN attempts remaining before card is permanently locked
Please enter the Admin PIN
[remaining attempts: 2]
Please enter the PIN
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 10y
Key expires at Thu 07 Dec 2023 03:40:08 PM PST
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
Real name: Ryan Finnin Day
Email address: rday@linuxfoundation.org
Comment:
You selected this USER-ID:
"Ryan Finnin Day <rday@linuxfoundation.org>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
gpg: generating new key
gpg: please wait while key is being generated ...
gpg: key generation completed (19 seconds)
gpg: signatures created so far: 0
gpg: generating new key
gpg: please wait while key is being generated ...
gpg: key generation completed (5 seconds)
gpg: signatures created so far: 1
gpg: signatures created so far: 2
gpg: generating new key
gpg: please wait while key is being generated ...
gpg: key generation completed (31 seconds)
gpg: signatures created so far: 3
gpg: signatures created so far: 4
gpg: key 63653EEA marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 2 signed: 1 trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: depth: 1 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 1f, 0u
gpg: next trustdb check due at 2016-08-30
pub 2048R/63653EEA 2013-12-09 [expires: 2023-12-07]
Key fingerprint = 7EE4 87A9 B882 430B AB64 B084 1EFA B084 6365 3EEA
uid Ryan Finnin Day <rday@linuxfoundation.org>
sub 2048R/E9B34A77 2013-12-09 [expires: 2023-12-07]
sub 2048R/47FE850E 2013-12-09 [expires: 2023-12-07]
gpg/card>
configure gnome
Install dependencies
# apt-get install gnupg-agent # apt-get install pcscd # apt-get install pgpsm