Yubikey

setup

buy it

• http://www.yubico.com/products/yubikey-hardware/yubikey-neo/

plug it in

dmesg says:

[176545.484426] usb 3-1.1: new full-speed USB device number 9 using xhci_hcd
[176545.506841] usb 3-1.1: New USB device found, idVendor=1050, idProduct=0110
[176545.506844] usb 3-1.1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[176545.506847] usb 3-1.1: Product: Yubikey NEO OTP
[176545.506848] usb 3-1.1: Manufacturer: Yubico
[176545.506954] usb 3-1.1: ep 0x81 - rounding interval to 64 microframes, ep desc says 80 microframes
[176545.511076] input: Yubico Yubikey NEO OTP as /devices/pci0000:00/0000:00:04.0/0000:02:00.0/usb3/3-1/3-1.1/3-1.1:1.0/input/input16
[176545.511167] hid-generic 0003:1050:0110.0005: input,hidraw4: USB HID v1.10 Keyboard [Yubico Yubikey NEO OTP] on usb-0000:02:00.0-1.1/input0

install yubikey utilities and libraries

• http://www.yubico.com/2012/12/yubikey-neo-openpgp/

The first thing it tells you is to install and run ykpersonalize:

• http://opensource.yubico.com/yubikey-personalization/releases.html

• • download, unpack

./configure

Fails with this error:

checking for libyubikey... no
configure: error: libyubikey v1.5+ not found, see http://code.google.com/p/yubico-c/

• apt-get install libyubikey-dev
• apt-get install pkg-config (already present)
• apt-get install libusb-1.0-0-dev
• apt-get install libjson0-dev (optional)

./configure 

success.

make
sudo make install

Now ykinfo should work but fails like this:

# ykinfo
ykinfo: error while loading shared libraries: libykpers-1.so.1: cannot open shared object file: No such file or directory

Need to run ldconfig to pick up changes

ldconfig

# ykinfo -v
version: 3.1.2

install yubico-c

https://github.com/Yubico/yubico-c

• download the zip from github
• unpack
• make -f simple.mk check

OK, the command line tools now work and tests pass for modhex, ykparse, ykgenerate.

setup as pgp key

# ykpersonalize -m82
Firmware version 3.1.2 Touch level 1285 Program sequence 1

The USB mode will be set to: 0x82

Commit? (y/n) [n]: y

• remove and re-insert the yubikey

look for CCID in the dmesg output:

[181879.686402] usb 3-1.1: new full-speed USB device number 10 using xhci_hcd
[181879.709151] usb 3-1.1: New USB device found, idVendor=1050, idProduct=0111
[181879.709154] usb 3-1.1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[181879.709156] usb 3-1.1: Product: Yubikey NEO OTP+CCID
[181879.709158] usb 3-1.1: Manufacturer: Yubico
[181879.709258] usb 3-1.1: ep 0x81 - rounding interval to 64 microframes, ep desc says 80 microframes
[181879.713385] input: Yubico Yubikey NEO OTP+CCID as /devices/pci0000:00/0000:00:04.0/0000:02:00.0/usb3/3-1/3-1.1/3-1.1:1.0/input/input19
[181879.713482] hid-generic 0003:1050:0111.0008: input,hidraw4: USB HID v1.10 Keyboard [Yubico Yubikey NEO OTP+CCID] on usb-0000:02:00.0-1.1/input0

# gpg --card-edit
gpg: WARNING: unsafe ownership on configuration file `/home/rday/.gnupg/gpg.conf'

Application ID ...: D2760001240102000000000000010000
Version ..........: 2.0
Manufacturer .....: test card
Serial number ....: 00000001
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 0
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]

gpg/card>

gpg/card> admin
Admin commands are allowed

gpg/card> generate

Please note that the factory settings of the PINs are
   PIN = `123456'     Admin PIN = `12345678'
You should change them using the command --change-pin

gpg: gpg-agent is not available in this session
gpg: 3 Admin PIN attempts remaining before card is permanently locked

Please enter the Admin PIN

configure gnome

• https://github.com/herlo/ssh-gpg-smartcard-config