Difference between revisions of "Yubikey"
From Finninday
(→setup as pgp key) |
(→setup as pgp key) |
||
| Line 83: | Line 83: | ||
[181879.713385] input: Yubico Yubikey NEO OTP+CCID as /devices/pci0000:00/0000:00:04.0/0000:02:00.0/usb3/3-1/3-1.1/3-1.1:1.0/input/input19 | [181879.713385] input: Yubico Yubikey NEO OTP+CCID as /devices/pci0000:00/0000:00:04.0/0000:02:00.0/usb3/3-1/3-1.1/3-1.1:1.0/input/input19 | ||
[181879.713482] hid-generic 0003:1050:0111.0008: input,hidraw4: USB HID v1.10 Keyboard [Yubico Yubikey NEO OTP+CCID] on usb-0000:02:00.0-1.1/input0 | [181879.713482] hid-generic 0003:1050:0111.0008: input,hidraw4: USB HID v1.10 Keyboard [Yubico Yubikey NEO OTP+CCID] on usb-0000:02:00.0-1.1/input0 | ||
| + | </pre> | ||
| + | |||
| + | <pre> | ||
| + | # gpg --card-edit | ||
| + | gpg: WARNING: unsafe ownership on configuration file `/home/rday/.gnupg/gpg.conf' | ||
| + | |||
| + | Application ID ...: D2760001240102000000000000010000 | ||
| + | Version ..........: 2.0 | ||
| + | Manufacturer .....: test card | ||
| + | Serial number ....: 00000001 | ||
| + | Name of cardholder: [not set] | ||
| + | Language prefs ...: [not set] | ||
| + | Sex ..............: unspecified | ||
| + | URL of public key : [not set] | ||
| + | Login data .......: [not set] | ||
| + | Signature PIN ....: forced | ||
| + | Key attributes ...: 2048R 2048R 2048R | ||
| + | Max. PIN lengths .: 127 127 127 | ||
| + | PIN retry counter : 3 3 3 | ||
| + | Signature counter : 0 | ||
| + | Signature key ....: [none] | ||
| + | Encryption key....: [none] | ||
| + | Authentication key: [none] | ||
| + | General key info..: [none] | ||
| + | |||
| + | gpg/card> | ||
| + | </pre> | ||
| + | |||
| + | <pre> | ||
| + | gpg/card> admin | ||
| + | Admin commands are allowed | ||
| + | </pre> | ||
| + | |||
| + | <pre> | ||
| + | gpg/card> generate | ||
| + | |||
| + | Please note that the factory settings of the PINs are | ||
| + | PIN = `123456' Admin PIN = `12345678' | ||
| + | You should change them using the command --change-pin | ||
| + | |||
| + | gpg: gpg-agent is not available in this session | ||
| + | gpg: 3 Admin PIN attempts remaining before card is permanently locked | ||
| + | |||
| + | Please enter the Admin PIN | ||
</pre> | </pre> | ||
====configure gnome==== | ====configure gnome==== | ||
* https://github.com/herlo/ssh-gpg-smartcard-config | * https://github.com/herlo/ssh-gpg-smartcard-config | ||
Revision as of 23:22, 9 December 2013
Contents
setup
buy it
plug it in
dmesg says:
[176545.484426] usb 3-1.1: new full-speed USB device number 9 using xhci_hcd [176545.506841] usb 3-1.1: New USB device found, idVendor=1050, idProduct=0110 [176545.506844] usb 3-1.1: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [176545.506847] usb 3-1.1: Product: Yubikey NEO OTP [176545.506848] usb 3-1.1: Manufacturer: Yubico [176545.506954] usb 3-1.1: ep 0x81 - rounding interval to 64 microframes, ep desc says 80 microframes [176545.511076] input: Yubico Yubikey NEO OTP as /devices/pci0000:00/0000:00:04.0/0000:02:00.0/usb3/3-1/3-1.1/3-1.1:1.0/input/input16 [176545.511167] hid-generic 0003:1050:0110.0005: input,hidraw4: USB HID v1.10 Keyboard [Yubico Yubikey NEO OTP] on usb-0000:02:00.0-1.1/input0
install yubikey utilities and libraries
The first thing it tells you is to install and run ykpersonalize:
- download, unpack
./configure
Fails with this error:
checking for libyubikey... no configure: error: libyubikey v1.5+ not found, see http://code.google.com/p/yubico-c/
- apt-get install libyubikey-dev
- apt-get install pkg-config (already present)
- apt-get install libusb-1.0-0-dev
- apt-get install libjson0-dev (optional)
./configure
success.
make sudo make install
Now ykinfo should work but fails like this:
# ykinfo ykinfo: error while loading shared libraries: libykpers-1.so.1: cannot open shared object file: No such file or directory
Need to run ldconfig to pick up changes
ldconfig
# ykinfo -v version: 3.1.2
install yubico-c
https://github.com/Yubico/yubico-c
- download the zip from github
- unpack
- make -f simple.mk check
OK, the command line tools now work and tests pass for modhex, ykparse, ykgenerate.
setup as pgp key
# ykpersonalize -m82 Firmware version 3.1.2 Touch level 1285 Program sequence 1 The USB mode will be set to: 0x82 Commit? (y/n) [n]: y
- remove and re-insert the yubikey
look for CCID in the dmesg output:
[181879.686402] usb 3-1.1: new full-speed USB device number 10 using xhci_hcd [181879.709151] usb 3-1.1: New USB device found, idVendor=1050, idProduct=0111 [181879.709154] usb 3-1.1: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [181879.709156] usb 3-1.1: Product: Yubikey NEO OTP+CCID [181879.709158] usb 3-1.1: Manufacturer: Yubico [181879.709258] usb 3-1.1: ep 0x81 - rounding interval to 64 microframes, ep desc says 80 microframes [181879.713385] input: Yubico Yubikey NEO OTP+CCID as /devices/pci0000:00/0000:00:04.0/0000:02:00.0/usb3/3-1/3-1.1/3-1.1:1.0/input/input19 [181879.713482] hid-generic 0003:1050:0111.0008: input,hidraw4: USB HID v1.10 Keyboard [Yubico Yubikey NEO OTP+CCID] on usb-0000:02:00.0-1.1/input0
# gpg --card-edit gpg: WARNING: unsafe ownership on configuration file `/home/rday/.gnupg/gpg.conf' Application ID ...: D2760001240102000000000000010000 Version ..........: 2.0 Manufacturer .....: test card Serial number ....: 00000001 Name of cardholder: [not set] Language prefs ...: [not set] Sex ..............: unspecified URL of public key : [not set] Login data .......: [not set] Signature PIN ....: forced Key attributes ...: 2048R 2048R 2048R Max. PIN lengths .: 127 127 127 PIN retry counter : 3 3 3 Signature counter : 0 Signature key ....: [none] Encryption key....: [none] Authentication key: [none] General key info..: [none] gpg/card>
gpg/card> admin Admin commands are allowed
gpg/card> generate Please note that the factory settings of the PINs are PIN = `123456' Admin PIN = `12345678' You should change them using the command --change-pin gpg: gpg-agent is not available in this session gpg: 3 Admin PIN attempts remaining before card is permanently locked Please enter the Admin PIN
