aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/README.md
diff options
context:
space:
mode:
authorJason Stelzer <jasonstelzer@boomi.com>2020-05-04 08:28:23 -0400
committerJason Stelzer <jasonstelzer@boomi.com>2020-05-04 08:28:23 -0400
commitaea317b5276f12c62c5f62a68e9aa082b3b14e8d (patch)
treef9d3847a36f51efd836605b45428ee5e3a109611 /README.md
parentGPG keys on multiple computers (diff)
downloadYubiKey-Guide-aea317b5276f12c62c5f62a68e9aa082b3b14e8d.tar.gz
Clarified wording
Diffstat (limited to '')
-rw-r--r--README.md2
1 files changed, 1 insertions, 1 deletions
diff --git a/README.md b/README.md
index 129d397..352b46b 100644
--- a/README.md
+++ b/README.md
@@ -2330,7 +2330,7 @@ Admin PIN: 12345678
1. Programming YubiKey for GPG keys still lets you use its other configurations - [U2F](https://en.wikipedia.org/wiki/Universal_2nd_Factor), [OTP](https://www.yubico.com/faq/what-is-a-one-time-password-otp/) and [static password](https://www.yubico.com/products/services-software/personalization-tools/static-password/) modes, for example.
1. Setting an expiry essentially forces you to manage your subkeys and announces to the rest of the world that you are doing so. Setting an expiry on a primary key is ineffective for protecting the key from loss - whoever has the primary key can simply extend its expiry period. Revocation certificates are [better suited](https://security.stackexchange.com/questions/14718/does-openpgp-key-expiration-add-to-security/79386#79386) for this purpose. It may be appropriate for your use case to set expiry dates on subkeys.
1. To switch between two or more identities on different keys - unplug the first key and restart gpg-agent, ssh-agent and pinentry with `pkill gpg-agent ; pkill ssh-agent ; pkill pinentry ; eval $(gpg-agent --daemon --enable-ssh-support)`, then plug in the other key and run `gpg-connect-agent updatestartuptty /bye` - then it should be ready for use.
-1. To use yubikeys on more than one computer with gpg: After the initial setup, import the public keys on the second workstation. Confirm gpg can see the card via `gpg --card-status`, Trust them ultimately (as above). At this point `gpg --list-secret-keys` should show your (trusted) key.
+1. To use yubikeys on more than one computer with gpg: After the initial setup, import the public keys on the second workstation. Confirm gpg can see the card via `gpg --card-status`, Trust the public keys you imported ultimately (as above). At this point `gpg --list-secret-keys` should show your (trusted) key.
# Troubleshooting