Merge pull request #285 from jaeha-choi/master

Add Key Derived Function (KDF) setting
author: drduh <github@duh.to> 2021-10-24 10:53:28 -0700
committer: GitHub <noreply@github.com> 2021-10-24 10:53:28 -0700
commit: 1c1e76623fb8e0e834fcfb301d1dd4b82abf9fc5 (patch)
tree: 7002bc62bdfd1fa90f6f8b60296804d71d013c7a /README.md
parent: Merge pull request #284 from jsoref/grammar (diff)
parent: Add note about KDF (diff)
download: YubiKey-Guide-1c1e76623fb8e0e834fcfb301d1dd4b82abf9fc5.tar.gz
1 files changed, 14 insertions, 3 deletions
diff --git a/README.md b/README.md
index ad69244..414e2c7 100644
--- a/README.md
+++ b/README.md
@@ -36,6 +36,7 @@ If you have a comment or suggestion, please open an [Issue](https://github.com/d
 - [Export public keys](#export-public-keys)
 - [Configure Smartcard](#configure-smartcard)
   * [Change PIN](#change-pin)
+  * [Enable KDF](#enable-kdf)
   * [Set information](#set-information)
 - [Transfer keys](#transfer-keys)
   * [Signing](#signing-1)
@@ -1274,6 +1275,7 @@ Key attributes ...: rsa2048 rsa2048 rsa2048
 Max. PIN lengths .: 127 127 127
 PIN retry counter : 3 0 3
 Signature counter : 0
+KDF setting ......: off
 Signature key ....: [none]
 Encryption key....: [none]
 Authentication key: [none]
@@ -1286,6 +1288,16 @@ General key info..: [none]
 
 Use the [YubiKey Manager](https://developers.yubico.com/yubikey-manager) application (note, this is not the similarly named older YubiKey NEO Manager) to enable CCID functionality.
 
+## Enable KDF
+Key Derived Function (KDF) enables YubiKey to store the hash of PIN, preventing the PIN from being passed as plain text.
+
+```console
+gpg/card> admin
+Admin commands are allowed
+
+gpg/card> kdf-setup
+```
+
 ## Change PIN
 
 The [GPG interface](https://developers.yubico.com/PGP/) is separate from other modules on a Yubikey such as the [PIV interface](https://developers.yubico.com/PIV/Introduction/YubiKey_and_PIV.html). The GPG interface has its own *PIN*, *Admin PIN*, and *Reset Code* - these should be changed from default values!
@@ -1305,9 +1317,6 @@ Values are valid up to 127 ASCII characters and must be at least 6 (*PIN*) or 8
 To update the GPG PINs on the Yubikey:
 
 ```console
-gpg/card> admin
-Admin commands are allowed
-
 gpg/card> passwd
 gpg: OpenPGP card no. D2760001240102010006055532110000 detected
 
@@ -1376,6 +1385,7 @@ Key attributes ...: rsa2048 rsa2048 rsa2048
 Max. PIN lengths .: 127 127 127
 PIN retry counter : 3 0 3
 Signature counter : 0
+KDF setting ......: on
 Signature key ....: [none]
 Encryption key....: [none]
 Authentication key: [none]
@@ -1681,6 +1691,7 @@ Key attributes ...: rsa4096 rsa4096 rsa4096
 Max. PIN lengths .: 127 127 127
 PIN retry counter : 3 3 3
 Signature counter : 0
+KDF setting ......: on
 Signature key ....: 07AA 7735 E502 C5EB E09E  B8B0 BECF A3C1 AE19 1D15
       created ....: 2016-05-24 23:22:01
 Encryption key....: 6F26 6F46 845B BEB8 BDF3  7E9B 5912 A795 E90D D2CF
author	drduh <github@duh.to>	2021-10-24 10:53:28 -0700
committer	GitHub <noreply@github.com>	2021-10-24 10:53:28 -0700
commit	1c1e76623fb8e0e834fcfb301d1dd4b82abf9fc5 (patch)
tree	7002bc62bdfd1fa90f6f8b60296804d71d013c7a /README.md
parent	Merge pull request #284 from jsoref/grammar (diff)
parent	Add note about KDF (diff)
download	YubiKey-Guide-1c1e76623fb8e0e834fcfb301d1dd4b82abf9fc5.tar.gz