diff options
| author | drduh <github@duh.to> | 2019-09-17 01:21:19 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-09-17 01:21:19 +0000 |
| commit | 57e712b830eeff129fb7417f09e6bfa87faee24c (patch) | |
| tree | 6342530ad60295d26ab6cf7462ae6c5810a80d11 /README.md | |
| parent | Merge pull request #127 from vorburger/patch-3 (diff) | |
| parent | fix link to YubiKey (non-NEO) Manager (fixes #124) (diff) | |
| download | YubiKey-Guide-57e712b830eeff129fb7417f09e6bfa87faee24c.tar.gz | |
Merge pull request #129 from vorburger/patch-5
fix link to YubiKey (non-NEO) Manager (fixes #124)
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -1060,7 +1060,7 @@ $ gpg --armor --export $KEYID | doas tee /mnt/public/$KEYID.txt # Configure Smartcard -**Windows** Use the [YubiKey NEO Manager](https://www.yubico.com/products/services-software/download/yubikey-neo-manager/) to enable CCID functionality. +**Windows** Use the [YubiKey Manager](https://developers.yubico.com/yubikey-manager) application (note, this not the similarly named older YubiKey NEO Manager) to enable CCID functionality. Use GPG to configure YubiKey as a smartcard: @@ -2016,7 +2016,7 @@ scd apdu 00 44 00 00 # Notes -1. YubiKey has two configurations: one invoked with a short press, and the other with a long press. By default, the short-press mode is configured for HID OTP - a brief touch will emit an OTP string starting with `cccccccc`. If you rarely use the OTP mode, you can swap it to the second configuration via the YubiKey Personalization tool. If you *never* use OTP, you can disable it entirely using the [YubiKey Manager](https://developers.yubico.com/yubikey-manager) application (note, this not the similarly named YubiKey NEO Manager). +1. YubiKey has two configurations: one invoked with a short press, and the other with a long press. By default, the short-press mode is configured for HID OTP - a brief touch will emit an OTP string starting with `cccccccc`. If you rarely use the OTP mode, you can swap it to the second configuration via the YubiKey Personalization tool. If you *never* use OTP, you can disable it entirely using the [YubiKey Manager](https://developers.yubico.com/yubikey-manager) application (note, this not the similarly named older YubiKey NEO Manager). 1. Programming YubiKey for GPG keys still lets you use its other configurations - [U2F](https://en.wikipedia.org/wiki/Universal_2nd_Factor), [OTP](https://www.yubico.com/faq/what-is-a-one-time-password-otp/) and [static password](https://www.yubico.com/products/services-software/personalization-tools/static-password/) modes, for example. 1. Setting an expiry essentially forces you to manage your subkeys and announces to the rest of the world that you are doing so. Setting an expiry on a primary key is ineffective for protecting the key from loss - whoever has the primary key can simply extend its expiry period. Revocation certificates are [better suited](https://security.stackexchange.com/questions/14718/does-openpgp-key-expiration-add-to-security/79386#79386) for this purpose. It may be appropriate for your use case to set expiry dates on subkeys. 1. To switch between two or more identities on different keys - unplug the first key and restart gpg-agent, ssh-agent and pinentry with `pkill gpg-agent ; pkill ssh-agent ; pkill pinentry ; eval $(gpg-agent --daemon --enable-ssh-support)`, then plug in the other key and run `gpg-connect-agent updatestartuptty /bye` - then it should be ready for use. |