diff options
| author | drduh <github@duh.to> | 2021-10-24 11:08:50 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-10-24 11:08:50 -0700 |
| commit | fe6434577bce964aefd33d5e085d6ac0008e17ce (patch) | |
| tree | b771145327600837abe4aeab8e7ec05ff8ff4d8a /README.md | |
| parent | Merge pull request #290 from NiklasMerz/mac-m1 (diff) | |
| parent | Add TOC entry, fix link (diff) | |
| download | YubiKey-Guide-fe6434577bce964aefd33d5e085d6ac0008e17ce.tar.gz | |
Merge pull request #291 from gaffneyd4/improve-recovery-guide
Added clearer recovery options
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 9 |
1 files changed, 8 insertions, 1 deletions
@@ -80,6 +80,7 @@ If you have a comment or suggestion, please open an [Issue](https://github.com/d * [Mailvelope on macOS](#mailvelope-on-macos) * [Mutt](#mutt) - [Reset](#reset) +- [Recovery after reset](#recovery-after-reset) - [Notes](#notes) - [Troubleshooting](#troubleshooting) - [Alternatives](#alternatives) @@ -2647,7 +2648,7 @@ To enable GnuPG support, one can just use the config file `gpg.rc` provided by m If PIN attempts are exceeded, the card is locked and must be [reset](https://developers.yubico.com/ykneo-openpgp/ResetApplet.html) and set up again using the encrypted backup. -Copy the following script to a file and run `gpg-connect-agent --run $file` to lock and terminate the card. Then re-insert YubiKey to reset. +Copy the following script to a file and run `gpg-connect-agent -r $file` to lock and terminate the card. Then re-insert YubiKey to reset. ```console /hex @@ -2677,6 +2678,12 @@ Reset code: NOT SET Admin PIN: 12345678 ``` +# Recovery after reset + +If for whatever reason you need to reinstate your YubiKey from your master key backup (such as the one stored on an encrypted USB described in [Backup](#backup)), follow the following steps in [Rotating keys](#rotating-keys) to setup your environment, and then follow the steps of again [Configure Smartcard](#configure-smartcard). + +Before you unmount your backup, ask yourself if you should make another one just in case. + # Notes 1. YubiKey has two configurations: one invoked with a short press, and the other with a long press. By default, the short-press mode is configured for HID OTP - a brief touch will emit an OTP string starting with `cccccccc`. If you rarely use the OTP mode, you can swap it to the second configuration via the YubiKey Personalization tool. If you *never* use OTP, you can disable it entirely using the [YubiKey Manager](https://developers.yubico.com/yubikey-manager) application (note, this not the similarly named older YubiKey NEO Manager). |