diff options
-rw-r--r-- | README.md | 10 |
1 files changed, 5 insertions, 5 deletions
@@ -89,7 +89,7 @@ If you have a comment or suggestion, please open an [Issue](https://github.com/d # Purchase -All YubiKeys except the blue "security key" model are compatible with this guide. NEO models are limited to 2048-bit RSA keys. Compare YubiKeys [here](https://www.yubico.com/products/yubikey-hardware/compare-products-series/). Yubico have also just released a press release and blog post about supporting resident ssh keys on their Yubikeys including blue "security key 5 NFC" with OpenSSH 8.2 or later, see [here](https://www.yubico.com/blog/github-now-supports-ssh-security-keys/) for details. +All YubiKeys except the blue "security key" model are compatible with this guide. NEO models are limited to 2048-bit RSA keys. Compare YubiKeys [here](https://www.yubico.com/products/yubikey-hardware/compare-products-series/). In May 2021, Yubico also released a press release and blog post about supporting resident ssh keys on their Yubikeys including blue "security key 5 NFC" with OpenSSH 8.2 or later, see [here](https://www.yubico.com/blog/github-now-supports-ssh-security-keys/) for details. To verify a YubiKey is genuine, open a [browser with U2F support](https://support.yubico.com/support/solutions/articles/15000009591-how-to-confirm-your-yubico-device-is-genuine-with-u2f) to [https://www.yubico.com/genuine/](https://www.yubico.com/genuine/). Insert a Yubico device, and select *Verify Device* to begin the process. Touch the YubiKey when prompted, and if asked, allow it to see the make and model of the device. If you see *Verification complete*, the device is authentic. @@ -102,7 +102,7 @@ You will also need several small storage devices (microSD cards work well) for s To create cryptographic keys, a secure environment that can be reasonably assured to be free of adversarial control is recommended. Here is a general ranking of environments most to least likely to be compromised: 1. Daily-use operating system -1. Virtual machine on daily-use host OS (using [virt-manager](https://virt-manager.org/), VirtualBox, or VMWare) +1. Virtual machine on daily-use host OS (using [virt-manager](https://virt-manager.org/), VirtualBox, or VMware) 1. Separate hardened [Debian](https://www.debian.org/) or [OpenBSD](https://www.openbsd.org/) installation which can be dual booted 1. Live image, such as [Debian Live](https://www.debian.org/CD/live/) or [Tails](https://tails.boum.org/index.en.html) 1. Secure hardware/firmware ([Coreboot](https://www.coreboot.org/), [Intel ME removed](https://github.com/corna/me_cleaner)) @@ -1354,7 +1354,7 @@ Your selection? q The number of retry attempts can be changed with the following command, documented [here](https://docs.yubico.com/software/yubikey/tools/ykman/OpenPGP_Commands.html#ykman-openpgp-access-set-retries-options-pin-retries-reset-code-retries-admin-pin-retries): ```bash -ykman openpgp access set-retries 5 5 5 +ykman openpgp set-pin-retries 5 5 5 ``` ## Set information @@ -2394,7 +2394,7 @@ Create `$HOME/Library/LaunchAgents/gnupg.gpg-agent.plist` with the following con ``` ```console -launchctl load gnupg.gpg-agent.plist +launchctl load $HOME/Library/LaunchAgents/gnupg.gpg-agent.plist ``` Create `$HOME/Library/LaunchAgents/gnupg.gpg-agent-symlink.plist` with the following contens: @@ -2419,7 +2419,7 @@ Create `$HOME/Library/LaunchAgents/gnupg.gpg-agent-symlink.plist` with the follo ``` ```console -launchctl load gnupg.gpg-agent-symlink.plist +launchctl load $HOME/Library/LaunchAgents/gnupg.gpg-agent-symlink.plist ``` You will need to either reboot, or log out and log back in, in order to activate these changes. |