From 6272fc418104a7e6c3d2dbab647274fe1a10b39b Mon Sep 17 00:00:00 2001 From: drduh Date: Sun, 17 Mar 2024 17:22:15 -0700 Subject: Install yubikey-manager directly on Debian --- README.md | 44 +++++--------------------------------------- 1 file changed, 5 insertions(+), 39 deletions(-) diff --git a/README.md b/README.md index 0ec101d..c21fb1a 100644 --- a/README.md +++ b/README.md @@ -215,7 +215,7 @@ sudo apt -y upgrade sudo apt -y install \ wget gnupg2 gnupg-agent dirmngr \ cryptsetup scdaemon pcscd \ - yubikey-personalization + yubikey-personalization yubikey-manager ``` **Note** Live Ubuntu images [may require modification](https://github.com/drduh/YubiKey-Guide/issues/116) to `/etc/apt/sources.list` and may need additional packages: @@ -224,26 +224,6 @@ sudo apt -y install \ sudo apt -y install libssl-dev swig libpcsclite-dev ``` -**Optional** Install the `ykman` utility, which will allow you to enable touch policies (requires admin PIN): - -```console -sudo apt -y install python3-pip python3-pyscard - -pip3 install PyOpenSSL - -pip3 install yubikey-manager - -sudo service pcscd start - -~/.local/bin/ykman openpgp info -``` - -**Note** Debian does not recommend installing non-Debian packaged Python applications globally. But fortunately, it is not necessary as `yubikey-manager` is available in the stable main repository: - -```console -sudo apt install -y yubikey-manager -``` - **OpenBSD** ```console @@ -581,8 +561,6 @@ sudo mkfs.ext2 /dev/mapper/gnupg-secrets -L gnupg-$(date +F) Mount the filesystem and copy the temporary GnuPG working directory exported key materials: ```console -sudo mkdir /mnt/encrypted-storage - sudo mount /dev/mapper/gnupg-secrets /mnt/encrypted-storage sudo cp -av $GNUPGHOME /mnt/encrypted-storage/ @@ -669,8 +647,6 @@ $ doas newfs sd3i Mount the filesystem and copy the temporary directory with the keyring: ```console -doas mkdir /mnt/encrypted-storage - doas mount /dev/sd3i /mnt/encrypted-storage doas cp -av $GNUPGHOME /mnt/encrypted-storage @@ -696,9 +672,7 @@ Create another partition on the portable storage device to store the public key, **Linux** -Using the same `/dev/sdc` device as in the previous step: - -Create a small (20 Mb is more than enough) partition for storing secret materials: +Using the same `/dev/sdc` device as in the previous step, create a small (at least 20 Mb is recommended) partition for storing materials: ```console sudo fdisk /dev/sdc <