Changes between Version 10 and Version 11 of gpgOnYubiKey4

Timestamp:

2017-07-29T00:33:00+02:00 (8 years ago)

Author:

Jorrit

Comment:

--

gpgOnYubiKey4

@@ -24 +24 @@
 Install pinentry-tty and modify gpg-agent.conf to get rid of annoying Gnome Shell password prompt.
 
-Create  ~/.gnupg/gpg-agent.conf with following content:
-{{{
-pinentry-program /usr/bin/pinentry-tty
+Disable annoying Gnome Shell password pop-up for gpg
+{{{
+echo "pinentry-program /usr/bin/pinentry-tty" >> ~/.gnupg/gpg-agent.conf
 }}}
 
@@ -214 +214 @@
 }}}
 
-== access the yubikey ==
-install the required dependencies
+== Create signing and authentication subkeys opn yubikey ==
+install the required dependencies first
 {{{
 apt-get install scdaemon pcscd
 }}}
+
+{{{
+gpg2 --edit-key BCA15A0BB95DC50BD20DF30E0ABF3A02F7869441
+gpg (GnuPG) 2.1.15; Copyright (C) 2016 Free Software Foundation, Inc.
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+
+Secret key is available.
+
+sec  rsa3072/0ABF3A02F7869441
+     created: 2017-07-28  expires: never       usage: C   
+     trust: ultimate      validity: ultimate
+ssb  rsa2048/DA2E2FE728D32A1C
+     created: 2017-07-28  expires: 2018-07-28  usage: E   
+[ultimate] (1). Bersih NL Administration <contact@bersih.nl>
+
+gpg> addcardkey
+Signature key ....: [none]
+Encryption key....: [none]
+Authentication key: [none]
+
+Please select the type of key to generate:
+   (1) Signature key
+   (2) Encryption key
+   (3) Authentication key
+Your selection? 1
+Please enter the PIN
+PIN: 
+What keysize do you want for the Signature key? (2048) 
+Please specify how long the key should be valid.
+         0 = key does not expire
+      <n>  = key expires in n days
+      <n>w = key expires in n weeks
+      <n>m = key expires in n months
+      <n>y = key expires in n years
+Key is valid for? (0) 1y
+Key expires at zo 29 jul 2018 00:17:37 CEST
+Is this correct? (y/N) y
+Really create? (y/N) y
+Please enter the Admin PIN
+Admin PIN: 
+Please enter the passphrase to unlock the OpenPGP secret key:
+"Bersih NL Administration <contact@bersih.nl>"
+3072-bit RSA key, ID 0ABF3A02F7869441,
+created 2017-07-28.
+
+Passphrase: 
+
+sec  rsa3072/0ABF3A02F7869441
+     created: 2017-07-28  expires: never       usage: C   
+     trust: ultimate      validity: ultimate
+ssb  rsa2048/DA2E2FE728D32A1C
+     created: 2017-07-28  expires: 2018-07-28  usage: E   
+ssb  rsa2048/A3DF39D25C12B3CE
+     created: 2017-07-28  expires: 2018-07-28  usage: S   
+     card-no: 0006 05668664
+[ultimate] (1). Bersih NL Administration <contact@bersih.nl>
+
+gpg> addcardkey
+Signature key ....: 39C2 822E 41A1 2320 4388  6492 A3DF 39D2 5C12 B3CE
+Encryption key....: [none]
+Authentication key: [none]
+
+Please select the type of key to generate:
+   (1) Signature key
+   (2) Encryption key
+   (3) Authentication key
+Your selection? 3
+What keysize do you want for the Authentication key? (2048) 
+Please specify how long the key should be valid.
+         0 = key does not expire
+      <n>  = key expires in n days
+      <n>w = key expires in n weeks
+      <n>m = key expires in n months
+      <n>y = key expires in n years
+Key is valid for? (0) 1y
+Key expires at zo 29 jul 2018 00:24:03 CEST
+Is this correct? (y/N) y
+Really create? (y/N) y
+
+sec  rsa3072/0ABF3A02F7869441
+     created: 2017-07-28  expires: never       usage: C   
+     trust: ultimate      validity: ultimate
+ssb  rsa2048/DA2E2FE728D32A1C
+     created: 2017-07-28  expires: 2018-07-28  usage: E   
+ssb  rsa2048/A3DF39D25C12B3CE
+     created: 2017-07-28  expires: 2018-07-28  usage: S   
+     card-no: 0006 05668664
+ssb  rsa2048/197D4148DB406665
+     created: 2017-07-28  expires: 2018-07-28  usage: A   
+     card-no: 0006 05668664
+[ultimate] (1). Bersih NL Administration <contact@bersih.nl>
+
+gpg> toggle
+
+sec  rsa3072/0ABF3A02F7869441
+     created: 2017-07-28  expires: never       usage: C   
+     trust: ultimate      validity: ultimate
+ssb  rsa2048/DA2E2FE728D32A1C
+     created: 2017-07-28  expires: 2018-07-28  usage: E   
+ssb  rsa2048/A3DF39D25C12B3CE
+     created: 2017-07-28  expires: 2018-07-28  usage: S   
+     card-no: 0006 05668664
+ssb  rsa2048/197D4148DB406665
+     created: 2017-07-28  expires: 2018-07-28  usage: A   
+     card-no: 0006 05668664
+[ultimate] (1). Bersih NL Administration <contact@bersih.nl>
+
+gpg> key 1
+
+sec  rsa3072/0ABF3A02F7869441
+     created: 2017-07-28  expires: never       usage: C   
+     trust: ultimate      validity: ultimate
+ssb* rsa2048/DA2E2FE728D32A1C
+     created: 2017-07-28  expires: 2018-07-28  usage: E   
+ssb  rsa2048/A3DF39D25C12B3CE
+     created: 2017-07-28  expires: 2018-07-28  usage: S   
+     card-no: 0006 05668664
+ssb  rsa2048/197D4148DB406665
+     created: 2017-07-28  expires: 2018-07-28  usage: A   
+     card-no: 0006 05668664
+[ultimate] (1). Bersih NL Administration <contact@bersih.nl>
+
+gpg> keytocard
+Please select where to store the key:
+   (2) Encryption key
+Your selection? 2
+Please enter your passphrase, so that the secret key can be unlocked for this session
+Passphrase: 
+gpg: KEYTOCARD failed: No passphrase given
+
+gpg> keytocard
+Please select where to store the key:
+   (2) Encryption key
+Your selection? 2
+Please enter your passphrase, so that the secret key can be unlocked for this session
+Passphrase: 
+
+sec  rsa3072/0ABF3A02F7869441
+     created: 2017-07-28  expires: never       usage: C   
+     trust: ultimate      validity: ultimate
+ssb* rsa2048/DA2E2FE728D32A1C
+     created: 2017-07-28  expires: 2018-07-28  usage: E   
+ssb  rsa2048/A3DF39D25C12B3CE
+     created: 2017-07-28  expires: 2018-07-28  usage: S   
+     card-no: 0006 05668664
+ssb  rsa2048/197D4148DB406665
+     created: 2017-07-28  expires: 2018-07-28  usage: A   
+     card-no: 0006 05668664
+[ultimate] (1). Bersih NL Administration <contact@bersih.nl>
+
+gpg> save
+}}}
+
+== Save and distribute the public key ==
+{{{
+gpg2 --keyserver pgp.mit.edu --send-keys BCA15A0BB95DC50BD20DF30E0ABF3A02F7869441
+}}}