| | 194 | |
| | 195 | == Generate the signing and authentication subkeys == |
| | 196 | |
| | 197 | The subkeys for signing and authentication will be unique for each Yubikey. This allows the subkeys to be generated directly on the Yubikey, where the private key cannot be accessed from the computer. |
| | 198 | |
| | 199 | Before using GnuPG with the Yubikey, download the ykpersonalize tool and make sure the eject flag is set to 82 for OTP and CCID compatibility. |
| | 200 | |
| | 201 | {{{ |
| | 202 | sudo add-apt-repository ppa:yubico/stable |
| | 203 | sudo apt-get update |
| | 204 | sudo apt-get install yubikey-personalization yubikey-personalization-gui |
| | 205 | }}} |
| | 206 | |
| | 207 | {{{ |
| | 208 | ykpersonalize -m82 |
| | 209 | Firmware version 4.3.5 Touch level 517 Program sequence 1 |
| | 210 | |
| | 211 | The USB mode will be set to: 0x82 |
| | 212 | |
| | 213 | Commit? (y/n) [n]: y |
| | 214 | }}} |
