Im on a Mac Pro using a Yubikey NEO. I was hoping to use the NEO as my 2 factor Auth and SSH Key.
I followed a bunch of online documents on how to get this going and nothing has worked. I decided try and start from scratch but when it comes to generating a new Key Im hitting errors. All guidance would be appreciated.
Environment:
Quote:
gpg --version 2
gpg (GnuPG) 1.4.19
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
What I'm trying to do:
Quote:
nema.darban ~ gpg --card-edit
gpg: detected reader `Yubico Yubikey NEO OTP+U2F+CCID'
Application ID ...: D2760001240102000006036335900000
Version ..........: 2.0
Manufacturer .....: unknown
Serial number ....: 03633590
Name of cardholder: Nema Darban
Language prefs ...: en
Sex ..............: male
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 3
Signature key ....: E1C4 7B95 42D2 84DC F37F C5B7 2DD9 A6FC 64C9 9ABE
created ....: 2015-07-19 23:14:53
Encryption key....: [none]
Authentication key: ACAB 53B7 7C2D 917F 305E C062 7365 F926 ECFE 1364
created ....: 2015-07-19 23:14:53
General key info..: [none]
gpg/card> admin
Admin commands are allowed
gpg/card> generate
Make off-card backup of encryption key? (Y/n) y
gpg: NOTE: keys are already stored on the card!
Replace existing keys? (y/N) y
gpg: gpg-agent is not available in this session
Please enter the PIN
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 2y
Key expires at Tue Jul 18 16:16:12 2017 PDT
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
Real name: Nema Darban
Email address:
Comment:
You selected this USER-ID:
"Nema Darban"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
gpg: existing key will be replaced
gpg: 3 Admin PIN attempts remaining before card is permanently locked
Please enter the Admin PIN
gpg: please wait while key is being generated ...
gpg: key generation completed (18 seconds)
gpg: signatures created so far: 0
gpg: existing key will be replaced
gpg: please wait while key is being generated ...
gpg: key generation completed (5 seconds)
gpg: signatures created so far: 1
gpg: signatures created so far: 2
You need a Passphrase to protect your secret key.
+++++
.....+++++
gpg: writing new key
gpg: storing key onto card failed: not supported
Key generation failed: not supported
gpg/card>
Neither myself nor my coworker have been able to setup these NEOs so that we can hold our SSH keys on them and validate against them. I've only been able to use it to Authenticate against my Gmail account and LastPass.
Cheers!Statistics: Posted by smalldoorman — Mon Jul 20, 2015 12:22 am
]]>