Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 9:06 pm

All times are UTC + 1 hour




Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 3 posts ] 
Author Message
PostPosted: Thu Apr 23, 2015 3:57 pm 
Offline

Joined: Mon Apr 13, 2015 7:39 pm
Posts: 7
I have a NEO that came with ykneo-openpgp 1.0.8 installed. I noticed on the release notes page that there are newer versions and at least one security issue has been fixed. So, I'd like to upgrade the version on my NEO.

First off, I am well aware that upgrading the applet will erase any PGP keys that are stored on the NEO. I have offline backups of my keys that I can use to reload the NEO, so I'm okay with that.

The instructions on installing CAP files are pretty good, but I am looking for a few clarifications before starting.

Since my applet is already installed with an AID that includes my serial number, do I need to change the gpinstall.txt script where it deletes the old domain to reference the unique number of my installation? In other words, should the following line be changed to refer to my specific serial number?
Code:
delete -AID D2760001240102000000000000010000
And will I still need to change the install line to include my serial number with an -instAID option?

Are there any other script changes or concerns I should be aware of when upgrading ykneo-openpgp like this?


Last edited by gweeper on Fri Apr 24, 2015 3:38 pm, edited 1 time in total.

Top
 Profile  
 

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Thu Apr 23, 2015 4:03 pm 
Offline

Joined: Mon Apr 13, 2015 7:39 pm
Posts: 7
I just noticed after posting this that two other people in the past day have asked related questions on the forum here and here.

From their discussion, it is apparent that the security keys on shipping Yubikeys are apparently not the same as the defaults used in gpinstall.txt. I suppose that is also a question that needs addressed as well, and may make the entire concept of self-upgrading not possible.

My main concern is still what can I do to upgrade my NEO to ykneo-openpgp 1.0.10 or (failing that) get a replacement NEO which has that version installed.


Top
 Profile  
 
PostPosted: Fri Apr 24, 2015 3:36 pm 
Offline

Joined: Mon Apr 13, 2015 7:39 pm
Posts: 7
Upgrading production units requires contacting customer support and exchanging Yubikeys.

More discussion here.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 3 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 8 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group