Tom wrote:
Automatic wrote:
Sorry for bumping this, I just received my replacement Yubikey Neo in the mail today (Yay!), I have yet to plug it in yet as I'm a little bit scared of it dying on me again though.
Can I verify with you guys before I plug it in and start configuring it:-
1. I can change the smart-card pins with no limitations of how many times I change it (Within reason, I'm not going to change it thousands of times, maybe three or four times, just to verify it works).
Yes, you can
Automatic wrote:
2. I can change the smart-card pins to whatever I want with no limitations of characters (I'm allowed alpha? numerical? special? Unicode? Which characters are not allowed?)
yes it can be alphanumeric, not sure about unicode you have to check gpg manual
Automatic wrote:
3. I can lock the device by getting the pin (Both admin & normal) incorrect three times, and I can actually unlock it using the above 'reset applet' link, correct? It's not going to lock up on me once I get it wrong three times and be bricked again?
You can reset it only when user/admin pin are both block
Automatic wrote:
4. I can modify all the special values surrounding the smart-card (Name, public key URL, sex, etc...)
yes
Automatic wrote:
I'd rather verify this with you guys first and miss out of a day of use while waiting for you to respond than have it brick on me and have to go through this whole ordeal again. I hope you understand.
Thanks!
Thank you, I messed about quite a bit with the key and can verify I can reset the key. New issue now:-
I seem unable to generate keys on the device, or be able to overwrite them (Without resetting the entire device). Generating keys on the device (`gpg --card-edit` `generate`) gives me this (Note:- This is a
clean device, just reset):-
Code:
gpg/card> admin
Admin commands are allowed
gpg/card> generate
Make off-card backup of encryption key? (Y/n) Y
Please note that the factory settings of the PINs are
PIN = '123456' Admin PIN = '12345678'
You should change them using the command --change-pin
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 1y
Key expires at Fri 27 Nov 2015 17:30:44 GMT
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: John Doe
Email address: John@Doe.com
Comment: This is a test key
You selected this USER-ID:
"John Doe (This is a test key) <John@Doe.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
Key generation failed: Not supported
This results in:-
Code:
$ gpg --card-status
Signature key ....: 6C86 A733 8A38 0C3D 5161 EBBD 3B0A 6CA8 E53C 66F6
created ....: 2014-11-27 17:30:58
Encryption key....: [none]
Authentication key: D37E 8252 F027 BC1B 3B8F BE5C 2894 239C 03D3 1AD0
created ....: 2014-11-27 17:30:58
As you can see, no encryption key. If I then reset the applet and generate a key on my PC to import using keytocard, I can import the keys fine, but, not if there's a key already there (overwriting keys result in an error, the same error
this person is getting).
Is this normal? My assumption was I should be able to overwrite keys and generate keys on the device, not that it matters a huge deal, but, still would be nice to know.
Login
FAQ
Search
