Yubico Forum :: View topic - Completely reset PGP 'app'?

Automatic wrote:

Sorry for bumping this, I just received my replacement Yubikey Neo in the mail today (Yay!), I have yet to plug it in yet as I'm a little bit scared of it dying on me again though.

Can I verify with you guys before I plug it in and start configuring it:-

1. I can change the smart-card pins with no limitations of how many times I change it (Within reason, I'm not going to change it thousands of times, maybe three or four times, just to verify it works).

Yes, you can

Automatic wrote:

2. I can change the smart-card pins to whatever I want with no limitations of characters (I'm allowed alpha? numerical? special? Unicode? Which characters are not allowed?)

yes it can be alphanumeric, not sure about unicode you have to check gpg manual

Automatic wrote:

3. I can lock the device by getting the pin (Both admin & normal) incorrect three times, and I can actually unlock it using the above 'reset applet' link, correct? It's not going to lock up on me once I get it wrong three times and be bricked again?

You can reset it only when user/admin pin are both block

Automatic wrote:

4. I can modify all the special values surrounding the smart-card (Name, public key URL, sex, etc...)

yes

Automatic wrote:

I'd rather verify this with you guys first and miss out of a day of use while waiting for you to respond than have it brick on me and have to go through this whole ordeal again. I hope you understand.

Thanks!

gpg/card> admin
Admin commands are allowed

gpg/card> generate
Make off-card backup of encryption key? (Y/n) Y

Please note that the factory settings of the PINs are
PIN = '123456' Admin PIN = '12345678'
You should change them using the command --change-pin

Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 1y
Key expires at Fri 27 Nov 2015 17:30:44 GMT
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: John Doe
Email address: John@Doe.com
Comment: This is a test key
You selected this USER-ID:
"John Doe (This is a test key) <John@Doe.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
Key generation failed: Not supported

Author:	Automatic [ Thu Nov 27, 2014 6:46 pm ]
Post subject:	Re: Completely reset PGP 'app'?
Tom wrote: Automatic wrote: Sorry for bumping this, I just received my replacement Yubikey Neo in the mail today (Yay!), I have yet to plug it in yet as I'm a little bit scared of it dying on me again though. Can I verify with you guys before I plug it in and start configuring it:- 1. I can change the smart-card pins with no limitations of how many times I change it (Within reason, I'm not going to change it thousands of times, maybe three or four times, just to verify it works). Yes, you can Automatic wrote: 2. I can change the smart-card pins to whatever I want with no limitations of characters (I'm allowed alpha? numerical? special? Unicode? Which characters are not allowed?) yes it can be alphanumeric, not sure about unicode you have to check gpg manual Automatic wrote: 3. I can lock the device by getting the pin (Both admin & normal) incorrect three times, and I can actually unlock it using the above 'reset applet' link, correct? It's not going to lock up on me once I get it wrong three times and be bricked again? You can reset it only when user/admin pin are both block Automatic wrote: 4. I can modify all the special values surrounding the smart-card (Name, public key URL, sex, etc...) yes Automatic wrote: I'd rather verify this with you guys first and miss out of a day of use while waiting for you to respond than have it brick on me and have to go through this whole ordeal again. I hope you understand. Thanks! Thank you, I messed about quite a bit with the key and can verify I can reset the key. New issue now:- I seem unable to generate keys on the device, or be able to overwrite them (Without resetting the entire device). Generating keys on the device (`gpg --card-edit` `generate`) gives me this (Note:- This is a clean device, just reset):- Code: gpg/card> admin Admin commands are allowed gpg/card> generate Make off-card backup of encryption key? (Y/n) Y Please note that the factory settings of the PINs are PIN = '123456' Admin PIN = '12345678' You should change them using the command --change-pin Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 1y Key expires at Fri 27 Nov 2015 17:30:44 GMT Is this correct? (y/N) y GnuPG needs to construct a user ID to identify your key. Real name: John Doe Email address: John@Doe.com Comment: This is a test key You selected this USER-ID: "John Doe (This is a test key) <John@Doe.com>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O Key generation failed: Not supported This results in:- Code: $ gpg --card-status Signature key ....: 6C86 A733 8A38 0C3D 5161 EBBD 3B0A 6CA8 E53C 66F6 created ....: 2014-11-27 17:30:58 Encryption key....: [none] Authentication key: D37E 8252 F027 BC1B 3B8F BE5C 2894 239C 03D3 1AD0 created ....: 2014-11-27 17:30:58 As you can see, no encryption key. If I then reset the applet and generate a key on my PC to import using keytocard, I can import the keys fine, but, not if there's a key already there (overwriting keys result in an error, the same error this person is getting). Is this normal? My assumption was I should be able to overwrite keys and generate keys on the device, not that it matters a huge deal, but, still would be nice to know.

Author:	Tom [ Fri Nov 28, 2014 8:41 am ]
Post subject:	Re: Completely reset PGP 'app'?
are you using gpg version 2.1 ?

Author:	Automatic [ Fri Nov 28, 2014 10:06 am ]
Post subject:	Re: Completely reset PGP 'app'?
Tom wrote: are you using gpg version 2.1 ? Code: $ gpg --version gpg (GnuPG) 2.1.0 libgcrypt 1.6.2 Copyright (C) 2014 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 Yes.

Author:	Tom [ Fri Nov 28, 2014 10:41 am ]
Post subject:	Re: Completely reset PGP 'app'?
Check the manual please, genkeys was not support last time I checked. Please try with a different version of the software. Also you should be aware that you should perform your test with STABLE versions of whatever software you are planning to run unless you are aware of the latest changes.

Yubico Forum https://forum.yubico.com/

Completely reset PGP 'app'? https://forum.yubico.com/viewtopic.php?f=26&t=1603	Page 2 of 2

Page 2 of 2	All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/