yubikey
Install ykman:
brew install ykmanConfigure your 2 slot for static password:
ykman otp static 2 --keyboard-layout USThis will prompt you to enter the password you want to store in the slot but default adding the enter key at the end of the password. If you want to avoid that just add --no-enter flag, for example you can use:
ykman otp static 2 --keyboard-layout US "your password" --no-enterThe
--keyboard-layout USis to prevent gettingError: Unsupported character: xxx
You can also use the --pacing flag to add a delay between each character, for example:
ykman otp settings 2 --pacing 60🔗reset pin
To reset all data:
$ ykman piv reset
WARNING! This will delete all stored PIV data and restore factory settings. Proceed? [y/N]: y
Resetting PIV data...
Success! All PIV data have been cleared from the YubiKey.
Your YubiKey now has the default PIN, PUK and Management Key:
PIN: 123456
PUK: 12345678
Management Key: 010203040506070801020304050607080102030405060708Change the PIN from 123456 to 654321:
ykman piv access change-pin --pin 123456 --new-pin 654321Change the PUK
ykman piv change-pukGenerate a random management key and store it on the device, protected with the PIN.
ykman piv change-management-key --generate --protect🔗GPG
To reset all GPG data:
ykman openpgp resetSet the Admin and pin using:
$ gpg --edit-card
gpg/card> admin
Admin commands are allowed
gpg/card>passwdTo use the key in another system just import the public key and trust it:
$ curl -sSL https://github.com/nbari.gpg | gpg --import
$ gpg --edit-key [email protected]
trust
5
saveRestart the gpg-agent:
gpgconf --kill gpg-agent
gpgconf --kill scdaemonRemove password from gpg key to import it to yubikey.
Check: https://developers.yubico.com/PGP/Importing_keys.html