9.1.1. Installing the necessary tools
sudo yum install libykneomgr pcsc-lite pcsc-tools gnupg2 gnupg2-smime --enablerepo=updates-testing
sudo systemctl start pcscd.service pcscd.socket
sudo systemctl enable pcscd.service pcscd.socket
ykneomgr -a
, then copy the first 12 characters of last key to the clipboard.
ykneomgr -D d27600012401
, and then it should return with no output. This deletes the version of the OpenPGP applet that is on the card.
ykneomgr -i /tmp/ykneo-openpgp-1.0.5.cap
to install the new version of the OpenPGP applet.
gpg --card-status
to make sure GPG can see and talk to the card.
gpg: detected reader `Yubico Yubikey NEO OTP+CCID 00 00'
Application ID ...: D2760001240102000000000000010000
Version ..........: 2.0
Manufacturer .....: test card
Serial number ....: 00000001
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 0
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]
gpg --card-edit
to edit the settings on the card.
admin
to turn on admin mode, do 1 and 3, and set a pin for each. Can be alpha-numeric.
q
to quit.
name
to add your name.
lang
to set your language (en
for example).
sex
to set your gender.
quit
to quit.
9.1.2. Creating the key on the Yubikey Neo
gpg --edit-key key-id
addcardkey
to generate a new key on the Yubikey Neo
Select Signature key
.
Enter the PIN
Unlock your master key
Specify the expiration date for your key -- and yes, please set an expiration date. You can always edit the key and
We can't write to the card from gpg itself, so let's switch to gpg2. First, make sure that gpg2 can see your card by running gpg2 --card-status
. If it can't see your card, you probably forgot to install the gnupg2-smime package.
Run sudo gpg2 --no-default-keyring --keyring ~/.gnupg/pubring.gpg --secret-keyring ~/.gnupg/secring.gpg --edit-key key-id
toggle
to switch between public key and secret key
Subkeys are numbered starting with 1, so type key 2
to select the 2nd subkey. Now you'll notice a *
next to the key.
keytocard
to write the key to the Yubikey Neo.