summaryrefslogtreecommitdiff
path: root/source/desktop/gpg_cards
diff options
context:
space:
mode:
Diffstat (limited to 'source/desktop/gpg_cards')
-rw-r--r--source/desktop/gpg_cards/index.rst118
1 files changed, 118 insertions, 0 deletions
diff --git a/source/desktop/gpg_cards/index.rst b/source/desktop/gpg_cards/index.rst
new file mode 100644
index 0000000..90aa2f9
--- /dev/null
+++ b/source/desktop/gpg_cards/index.rst
@@ -0,0 +1,118 @@
+***********
+ GPG Cards
+***********
+
+Card setup
+==========
+
+Settings
+--------
+
+The initial setup of a new card involves changing the settings.
+
+Enter the command interaction mode of gpg with the command ``gpg
+--card-edit``.
+
+Then enter admin mode and change the name::
+
+ gpg/card> admin
+ Admin commands are allowed
+
+ gpg/card> name
+ Cardholder's surname: <Surname>
+ Cardholder's given name: <Name>
+
+you will have to enter the admin PIN; your card will have details on the
+default.
+
+optionally also change other options::
+
+ gpg/card> lang
+ Language preferences: en
+
+ gpg/card> url
+ URL to retrieve public key: <URL for your public key>
+
+ gpg/card> login
+ Login data (account name): <your login name>
+
+ gpg/card> salutation
+ Salutation (M = Mr., F = Ms., or space):
+
+and quit to save the data on the card::
+
+ gpg/card> quit
+
+Moving the subkeys to the card
+------------------------------
+
+In this step the subkeys currently on the computer will be moved to the
+card *and removed from the PC*. Please make sure that you have an
+(offline) copy elsewhere, as they can't be recovered from the card.
+
+Enter the key editing mode with ``gpg --edit-key <your_key_id>`` and
+select the subkey with ``usage: S``, transfer it to the card and then
+toggle it again to unselected::
+
+ gpg> key 2
+ gpg> keytocard
+ Please select where to store the key:
+ (1) Signature key
+ (3) Authentication key
+ Your selection? 1
+ gpg> key 2
+
+Then
+
+Changing the PINs
+-----------------
+
+This is done last, because on some cards it is necessary to have a key
+on the card before the PINs can be changed from the defaults.
+
+To change the PINs, enter again the command interaction mode of gpg with
+the command ``gpg --card-edit``, and change first the admin PIN and then
+the PIN::
+
+ gpg/card> admin
+ Admin commands are allowed
+
+ gpg/card> passwd
+ gpg: OpenPGP card no. D276000124010200FFFFFFFFFFFF0000 detected
+
+ 1 - change PIN
+ 2 - unblock PIN
+ 3 - change Admin PIN
+ 4 - set the Reset Code
+ Q - quit
+
+ Your selection? 3
+ PIN changed.
+
+ 1 - change PIN
+ 2 - unblock PIN
+ 3 - change Admin PIN
+ 4 - set the Reset Code
+ Q - quit
+
+ Your selection? 1
+
+Gnuk
+====
+
+For the Gnuk the default PINs are 123456 and 12345678 for the Admin PIN.
+
+Changing the PIN before the Admin PIN will enter a custom Admin less
+mode where the Admin PIN is the same as the PIN: in this case the lenght
+should be at least 8 characters, and there won't be an option to unlock
+a card after getting the PIN wrong 3 times.
+
+See also
+========
+
+* https://web.archive.org/web/20150502182337/http://nodonogard.blogspot.com/2014/08/writting-gnuk-binary-to-fst-01-using-st.html
+* https://www.earth.li/~noodles/blog/2017/02/gnuk-on-maple-mini.html
+* https://www.earth.li/~noodles/blog/2015/08/program-fst01-with-buspirate.html
+
+..
+ vim: set filetype=rst: