From cd1bd59c54cc69f30b184cb9f8157453b64b2d04 Mon Sep 17 00:00:00 2001 From: Elena ``of Valhalla'' Grandi Date: Fri, 2 Aug 2024 16:02:09 +0200 Subject: Start article on gpg cards --- source/desktop/gpg_cards/index.rst | 118 +++++++++++++++++++++++++++++++++++++ source/desktop/index.rst | 1 + 2 files changed, 119 insertions(+) create mode 100644 source/desktop/gpg_cards/index.rst diff --git a/source/desktop/gpg_cards/index.rst b/source/desktop/gpg_cards/index.rst new file mode 100644 index 0000000..90aa2f9 --- /dev/null +++ b/source/desktop/gpg_cards/index.rst @@ -0,0 +1,118 @@ +*********** + GPG Cards +*********** + +Card setup +========== + +Settings +-------- + +The initial setup of a new card involves changing the settings. + +Enter the command interaction mode of gpg with the command ``gpg +--card-edit``. + +Then enter admin mode and change the name:: + + gpg/card> admin + Admin commands are allowed + + gpg/card> name + Cardholder's surname: + Cardholder's given name: + +you will have to enter the admin PIN; your card will have details on the +default. + +optionally also change other options:: + + gpg/card> lang + Language preferences: en + + gpg/card> url + URL to retrieve public key: + + gpg/card> login + Login data (account name): + + gpg/card> salutation + Salutation (M = Mr., F = Ms., or space): + +and quit to save the data on the card:: + + gpg/card> quit + +Moving the subkeys to the card +------------------------------ + +In this step the subkeys currently on the computer will be moved to the +card *and removed from the PC*. Please make sure that you have an +(offline) copy elsewhere, as they can't be recovered from the card. + +Enter the key editing mode with ``gpg --edit-key `` and +select the subkey with ``usage: S``, transfer it to the card and then +toggle it again to unselected:: + + gpg> key 2 + gpg> keytocard + Please select where to store the key: + (1) Signature key + (3) Authentication key + Your selection? 1 + gpg> key 2 + +Then + +Changing the PINs +----------------- + +This is done last, because on some cards it is necessary to have a key +on the card before the PINs can be changed from the defaults. + +To change the PINs, enter again the command interaction mode of gpg with +the command ``gpg --card-edit``, and change first the admin PIN and then +the PIN:: + + gpg/card> admin + Admin commands are allowed + + gpg/card> passwd + gpg: OpenPGP card no. D276000124010200FFFFFFFFFFFF0000 detected + + 1 - change PIN + 2 - unblock PIN + 3 - change Admin PIN + 4 - set the Reset Code + Q - quit + + Your selection? 3 + PIN changed. + + 1 - change PIN + 2 - unblock PIN + 3 - change Admin PIN + 4 - set the Reset Code + Q - quit + + Your selection? 1 + +Gnuk +==== + +For the Gnuk the default PINs are 123456 and 12345678 for the Admin PIN. + +Changing the PIN before the Admin PIN will enter a custom Admin less +mode where the Admin PIN is the same as the PIN: in this case the lenght +should be at least 8 characters, and there won't be an option to unlock +a card after getting the PIN wrong 3 times. + +See also +======== + +* https://web.archive.org/web/20150502182337/http://nodonogard.blogspot.com/2014/08/writting-gnuk-binary-to-fst-01-using-st.html +* https://www.earth.li/~noodles/blog/2017/02/gnuk-on-maple-mini.html +* https://www.earth.li/~noodles/blog/2015/08/program-fst01-with-buspirate.html + +.. + vim: set filetype=rst: diff --git a/source/desktop/index.rst b/source/desktop/index.rst index ed85ece..5842fd6 100644 --- a/source/desktop/index.rst +++ b/source/desktop/index.rst @@ -7,3 +7,4 @@ :caption: Contents: command_line_printing/index + gpg_cards/index -- cgit v1.2.3