***********
 GPG Cards
***********

Card setup
==========

Settings
--------

The initial setup of a new card involves changing the settings.

Enter the command interaction mode of gpg with the command ``gpg
--card-edit``.

Then enter admin mode and change the name::

   gpg/card> admin
   Admin commands are allowed

   gpg/card> name
   Cardholder's surname: <Surname>
   Cardholder's given name: <Name>

you will have to enter the admin PIN; your card will have details on the
default.

optionally also change other options::

   gpg/card> lang
   Language preferences: en

   gpg/card> url
   URL to retrieve public key: <URL for your public key>

   gpg/card> login
   Login data (account name): <your login name>

   gpg/card> salutation
   Salutation (M = Mr., F = Ms., or space):

and quit to save the data on the card::

   gpg/card> quit

Moving the subkeys to the card
------------------------------

In this step the subkeys currently on the computer will be moved to the
card *and removed from the PC*. Please make sure that you have an
(offline) copy elsewhere, as they can't be recovered from the card.

Enter the key editing mode with ``gpg --edit-key <your_key_id>`` and
select the subkey with ``usage: S``, transfer it to the card and then
toggle it again to unselected::

   gpg> key 2
   gpg> keytocard 
   Please select where to store the key:
      (1) Signature key
      (3) Authentication key
   Your selection? 1
   gpg> key 2

Then 

Changing the PINs
-----------------

This is done last, because on some cards it is necessary to have a key
on the card before the PINs can be changed from the defaults.

To change the PINs, enter again the command interaction mode of gpg with
the command ``gpg --card-edit``, and change first the admin PIN and then
the PIN::

   gpg/card> admin
   Admin commands are allowed

   gpg/card> passwd
   gpg: OpenPGP card no. D276000124010200FFFFFFFFFFFF0000 detected

   1 - change PIN
   2 - unblock PIN
   3 - change Admin PIN
   4 - set the Reset Code
   Q - quit

   Your selection? 3
   PIN changed.

   1 - change PIN
   2 - unblock PIN
   3 - change Admin PIN
   4 - set the Reset Code
   Q - quit

   Your selection? 1

Gnuk
====

For the Gnuk the default PINs are 123456 and 12345678 for the Admin PIN.

Changing the PIN before the Admin PIN will enter a custom Admin less
mode where the Admin PIN is the same as the PIN: in this case the lenght
should be at least 8 characters, and there won't be an option to unlock
a card after getting the PIN wrong 3 times.

See also
========

* https://web.archive.org/web/20150502182337/http://nodonogard.blogspot.com/2014/08/writting-gnuk-binary-to-fst-01-using-st.html
* https://www.earth.li/~noodles/blog/2017/02/gnuk-on-maple-mini.html
* https://www.earth.li/~noodles/blog/2015/08/program-fst01-with-buspirate.html

..
   vim: set filetype=rst: