blob: 90aa2f9d9fdf8e85e484ea425915de85b63a2f58 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
***********
GPG Cards
***********
Card setup
==========
Settings
--------
The initial setup of a new card involves changing the settings.
Enter the command interaction mode of gpg with the command ``gpg
--card-edit``.
Then enter admin mode and change the name::
gpg/card> admin
Admin commands are allowed
gpg/card> name
Cardholder's surname: <Surname>
Cardholder's given name: <Name>
you will have to enter the admin PIN; your card will have details on the
default.
optionally also change other options::
gpg/card> lang
Language preferences: en
gpg/card> url
URL to retrieve public key: <URL for your public key>
gpg/card> login
Login data (account name): <your login name>
gpg/card> salutation
Salutation (M = Mr., F = Ms., or space):
and quit to save the data on the card::
gpg/card> quit
Moving the subkeys to the card
------------------------------
In this step the subkeys currently on the computer will be moved to the
card *and removed from the PC*. Please make sure that you have an
(offline) copy elsewhere, as they can't be recovered from the card.
Enter the key editing mode with ``gpg --edit-key <your_key_id>`` and
select the subkey with ``usage: S``, transfer it to the card and then
toggle it again to unselected::
gpg> key 2
gpg> keytocard
Please select where to store the key:
(1) Signature key
(3) Authentication key
Your selection? 1
gpg> key 2
Then
Changing the PINs
-----------------
This is done last, because on some cards it is necessary to have a key
on the card before the PINs can be changed from the defaults.
To change the PINs, enter again the command interaction mode of gpg with
the command ``gpg --card-edit``, and change first the admin PIN and then
the PIN::
gpg/card> admin
Admin commands are allowed
gpg/card> passwd
gpg: OpenPGP card no. D276000124010200FFFFFFFFFFFF0000 detected
1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit
Your selection? 3
PIN changed.
1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit
Your selection? 1
Gnuk
====
For the Gnuk the default PINs are 123456 and 12345678 for the Admin PIN.
Changing the PIN before the Admin PIN will enter a custom Admin less
mode where the Admin PIN is the same as the PIN: in this case the lenght
should be at least 8 characters, and there won't be an option to unlock
a card after getting the PIN wrong 3 times.
See also
========
* https://web.archive.org/web/20150502182337/http://nodonogard.blogspot.com/2014/08/writting-gnuk-binary-to-fst-01-using-st.html
* https://www.earth.li/~noodles/blog/2017/02/gnuk-on-maple-mini.html
* https://www.earth.li/~noodles/blog/2015/08/program-fst01-with-buspirate.html
..
vim: set filetype=rst:
|
