We’ll choose not to make an off-card backup of the key, and to have the key expire after 1 year: $ gpg -card-edit Next, set your user PIN (factory default is 123456). It seems that it may be possible to reset this, but I have not tested this.įirst, set an admin PIN (factory default is 12345678). Note: if you enter the factory default PIN incorrectly too many times the Yubikey will become blocked. If at this stage you receive a ‘card error’, try removing and reinserting the Yubikey. Install GPG Tools for Mac: $ brew cask install gpgtools Set the Yubikey’s mode to allow concurrent OpenPGP SmartCard and OTP usage: $ ykpersonalize -m82 $ brew cask install yubikey-neo-manager yubikey-personalization-gui
Install Yubikey management tools: $ brew update This was compiled a little after I actually performed the process, so if there are any errors/omissions please let me know. This post is a combination/distillation of a handful of HOWTO guides I found useful for getting this set up. It is assumed that Homebrew and brew cask are installed. This post is written to help set this up for Macs running Yosemite or El Capitan, using Fish shell. With the private key for GPG and SSH held on the Yubikey, it is much more secure than if it were held on the local hard disk. The latter establishes a second factor for controlling access that cannot be compromised simply by theft of an SSH private key and/or use of a keylogger.
for connecting to servers, Git source control, and Heroku. SSH public-key authentication, e.g.The goal of this post is to describe the setup steps for:
0 kommentar(er)
