mirror of
https://github.com/drduh/YubiKey-Guide.git
synced 2024-11-18 10:15:10 +00:00
Merge pull request #285 from jaeha-choi/master
Add Key Derived Function (KDF) setting
This commit is contained in:
commit
1c1e76623f
17
README.md
17
README.md
@ -36,6 +36,7 @@ If you have a comment or suggestion, please open an [Issue](https://github.com/d
|
||||
- [Export public keys](#export-public-keys)
|
||||
- [Configure Smartcard](#configure-smartcard)
|
||||
* [Change PIN](#change-pin)
|
||||
* [Enable KDF](#enable-kdf)
|
||||
* [Set information](#set-information)
|
||||
- [Transfer keys](#transfer-keys)
|
||||
* [Signing](#signing-1)
|
||||
@ -1274,6 +1275,7 @@ Key attributes ...: rsa2048 rsa2048 rsa2048
|
||||
Max. PIN lengths .: 127 127 127
|
||||
PIN retry counter : 3 0 3
|
||||
Signature counter : 0
|
||||
KDF setting ......: off
|
||||
Signature key ....: [none]
|
||||
Encryption key....: [none]
|
||||
Authentication key: [none]
|
||||
@ -1286,6 +1288,16 @@ General key info..: [none]
|
||||
|
||||
Use the [YubiKey Manager](https://developers.yubico.com/yubikey-manager) application (note, this is not the similarly named older YubiKey NEO Manager) to enable CCID functionality.
|
||||
|
||||
## Enable KDF
|
||||
Key Derived Function (KDF) enables YubiKey to store the hash of PIN, preventing the PIN from being passed as plain text.
|
||||
|
||||
```console
|
||||
gpg/card> admin
|
||||
Admin commands are allowed
|
||||
|
||||
gpg/card> kdf-setup
|
||||
```
|
||||
|
||||
## Change PIN
|
||||
|
||||
The [GPG interface](https://developers.yubico.com/PGP/) is separate from other modules on a Yubikey such as the [PIV interface](https://developers.yubico.com/PIV/Introduction/YubiKey_and_PIV.html). The GPG interface has its own *PIN*, *Admin PIN*, and *Reset Code* - these should be changed from default values!
|
||||
@ -1305,9 +1317,6 @@ Values are valid up to 127 ASCII characters and must be at least 6 (*PIN*) or 8
|
||||
To update the GPG PINs on the Yubikey:
|
||||
|
||||
```console
|
||||
gpg/card> admin
|
||||
Admin commands are allowed
|
||||
|
||||
gpg/card> passwd
|
||||
gpg: OpenPGP card no. D2760001240102010006055532110000 detected
|
||||
|
||||
@ -1376,6 +1385,7 @@ Key attributes ...: rsa2048 rsa2048 rsa2048
|
||||
Max. PIN lengths .: 127 127 127
|
||||
PIN retry counter : 3 0 3
|
||||
Signature counter : 0
|
||||
KDF setting ......: on
|
||||
Signature key ....: [none]
|
||||
Encryption key....: [none]
|
||||
Authentication key: [none]
|
||||
@ -1681,6 +1691,7 @@ Key attributes ...: rsa4096 rsa4096 rsa4096
|
||||
Max. PIN lengths .: 127 127 127
|
||||
PIN retry counter : 3 3 3
|
||||
Signature counter : 0
|
||||
KDF setting ......: on
|
||||
Signature key ....: 07AA 7735 E502 C5EB E09E B8B0 BECF A3C1 AE19 1D15
|
||||
created ....: 2016-05-24 23:22:01
|
||||
Encryption key....: 6F26 6F46 845B BEB8 BDF3 7E9B 5912 A795 E90D D2CF
|
||||
|
Loading…
Reference in New Issue
Block a user