knowledge/YubiKey-Guide
1
0
Fork 0
mirror of https://github.com/drduh/YubiKey-Guide.git synced 2024-06-08 11:20:50 +00:00
Code Issues Releases Activity

Reference paper backup instructions, fix #3

Browse Source
This commit is contained in:
drduh 2017-12-18 02:44:03 +00:00 committed by GitHub
parent 6f199ec00e
commit 5d452a9190
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -27,7 +27,7 @@ If you have a comment or suggestion, please open an [issue](https://github.com/d
- [Authentication key](#authentication-key) - [Authentication key](#authentication-key)
- [Check your work](#check-your-work) - [Check your work](#check-your-work)
- [Export keys](#export-keys) - [Export keys](#export-keys)
- [Back up everything](#back-up-everything) - [Backup everything](#backup-everything)
- [Configure YubiKey](#configure-yubikey) - [Configure YubiKey](#configure-yubikey)
- [Configure smartcard](#configure-smartcard) - [Configure smartcard](#configure-smartcard)
- [Change PINs](#change-pins) - [Change PINs](#change-pins)
@ -485,10 +485,12 @@ In addition to the backup below, you might want to keep a separate copy of the
revocation certificate in a safe place: revocation certificate in a safe place:
`$GNUPGHOME/openpgp-revocs.d/<key fingerprint>.rev` `$GNUPGHOME/openpgp-revocs.d/<key fingerprint>.rev`
## Back up everything ## Backup everything
Once keys are moved to hardware, they cannot be extracted again (otherwise, what would be the point?), so make sure you have made an *encrypted* backup before proceeding. Once keys are moved to hardware, they cannot be extracted again (otherwise, what would be the point?), so make sure you have made an *encrypted* backup before proceeding.
Also consider using a [paper copy](http://www.jabberwocky.com/software/paperkey/) of the keys as an additional backup measure.
To create an encrypted USB drive, first attach it and check its label: To create an encrypted USB drive, first attach it and check its label:
$ dmesg | tail $ dmesg | tail