rooty/yubikey-ksm
1
0
Fork 0
mirror of https://github.com/Yubico/yubikey-ksm.git synced 2024-11-29 00:24:14 +01:00
Code Issues Projects Releases Wiki Activity
master
yubikey-ksm/doc/Generate_KSM_Key.adoc

75 lines
3.0 KiB
Plaintext
Raw Permalink Normal View History

Asciidocified docs.
2014-10-29 13:55:36 +01:00
Generate KSM Key
----------------
Import of key material to an YK-KSM is typically always done via the
OpenPGP encrypted/signed
link:Key_Provisioning_Format.adoc[Key Provisioning Format]. This setup
assumes that each YK-KSM system has a private key.
Below is a walk-through of a typical key generation session for a host
called 'crater'. As you can see at the end, it generated a key with a
key id of '8B88A11B'.
After this step you may want to generate AES keys for your YubiKeys,
see link:Generate_Keys.adoc[Generate Keys], and then import them to your
KSM, see link:Import_Keys_To_KSM.adoc[Import Keys To KSM].
[source, sh]
----
user@crater:~$ gpg --gen-key
gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection? 1
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
Real name: YK-KSM crater Import Key
Email address:
Comment:
You selected this USER-ID:
"YK-KSM crater Import Key"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
.+++++++++++++++++++++++++..+++++.+++++++++++++++++++++++++...+++++++++++++++.++++++++++.++++++++++++++++++++++++++++++++++++++++.++++++++++>++++++++++......++++++++++..++++++++++++++++++++..++++++++++++++++++++++++++++++++++++++++....+++++.+++++...+++++.++++++++++.+++++++++++++++.+++++..+++++.++++++++++.+++++++++++++++..+++++>++++++++++>+++++.................................>+++++..............+++++^^^
gpg: /home/user/.gnupg/trustdb.gpg: trustdb created
gpg: key 8B88A11B marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 1024D/8B88A11B 2009-12-14
Key fingerprint = 9B18 20A2 F02E 3C3B 84E3 44F5 AE72 7967 8B88 A11B
uid YK-KSM crater Import Key
sub 2048g/140A17F1 2009-12-14
user@crater:~$
----
Reference in New Issue Copy Permalink