mirror of
https://github.com/Yubico/yubikey-ksm.git
synced 2024-11-29 00:24:14 +01:00
75 lines
3.0 KiB
Plaintext
75 lines
3.0 KiB
Plaintext
Generate KSM Key
|
|
----------------
|
|
|
|
Import of key material to an YK-KSM is typically always done via the
|
|
OpenPGP encrypted/signed
|
|
link:Key_Provisioning_Format.adoc[Key Provisioning Format]. This setup
|
|
assumes that each YK-KSM system has a private key.
|
|
|
|
Below is a walk-through of a typical key generation session for a host
|
|
called 'crater'. As you can see at the end, it generated a key with a
|
|
key id of '8B88A11B'.
|
|
|
|
After this step you may want to generate AES keys for your YubiKeys,
|
|
see link:Generate_Keys.adoc[Generate Keys], and then import them to your
|
|
KSM, see link:Import_Keys_To_KSM.adoc[Import Keys To KSM].
|
|
|
|
[source, sh]
|
|
----
|
|
user@crater:~$ gpg --gen-key
|
|
gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
|
|
This is free software: you are free to change and redistribute it.
|
|
There is NO WARRANTY, to the extent permitted by law.
|
|
|
|
Please select what kind of key you want:
|
|
(1) DSA and Elgamal (default)
|
|
(2) DSA (sign only)
|
|
(5) RSA (sign only)
|
|
Your selection? 1
|
|
DSA keypair will have 1024 bits.
|
|
ELG-E keys may be between 1024 and 4096 bits long.
|
|
What keysize do you want? (2048)
|
|
Requested keysize is 2048 bits
|
|
Please specify how long the key should be valid.
|
|
0 = key does not expire
|
|
<n> = key expires in n days
|
|
<n>w = key expires in n weeks
|
|
<n>m = key expires in n months
|
|
<n>y = key expires in n years
|
|
Key is valid for? (0)
|
|
Key does not expire at all
|
|
Is this correct? (y/N) y
|
|
|
|
You need a user ID to identify your key; the software constructs the user ID
|
|
from the Real Name, Comment and Email Address in this form:
|
|
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
|
|
|
|
Real name: YK-KSM crater Import Key
|
|
Email address:
|
|
Comment:
|
|
You selected this USER-ID:
|
|
"YK-KSM crater Import Key"
|
|
|
|
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
|
|
You need a Passphrase to protect your secret key.
|
|
|
|
We need to generate a lot of random bytes. It is a good idea to perform
|
|
some other action (type on the keyboard, move the mouse, utilize the
|
|
disks) during the prime generation; this gives the random number
|
|
generator a better chance to gain enough entropy.
|
|
.+++++++++++++++++++++++++..+++++.+++++++++++++++++++++++++...+++++++++++++++.++++++++++.++++++++++++++++++++++++++++++++++++++++.++++++++++>++++++++++......++++++++++..++++++++++++++++++++..++++++++++++++++++++++++++++++++++++++++....+++++.+++++...+++++.++++++++++.+++++++++++++++.+++++..+++++.++++++++++.+++++++++++++++..+++++>++++++++++>+++++.................................>+++++..............+++++^^^
|
|
gpg: /home/user/.gnupg/trustdb.gpg: trustdb created
|
|
gpg: key 8B88A11B marked as ultimately trusted
|
|
public and secret key created and signed.
|
|
|
|
gpg: checking the trustdb
|
|
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
|
|
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
|
|
pub 1024D/8B88A11B 2009-12-14
|
|
Key fingerprint = 9B18 20A2 F02E 3C3B 84E3 44F5 AE72 7967 8B88 A11B
|
|
uid YK-KSM crater Import Key
|
|
sub 2048g/140A17F1 2009-12-14
|
|
|
|
user@crater:~$
|
|
----
|