minor push
This commit is contained in:
parent
8f6baaddef
commit
207b3302dc
@ -6,8 +6,9 @@ keywords:
|
||||
https://forum.fairphone.com/t/fp4-debloat-guide-for-better-privacy-security-and-battery-life/80003
|
||||
|
||||
- VoLTE/Voice over WiFi maybe not working (https://forum.fairphone.com/t/how-to-enable-volte-and-wifi-calling/82049)
|
||||
-
|
||||
- call oponent sometimes can't hear my voice( https://forum.fairphone.com/t/call-microphone-issues/80888, )
|
||||
|
||||
- internal test app: `* # * # 2 8 8 6 # * # *`
|
||||
## Android
|
||||
https://github.com/0x192/universal-android-debloater
|
||||
|
||||
|
88
fido2.md
88
fido2.md
@ -5,6 +5,13 @@ keywords:
|
||||
---
|
||||
# Fido2
|
||||
### features
|
||||
- U2F
|
||||
Add the needed pam onfig entry. the `-n`is needed to ADD another key, otherwise the username will be added and destroys the login.
|
||||
```
|
||||
mkdir ~/.config/Yubico
|
||||
pamu2fcfg -o pam://hostname -i pam://hostname > ~/.config/Yubico/u2f_keys
|
||||
pamu2fcfg -o pam://$(hostname) -i pam://$(hostname) -n >> ~/.config/Yubico/u2f_keys
|
||||
```
|
||||
- WebAuth
|
||||
- main feature, login with username (known value by user), ChallengeResponse ( secret ) and button (interactive)/PIN
|
||||
- resident keys
|
||||
@ -14,8 +21,89 @@ keywords:
|
||||
## hardware
|
||||
#### OpenSK
|
||||
#### solo2
|
||||
```bash
|
||||
udo lpc55 ls
|
||||
bootloaders:
|
||||
Bootloader { vid: 1209, pid: B000, uuid: 114C99D86DB0D15B9FD0A6490962122E }
|
||||
|
||||
sudo lpc55 info
|
||||
Properties {
|
||||
current_version: Version {
|
||||
mark: Some(
|
||||
'K',
|
||||
),
|
||||
major: 3,
|
||||
minor: 0,
|
||||
fixation: 0,
|
||||
},
|
||||
target_version: Version {
|
||||
mark: Some(
|
||||
'T',
|
||||
),
|
||||
major: 1,
|
||||
minor: 1,
|
||||
fixation: 4,
|
||||
},
|
||||
available_commands: ERASE_FLASH_ALL | ERASE_FLASH | READ_MEMORY | FLASH_SECURITY_DISABLE | GET_PROPERTY | RECEIVE_SB_FILE | CALL | RESET | FLASH_READ_RESOURCE,
|
||||
available_peripherals: USB_HID,
|
||||
pfr_keystore_update_option: Keystore,
|
||||
ram_start_address: 536870912,
|
||||
ram_size: 262144,
|
||||
flash_start_address: 0,
|
||||
flash_size: 646656,
|
||||
flash_page_size: 512,
|
||||
flash_sector_size: 32768,
|
||||
verify_writes: true,
|
||||
flash_locked: true,
|
||||
max_packet_size: 56,
|
||||
device_uuid: 22994610845492304205348126649701503534,
|
||||
system_uuid: 1168442901135557,
|
||||
crc_check_status: CrcChecker(
|
||||
Invalid,
|
||||
),
|
||||
reserved_regions: [
|
||||
(
|
||||
335544320,
|
||||
335568895,
|
||||
),
|
||||
(
|
||||
67108864,
|
||||
67141631,
|
||||
),
|
||||
(
|
||||
805306368,
|
||||
805330943,
|
||||
),
|
||||
(
|
||||
536870912,
|
||||
536895487,
|
||||
),
|
||||
],
|
||||
irq_notification_pin: IrqNotificationPin {
|
||||
pin: 0,
|
||||
port: 0,
|
||||
enabled: false,
|
||||
},
|
||||
}
|
||||
|
||||
```
|
||||
#### nitrokey
|
||||
### code snippets
|
||||
|
||||
resident-key aka discoverable credentials (`fido2-token -S` to set the PIN, otherwise all other things fails, after using the PIN an additional touch is needed but not declared. Check this with
|
||||
```bash
|
||||
fido2-token -I -c /dev/hidrawX
|
||||
fido2-token -L -r /dev/hidrawX
|
||||
```
|
||||
You can then check this in detail:
|
||||
```
|
||||
fido2-token -L -k ssh: /dev/hidrawX
|
||||
00: m4LrqX8qMtFisoixm0whdQ== openssh AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= eddsa uvopt+id
|
||||
```
|
||||
|
||||
to get the "resident-key aka dc" call `ssh-keygen -K`. you get the two files, but the private key is a stub.(?, https://github.com/openssh/openssh-portable/raw/master/PROTOCOL.u2f) yubikey seems to support only ecdsa and not ed25519
|
||||
to add this "rk or dc thing" into the agent `ssh-add -K`. It seems that the `user@host` info gets lost while transfering this into the dongles space.
|
||||
|
||||
```[https://gist.github.com/alexgwolff/5d7f6802996cad2847c4a16995da410b]
|
||||
Using resident keys If your security key supports FIDO2 resident keys*, like the YubiKey 5 Series, YubiKey 5 FIPS Series, or the Security Key NFC by Yubico, you can enable this when creating your SSH key:
|
||||
|
||||
|
3
gnuk.md
3
gnuk.md
@ -27,7 +27,10 @@ https://github.com/vletoux/OpenPGP-CSP/issues
|
||||
https://incenp.org/dvlpt/scdtools.html
|
||||
|
||||
|
||||
```
|
||||
echo scd random 32 | gpg-connect-agent | xxd
|
||||
|
||||
```
|
||||
-----------------
|
||||
Nutzer PIN erst mit Zertifikat
|
||||
adminless Modus mit PIN über 8 Zeichen, User Pin min 6 Zeichen PIN
|
||||
|
@ -19,7 +19,8 @@ NAS
|
||||
ODroid HC-1
|
||||
- 1 x 2,5" HDD 1.5GB CMR [2014?]
|
||||
RPi2
|
||||
- 1 x 2,5" HDD 1TB CMR [2014?]
|
||||
- 1 x 2,5" HDD 1TB CMR [2014?] WDC WD10SPZX-24Z10T0 S/N:WD-WX41A485FYC1 aka WD Blue
|
||||
-
|
||||
|
||||
m.2 USB3 PCIe enclousure
|
||||
- 1x m.2SSD ???GB m.2 2280 ??? [2019?]
|
||||
|
Loading…
Reference in New Issue
Block a user