mirror of
https://salsa.debian.org/gnuk-team/gnuk/gnuk.git
synced 2024-09-20 19:00:08 +00:00
119 lines
3.1 KiB
ReStructuredText
119 lines
3.1 KiB
ReStructuredText
|
=============================
|
||
|
Personalization of Gnuk Token
|
||
|
=============================
|
||
|
|
||
|
|
||
|
Personalize your Gnuk Token
|
||
|
===========================
|
||
|
|
||
|
Invoke GnuPG with the option ``--card-edit``. ::
|
||
|
|
||
|
$ gpg --card-edit
|
||
|
gpg: detected reader `FSIJ Gnuk (0.12-34006E06) 00 00'
|
||
|
Application ID ...: D276000124010200F517000000010000
|
||
|
Version ..........: 2.0
|
||
|
Manufacturer .....: FSIJ
|
||
|
Serial number ....: 00000001
|
||
|
Name of cardholder: [not set]
|
||
|
Language prefs ...: [not set]
|
||
|
Sex ..............: unspecified
|
||
|
URL of public key : [not set]
|
||
|
Login data .......: [not set]
|
||
|
Signature PIN ....: forced
|
||
|
Key attributes ...: 2048R 2048R 2048R
|
||
|
Max. PIN lengths .: 127 127 127
|
||
|
PIN retry counter : 3 3 3
|
||
|
Signature counter : 0
|
||
|
Signature key ....: [none]
|
||
|
Encryption key....: [none]
|
||
|
Authentication key: [none]
|
||
|
General key info..: [none]
|
||
|
|
||
|
It shows the status of the card (as same as the output of ``gpg --card-status``). It shows token's name and its USB serial string (0.12-34006E06) from PC/SC-lite.
|
||
|
|
||
|
Then, GnuPG enters its own command interaction mode. The prompt is ``gpg/card>``.
|
||
|
|
||
|
Firstly, I change PIN of card user from factory setting (of "123456"). Note that, only changing PIN of user enables "admin less mode" of Gnuk. Admin password will become same one of user's. ::
|
||
|
|
||
|
gpg/card> passwd
|
||
|
gpg: OpenPGP card no. D276000124010200F517000000010000 detected
|
||
|
|
||
|
Please enter the PIN
|
||
|
Enter PIN: 123456
|
||
|
|
||
|
New PIN
|
||
|
Enter New PIN: <PASSWORD-OF-GNUK>
|
||
|
|
||
|
New PIN
|
||
|
Repeat this PIN: <PASSWORD-OF-GNUK>
|
||
|
PIN changed.
|
||
|
|
||
|
Secondly, enabling admin command, I put name of mine. Note that I input user's PIN (which I set above) here, because it is "admin less mode". ::
|
||
|
|
||
|
gpg/card> admin
|
||
|
Admin commands are allowed
|
||
|
|
||
|
gpg/card> name
|
||
|
Cardholder's surname: Niibe
|
||
|
Cardholder's given name: Yutaka
|
||
|
gpg: 3 Admin PIN attempts remaining before card is permanently locked
|
||
|
|
||
|
Please enter the Admin PIN
|
||
|
Enter Admin PIN: <PASSWORD-OF-GNUK>
|
||
|
|
||
|
Thirdly, I put some other informations, such as language, sex, login, and URL. URL specifies the place where I put my public keys. ::
|
||
|
|
||
|
gpg/card> lang
|
||
|
Language preferences: ja
|
||
|
|
||
|
gpg/card> sex
|
||
|
Sex ((M)ale, (F)emale or space): m
|
||
|
|
||
|
gpg/card> url
|
||
|
URL to retrieve public key: http://www.gniibe.org/gniibe.asc
|
||
|
|
||
|
gpg/card> login
|
||
|
Login data (account name): gniibe
|
||
|
|
||
|
Since I don't force PIN input everytime, toggle it to non-force-pin-for-signature. ::
|
||
|
|
||
|
gpg/card> forcesig
|
||
|
|
||
|
Lastly, I setup reset code. This is optional. ::
|
||
|
|
||
|
gpg/card> passwd
|
||
|
gpg: OpenPGP card no. D276000124010200F517000000010000 detected
|
||
|
|
||
|
1 - change PIN
|
||
|
2 - unblock PIN
|
||
|
3 - change Admin PIN
|
||
|
4 - set the Reset Code
|
||
|
Q - quit
|
||
|
|
||
|
Your selection? 4
|
||
|
gpg: 3 Admin PIN attempts remaining before card is permanently locked
|
||
|
|
||
|
Please enter the Admin PIN
|
||
|
Enter Admin PIN: <PASSWORD-OF-GNUK>
|
||
|
|
||
|
New Reset Code
|
||
|
Enter New PIN: <RESETCODE-OF-GNUK>
|
||
|
|
||
|
New Reset Code
|
||
|
Repeat this PIN: <RESETCODE-OF-GNUK>
|
||
|
Reset Code set.
|
||
|
|
||
|
1 - change PIN
|
||
|
2 - unblock PIN
|
||
|
3 - change Admin PIN
|
||
|
4 - set the Reset Code
|
||
|
Q - quit
|
||
|
|
||
|
Your selection? q
|
||
|
|
||
|
Then, I quit. ::
|
||
|
|
||
|
gpg/card> quit
|
||
|
|
||
|
That's all.
|