For SSH use PIV...not PGP and there is pivman as the PIV gui
https://developers.yubico.com/PIV/Guides/SSH_with_PIV_and_PKCS11.html
Use Neo Manager for changing the mode.... as when in CCID you can't use the yubikey personalized tool
slot 1 is for short press ... up to 2 seconds... slot 2 is for long press
Tools:
- neoman - neo manager - to set the mode
- yubico-piv-tool - helper for smart card operations
Baby steps
- Get U2F to work in Crome
- OpenSSH
- Generate cert request ... can reuse RSA key which is also used for SSH
- OpenSSL sign op
- OpenVPN
Command
List smart cards:
opensc-tool -l opensc-tool --reader 0 --name pkcs15-tool --list-data-objects
List keys and check usage for each key:
pkcs15-tool --list-keys
Get public key for a slot:
yubico-piv-tool -s 9a -a read-certificate | openssl x509 -pubkey -noout
Generate self signed request. Required to have a cert and allow pkcs11 tools to extract the public key:
yubico-piv-tool -s 9d -a verify-pin -P 2323 -a selfsign-certificate -S '/CN=Not-Used/' -i public.pem -v
Generate cert request:
yubico-piv-tool -a verify-pin -P 1234 -s 9a -a request-certificate -S "/C=RO/CN=some-name/emailAddress=me@example.com" -i public.pem -o request.pem
Import the cert:
yubico-piv-tool -s 9a -a import-certificate -i cert.pem
sc-hsm-tool -r 1 --initialize --so-pin 3537363231383830 --pin 648219