Skip to content

Instantly share code, notes, and snippets.


jameswhite/yubikey-pkcs11.txt Secret

Created Feb 4, 2016
What would you like to do?
sudo mkdir -p /usr/local/yubico/yubico-piv-tool
cd /usr/local/yubico/yubico-piv-tool;
sudo wget
sudo unzip
( cd ~/bin/; ln -s /usr/local/yubico/yubico-piv-tool/bin/yubico-piv-tool )
# Prepare the key for use
key=`dd if=/dev/random bs=1 count=24 2>/dev/null | hexdump -v -e '/1 "%02X"'`
echo $key
yubico-piv-tool -a set-mgm-key -n $key
The PIN and PUK should be changed as well.
pin=`dd if=/dev/random bs=1 count=6 2>/dev/null | hexdump -v -e '/1 "%u"'|cut -c1-6`
echo $pin
puk=`dd if=/dev/random bs=1 count=6 2>/dev/null | hexdump -v -e '/1 "%u"'|cut -c1-8`
echo $puk
yubico-piv-tool -a change-pin -P 123456 -N $pin
yubico-piv-tool -a change-puk -P 12345678 -N $puk
### prepare pkcs#11 support
brew install opensc
yubico-piv-tool -s 9a -a generate -o public.pem
yubico-piv-tool -a verify-pin -P 123456 -a selfsign-certificate -s 9a \
-S "/CN=SSH key/" -i public.pem -o cert.pem
yubico-piv-tool -a import-certificate -s 9a -i cert.pem
# find /opt -name
export OPENSC_LIBS="/opt/boxen/homebrew/lib"
ssh-keygen -D $OPENSC_LIBS/ -e
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCUtuPR5CYgsFV27/Fk91DjT5sLSwRNblmCyn6vB19V2DVrIPLwgZmwhkENHS0J8N3fO411y5+B1wPewCpQecPXCdK7XDAJBU17dIn8ia1J+i8XYVv14WSvC5A7o+FyPPpfAU6Jnqm3VYPweuobrAg/DI0w95HDJfS0xfEehVkgI5AmA+1rERP/P/MllgBseUfOMzsZeI0xUIrMZyEwf4oX8nFV3QvpDYNDmiUSQgSo47DHfs414i3fUqGQF9Gqw9cpd/TqhigEe5KvYplv4SNze4AkgaBiV23FHB7flM4Q7HDnxLMz2Y+E0toLVDkP4+zTvJJ35eeJ4mB3CLVqPqgr
ssh -I $OPENSC_LIBS/ root@einstein
#### WAIT
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.