Skip to content

Instantly share code, notes, and snippets.

@jameswhite

jameswhite/yubikey-pkcs11.txt Secret

Created Feb 4, 2016
Embed
What would you like to do?
sudo mkdir -p /usr/local/yubico/yubico-piv-tool
(
cd /usr/local/yubico/yubico-piv-tool;
sudo wget https://developers.yubico.com/yubico-piv-tool/Releases/yubico-piv-tool-1.2.2-mac.zip
sudo unzip yubico-piv-tool-1.2.2-mac.zip
)
( cd ~/bin/; ln -s /usr/local/yubico/yubico-piv-tool/bin/yubico-piv-tool )
# Prepare the key for use
# https://developers.yubico.com/yubico-piv-tool/YubiKey_PIV_introduction.html
key=`dd if=/dev/random bs=1 count=24 2>/dev/null | hexdump -v -e '/1 "%02X"'`
echo $key
yubico-piv-tool -a set-mgm-key -n $key
The PIN and PUK should be changed as well.
pin=`dd if=/dev/random bs=1 count=6 2>/dev/null | hexdump -v -e '/1 "%u"'|cut -c1-6`
echo $pin
puk=`dd if=/dev/random bs=1 count=6 2>/dev/null | hexdump -v -e '/1 "%u"'|cut -c1-8`
echo $puk
yubico-piv-tool -a change-pin -P 123456 -N $pin
yubico-piv-tool -a change-puk -P 12345678 -N $puk
### prepare pkcs#11 support
brew install opensc
yubico-piv-tool -s 9a -a generate -o public.pem
yubico-piv-tool -a verify-pin -P 123456 -a selfsign-certificate -s 9a \
-S "/CN=SSH key/" -i public.pem -o cert.pem
yubico-piv-tool -a import-certificate -s 9a -i cert.pem
# find /opt -name opensc-pkcs11.so
export OPENSC_LIBS="/opt/boxen/homebrew/lib"
ssh-keygen -D $OPENSC_LIBS/opensc-pkcs11.so -e
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCUtuPR5CYgsFV27/Fk91DjT5sLSwRNblmCyn6vB19V2DVrIPLwgZmwhkENHS0J8N3fO411y5+B1wPewCpQecPXCdK7XDAJBU17dIn8ia1J+i8XYVv14WSvC5A7o+FyPPpfAU6Jnqm3VYPweuobrAg/DI0w95HDJfS0xfEehVkgI5AmA+1rERP/P/MllgBseUfOMzsZeI0xUIrMZyEwf4oX8nFV3QvpDYNDmiUSQgSo47DHfs414i3fUqGQF9Gqw9cpd/TqhigEe5KvYplv4SNze4AkgaBiV23FHB7flM4Q7HDnxLMz2Y+E0toLVDkP4+zTvJJ35eeJ4mB3CLVqPqgr
ssh -I $OPENSC_LIBS/opensc-pkcs11.so root@einstein
#### WAIT
https://rnorth.org/8/gpg-and-ssh-with-yubikey-for-mac
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.