jkbryan/generate-management-key.sh

## generate-management-key.sh
key=`dd if=/dev/random bs=1 count=24 2>/dev/null | hexdump -v -e '/1 "%02X"'`
echo $key
yubico-piv-tool -a set-mgm-key -n $key

## generate-management-key.txt
$i=0
Do
	{
	$rnd=get-random -Minimum 0 -Maximum 255
	$result=$result+"{0:X2}" -f $rnd
	$i=$i+1
	}
Until($i -eq 24)
Write-Host "Management Key:" $result

## yubico-piv-tool-reset.txt
yubico-piv-tool -a verify-pin -P 4711
yubico-piv-tool -a verify-pin -P 4711
yubico-piv-tool -a verify-pin -P 4711
yubico-piv-tool -a verify-pin -P 4711
yubico-piv-tool -a change-puk -P 4711 -N 67567
yubico-piv-tool -a change-puk -P 4711 -N 67567
yubico-piv-tool -a change-puk -P 4711 -N 67567
yubico-piv-tool -a change-puk -P 4711 -N 67567
yubico-piv-tool -a reset

## yubikey-piv-initialisation.txt
#===================================================================================================
# Generate the Management Key:
$i=0
Do
{
$rnd=get-random -Minimum 0 -Maximum 255
$MgmtKey=$MgmtKey+"{0:X2}" -f $rnd
$i=$i+1
}
Until($i -eq 24)
Write-Host "Management Key:" $MgmtKey

#===================================================================================================
# Setup some Variables:
$PIN=98765432
$PUK=23894832
$Template="CertificateTemplate:My_Smartcard_Logon"		# SmartCard Logon Template name from your CA
$DN="/CN=MyAccount/OU=myOU/DC=blah/DC=ac/DC=uk/"		# ADDN of the user requesting the certificate
$Path="C:\<SomePath>\yubico-piv-tool-1.2.2-win64\bin"

#===================================================================================================
# Initialise the Yubikey:
Invoke-Expression -Command "$path\yubico-piv-tool.exe -a set-mgm-key -n $MgmtKey"
Invoke-Expression -Command "$path\yubico-piv-tool.exe --key=$MgmtKey -a change-pin -P 123456 -N $PIN"
Invoke-Expression -Command "$path\yubico-piv-tool.exe --key=$MgmtKey -a change-puk -P 12345678 -N $PUK"
Invoke-Expression -Command "$path\yubico-piv-tool.exe -a verify-pin -P $PIN"

#===================================================================================================
# Generate, request and install the SmartCard Certificate:
Invoke-Expression -Command "$path\yubico-piv-tool.exe --key=$MgmtKey -s 9a -a generate -o $Path\public.pem"
Invoke-Expression -Command "$path\yubico-piv-tool.exe -a verify-pin -P $PIN -s 9a -a request-certificate -S $DN -i $Path\public.pem -o $Path\request.csr"
Invoke-Expression -Command "certreq -config '<FQDN of CA Server>\<Name Of Certification Authority>' -submit -attrib $Template $Path\request.csr $Path\cert.crt"
Invoke-Expression -Command "$path\yubico-piv-tool.exe --key=$MgmtKey -s 9a -a import-certificate -i $Path\cert.crt"
Invoke-Expression -Command "$path\yubico-piv-tool.exe --key=$MgmtKey -a set-chuid"

#===================================================================================================
	key=`dd if=/dev/random bs=1 count=24 2>/dev/null \| hexdump -v -e '/1 "%02X"'`
	echo $key
	yubico-piv-tool -a set-mgm-key -n $key
	$i=0
	Do
	{
	$rnd=get-random -Minimum 0 -Maximum 255
	$result=$result+"{0:X2}" -f $rnd
	$i=$i+1
	}
	Until($i -eq 24)
	Write-Host "Management Key:" $result
	yubico-piv-tool -a verify-pin -P 4711
	yubico-piv-tool -a verify-pin -P 4711
	yubico-piv-tool -a verify-pin -P 4711
	yubico-piv-tool -a verify-pin -P 4711
	yubico-piv-tool -a change-puk -P 4711 -N 67567
	yubico-piv-tool -a change-puk -P 4711 -N 67567
	yubico-piv-tool -a change-puk -P 4711 -N 67567
	yubico-piv-tool -a change-puk -P 4711 -N 67567
	yubico-piv-tool -a reset
	#===================================================================================================
	# Generate the Management Key:
	$i=0
	Do
	{
	$rnd=get-random -Minimum 0 -Maximum 255
	$MgmtKey=$MgmtKey+"{0:X2}" -f $rnd
	$i=$i+1
	}
	Until($i -eq 24)
	Write-Host "Management Key:" $MgmtKey

	#===================================================================================================
	# Setup some Variables:
	$PIN=98765432
	$PUK=23894832
	$Template="CertificateTemplate:My_Smartcard_Logon" # SmartCard Logon Template name from your CA
	$DN="/CN=MyAccount/OU=myOU/DC=blah/DC=ac/DC=uk/" # ADDN of the user requesting the certificate
	$Path="C:\<SomePath>\yubico-piv-tool-1.2.2-win64\bin"

	#===================================================================================================
	# Initialise the Yubikey:
	Invoke-Expression -Command "$path\yubico-piv-tool.exe -a set-mgm-key -n $MgmtKey"
	Invoke-Expression -Command "$path\yubico-piv-tool.exe --key=$MgmtKey -a change-pin -P 123456 -N $PIN"
	Invoke-Expression -Command "$path\yubico-piv-tool.exe --key=$MgmtKey -a change-puk -P 12345678 -N $PUK"
	Invoke-Expression -Command "$path\yubico-piv-tool.exe -a verify-pin -P $PIN"

	#===================================================================================================
	# Generate, request and install the SmartCard Certificate:
	Invoke-Expression -Command "$path\yubico-piv-tool.exe --key=$MgmtKey -s 9a -a generate -o $Path\public.pem"
	Invoke-Expression -Command "$path\yubico-piv-tool.exe -a verify-pin -P $PIN -s 9a -a request-certificate -S $DN -i $Path\public.pem -o $Path\request.csr"
	Invoke-Expression -Command "certreq -config '<FQDN of CA Server>\<Name Of Certification Authority>' -submit -attrib $Template $Path\request.csr $Path\cert.crt"
	Invoke-Expression -Command "$path\yubico-piv-tool.exe --key=$MgmtKey -s 9a -a import-certificate -i $Path\cert.crt"
	Invoke-Expression -Command "$path\yubico-piv-tool.exe --key=$MgmtKey -a set-chuid"

	#===================================================================================================