Last active
October 19, 2017 20:35
-
-
Save jkbryan/ebedc0e64916da63131fbb8d0b7b55ba to your computer and use it in GitHub Desktop.
Yubikey Neo
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
key=`dd if=/dev/random bs=1 count=24 2>/dev/null | hexdump -v -e '/1 "%02X"'` | |
echo $key | |
yubico-piv-tool -a set-mgm-key -n $key |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$i=0 | |
Do | |
{ | |
$rnd=get-random -Minimum 0 -Maximum 255 | |
$result=$result+"{0:X2}" -f $rnd | |
$i=$i+1 | |
} | |
Until($i -eq 24) | |
Write-Host "Management Key:" $result |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
yubico-piv-tool -a verify-pin -P 4711 | |
yubico-piv-tool -a verify-pin -P 4711 | |
yubico-piv-tool -a verify-pin -P 4711 | |
yubico-piv-tool -a verify-pin -P 4711 | |
yubico-piv-tool -a change-puk -P 4711 -N 67567 | |
yubico-piv-tool -a change-puk -P 4711 -N 67567 | |
yubico-piv-tool -a change-puk -P 4711 -N 67567 | |
yubico-piv-tool -a change-puk -P 4711 -N 67567 | |
yubico-piv-tool -a reset |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#=================================================================================================== | |
# Generate the Management Key: | |
$i=0 | |
Do | |
{ | |
$rnd=get-random -Minimum 0 -Maximum 255 | |
$MgmtKey=$MgmtKey+"{0:X2}" -f $rnd | |
$i=$i+1 | |
} | |
Until($i -eq 24) | |
Write-Host "Management Key:" $MgmtKey | |
#=================================================================================================== | |
# Setup some Variables: | |
$PIN=98765432 | |
$PUK=23894832 | |
$Template="CertificateTemplate:My_Smartcard_Logon" # SmartCard Logon Template name from your CA | |
$DN="/CN=MyAccount/OU=myOU/DC=blah/DC=ac/DC=uk/" # ADDN of the user requesting the certificate | |
$Path="C:\<SomePath>\yubico-piv-tool-1.2.2-win64\bin" | |
#=================================================================================================== | |
# Initialise the Yubikey: | |
Invoke-Expression -Command "$path\yubico-piv-tool.exe -a set-mgm-key -n $MgmtKey" | |
Invoke-Expression -Command "$path\yubico-piv-tool.exe --key=$MgmtKey -a change-pin -P 123456 -N $PIN" | |
Invoke-Expression -Command "$path\yubico-piv-tool.exe --key=$MgmtKey -a change-puk -P 12345678 -N $PUK" | |
Invoke-Expression -Command "$path\yubico-piv-tool.exe -a verify-pin -P $PIN" | |
#=================================================================================================== | |
# Generate, request and install the SmartCard Certificate: | |
Invoke-Expression -Command "$path\yubico-piv-tool.exe --key=$MgmtKey -s 9a -a generate -o $Path\public.pem" | |
Invoke-Expression -Command "$path\yubico-piv-tool.exe -a verify-pin -P $PIN -s 9a -a request-certificate -S $DN -i $Path\public.pem -o $Path\request.csr" | |
Invoke-Expression -Command "certreq -config '<FQDN of CA Server>\<Name Of Certification Authority>' -submit -attrib $Template $Path\request.csr $Path\cert.crt" | |
Invoke-Expression -Command "$path\yubico-piv-tool.exe --key=$MgmtKey -s 9a -a import-certificate -i $Path\cert.crt" | |
Invoke-Expression -Command "$path\yubico-piv-tool.exe --key=$MgmtKey -a set-chuid" | |
#=================================================================================================== |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment