Use neoman
to change connection mode to OTP + UTF + CCID.
Please note keytocard
removes key from key ring, so you better have backup!
gpg --import /media/encrypted-media/mastersubkeys.txt
gpg --card-edit
> admin
> passwd
(change pins, default: 12345678 admin, 123456 user)
> name
gpg --edit-key <master key ID>
> toggle
> key <idx of E key>
> keytocard
> save
Import public key to use private key residing on yubikey:
$ gpg --import < pubkey.txt
Insert the YubiKey NEO and generate secret key stubs:
$ gpg --card-status
Mark the key as ultimately trusted.
$ gpg --edit-key <fingerprint of master key>
> trust
(choose ultimately)
> save
Make sure ssh-agent
is not running, and that gpg-agent
is running with --enable-ssh-support
.
Run ssh-add -L
to get a public key to be added on ~/.ssh/authorized_keys
on the remote side.
http://blog.josefsson.org/2014/06/23/offline-gnupg-master-key-and-subkeys-on-yubikey-neo-smartcard/