[prev in list] [next in list] [prev in thread] [next in thread]
List: gnupg-users
Subject: Re: "gpg --card-edit" with multiple card readers (Yubikey)
From: Werner Koch via Gnupg-users <gnupg-users () gnupg ! org>
Date: 2023-07-07 12:53:06
Message-ID: 87bkgnc28d.fsf () wheatstone ! g10code ! de
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On Fri, 7 Jul 2023 14:22, Juanjo said:
> This works fine with a single Yubikey, but we wanted to have more than
> one connected at the same time in order to batch-configure them and
> even to try to use multiple SSH key authentication in specific target
Most of the time I am using several Yubikeys and other smardcards. Some
even remotely. For example I use an SSH connection with socket
forwarding to out build server. Over that connection I provide access
to an Authenticode token, my release key and ssh keys on tokens.
I should eventually describe the environment. As a starter:
"no-autostart" in common.conf on the build box, gpg-card with "verify"
to unlock keys on the desktop for remote use by the build process
(Authenticode), and some keywords in the private key files (Use-for-p11,
Use-for-ssh).
To create keys, use gpg-card which can easily be scripted. Examples:
$ gpg-card list D2760001240100000006154932830000 \
-- yubikey disable nfc all \
-- yubikey disable usb otp u2f piv oath fido2 \
-- yubikey list
OTP no no
U2F no no
OPGP yes no
PIV no no
OATH no no
FIDO2 no no
$ gpg-card
[...]
gpg/card> help generate
GENERATE [--force] [--algo=ALGO{+ALGO2}] KEYREF
Create a new key on a card.
Use --force to overwrite an existing key.
Use "help" for ALGO to get a list of known algorithms.
For OpenPGP cards several algos may be given.
Note that the OpenPGP key generation is done interactively
unless a single ALGO or KEYREF are given.
[Supported by: OpenPGP, PIV]
Salam-Shalom,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
["openpgp-digital-signature.asc" (application/pgp-signature)]
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic