Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add initial README.md and Nix project environment #1

Merged
merged 1 commit into from Dec 4, 2016
Merged

Add initial README.md and Nix project environment #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
60 changes: 60 additions & 0 deletions README.md
View file
Open in desktop
@@ -0,0 +1,60 @@
# Working with your security key (hardware)

## Run PCSCD

Make sure PCSCD is running. In NixOS you would add this to your
`/etc/nixos/configuration.nix` file inside of your resulting
attrset:

```nix

services.ncscd.enable = true;

```

To verify this is running appropriate and reading your card:

1. Put your security key into a USB slow.
2. Type `pcsc_scan -n`. (^C to exit.)
3. Output should show your card's information.

## Check version of Yubikey NEO

```bash
$ gpg-connect-agent --hex "scd apdu 00 f1 00 00" /bye
D[0000] 01 00 11 90 00 .....
OK
```

The above shows version is 1.0.11. This is above the 1.0.9 version
which as vulnerability for Yubikey NEO.

## Check Nitrokey

TODO: need to document this.


## Editing OpenPGP Card

```
$ gpg --card-edit
Reader ...........: <Vendor> <Product> <Capabilities> 00 00
Application ID ...: ??????????????????????????????
Version ..........: X.Y
Manufacturer .....: ????????
Serial number ....: ????????
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 0
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]
```
5 changes: 5 additions & 0 deletions channel.nix
View file
Open in desktop
@@ -0,0 +1,5 @@
{
name = "nixos";
url = "https://d3g5gsiof5omrk.cloudfront.net/nixos/16.09/nixos-16.09.680.4e14fd5/nixexprs.tar.xz";
sha256 = "0dj8xzlj0lc4vsf3qp3cmkq2qjkrj2s2frnsi59j22iw0q7srzk5";
}
17 changes: 17 additions & 0 deletions shell.nix
View file
Open in desktop
@@ -0,0 +1,17 @@
{ fetchzip ? (import <nixpkgs> {}).fetchzip
, ... }:
let
pkgs = import (fetchzip (import ./channel.nix)) {};

inherit (pkgs) stdenv;
inherit (stdenv) mkDerivation;
in mkDerivation {
name = "seckey-workshop";
buildInputs = with pkgs; [
# for yubikey users
yubikey-neo-manager

gnupg
pcsctools
];
}