Yubikey: Difference between revisions
imported>Mic92 document otp & smart card mode |
imported>Mic92 offline key generation |
||
| Line 15: | Line 15: | ||
In order to manage OTP keys you can install the <code>yubioath-desktop</code> package in your profile. | In order to manage OTP keys you can install the <code>yubioath-desktop</code> package in your profile. | ||
This application will also both the udev rules as well as pcscd enabled. | This application will also both the udev rules as well as pcscd enabled. | ||
== Offline key generation == | |||
It is best practice to create the keys on a system without network connection to avoid leakages. | |||
This [https://github.com/drduh/YubiKey-Guide guide] explains in depth the steps needed for that. | |||
There is also a [https://github.com/Mic92/dotfiles/blob/6a48eee2c772bd1f52f22fca5f531770958c738f/nixos/images/yubikey-image.nix nix expression] that creates a nixos live image with all necessary dependencies pre-installed. | |||
The image can be created with the [https://github.com/nix-community/nixos-generators nixos-generator tool] | |||
and depending on the image copied onto a usb stick or executed directly using <code>kexec</code> | |||