46 lines
No EOL
1.5 KiB
ReStructuredText
46 lines
No EOL
1.5 KiB
ReStructuredText
Generate Certify Key
|
|
====================
|
|
|
|
.. warning::
|
|
|
|
Page a tradire en francais...
|
|
|
|
.. warning::
|
|
|
|
No Internet from now on
|
|
|
|
Introduction
|
|
------------
|
|
|
|
The primary key to generate is the Certify key, which will be used to issue Subkeys for encryption, signature and authentication operations.
|
|
|
|
The Certify key should be kept offline at all times and only accessed from a secure environment to revoke or issue Subkeys. Keys can also be generated on the YubiKey itself to avoid duplication, however for usability and durability reasons this guide recommends against doing so.
|
|
|
|
Generate a passphrase which will be needed throughout the guide to create Subkeys. The passphrase should be memorized or written down in a secure location, ideally separate from the portable storage device used for key material.
|
|
|
|
The passphrase is recommended to consist of only upper case letters and numbers for improved readability.
|
|
|
|
|
|
The following command will generate strong passphrases while avoiding ambiguous characters:
|
|
|
|
.. code-block::
|
|
|
|
LC_ALL=C tr -dc 'A-Z1-9' < /dev/urandom | \
|
|
tr -d "1IOS5U" | fold -w 30 | head -n10 | \
|
|
sed "-es/./ /"{1..26..5} | cut -c2- | tr " " "-"
|
|
|
|
|
|
Example output:
|
|
|
|
.. code-block::
|
|
|
|
A4ZK-YRRJ-8WPM-82NY-CX9T-AGKT
|
|
PH9Z-HFDX-QDB9-YMMC-GQZB-Z3EV
|
|
EC3H-C42G-8E9K-VF7F-ZWT7-BTL6
|
|
B3CA-QCCE-JMNE-VAZG-ZEYD-J3XP
|
|
YKP4-M42X-4WWE-WEKR-C3J7-GZYF
|
|
ZQWC-E7MN-M7CT-4Y4Z-9QFV-44VY
|
|
KY4F-C83Q-BTYQ-V8EM-WGCR-DPZN
|
|
GYWQ-WNAC-ERWM-XGAD-6XVD-ZCLD
|
|
L8JL-EK8H-Z4ZF-MA93-NND8-FPKA
|
|
WM2J-XF7L-QV6D-AWLY-Y2D8-4TQQ |