[securityguide] Fix this so it will build in Publican
by Jared K. Smith
commit 1d822998b59f3aba50a1282af7f14c42cd46faab
Author: Jared K. Smith <jaredsmith(a)jaredsmith.net>
Date: Mon Mar 31 08:11:25 2014 -0400
Fix this so it will build in Publican
en-US/Yubikey_Neo.xml | 2 --
1 files changed, 0 insertions(+), 2 deletions(-)
---
diff --git a/en-US/Yubikey_Neo.xml b/en-US/Yubikey_Neo.xml
index 69d7570..2fcf36d 100644
--- a/en-US/Yubikey_Neo.xml
+++ b/en-US/Yubikey_Neo.xml
@@ -56,7 +56,6 @@ General key info..: [none]
<para>Specify the expiration date for your key -- and yes, please set an expiration date. You can always edit the key and </para>
</section>
-<!--
<section>
<title>Using gnupg2</title>
<para>We can't write to the card from gpg itself, so let's switch to gpg2. First, make sure that gpg2 can see your
@@ -67,6 +66,5 @@ General key info..: [none]
<para>Subkeys are numbered starting with 1, so type <command>key <replaceable>2</replaceable></command> to select the 2nd subkey. Now you'll notice a <literal>*</literal> next to the key.</para>
<para><command>keytocard</command> to write the key to the Yubikey Neo.</para>
</section>
--->
</section>
9 years, 11 months
[securityguide: 3/3] Merge branch 'yubikey_neo'
by Jared K. Smith
commit c7b7b9d6c5abad567f78f9177ceabf9d8222b43b
Merge: 3c8c864 1626e8e
Author: Jared K. Smith <jaredsmith(a)jaredsmith.net>
Date: Mon Mar 31 08:09:39 2014 -0400
Merge branch 'yubikey_neo'
en-US/Security_Guide.xml | 18 +++++++----
en-US/Yubikey_Neo.xml | 72 ++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 83 insertions(+), 7 deletions(-)
---
9 years, 11 months
[securityguide: 2/3] Add my basic docs on the Yubikey Neo
by Jared K. Smith
commit 1626e8e644f863fd1102593f3d858d8be31f162b
Author: Jared K. Smith <jaredsmith(a)jaredsmith.net>
Date: Sun Mar 23 10:26:59 2014 -0400
Add my basic docs on the Yubikey Neo
en-US/Security_Guide.xml | 18 +++++++++++-------
en-US/Yubikey_Neo.xml | 22 ++++++++++++++++------
2 files changed, 27 insertions(+), 13 deletions(-)
---
diff --git a/en-US/Security_Guide.xml b/en-US/Security_Guide.xml
index 2a5ac80..f707385 100644
--- a/en-US/Security_Guide.xml
+++ b/en-US/Security_Guide.xml
@@ -14,15 +14,19 @@
<xi:include href="SoftwareMaintenance.xml" xmlns:xi="http://www.w3.org/2001/XInclude"></xi:include>
<xi:include href="CVE.xml" xmlns:xi="http://www.w3.org/2001/XInclude"></xi:include>
<chapter>
+ <title>Yubikey</title>
+ <xi:include href="Yubikey_Neo.xml" xmlns:xi="http://www.w3.org/2001/XInclude"></xi:include>
+ </chapter>
+ <chapter>
<title>SELinux</title>
<para/>
- <xi:include href="Introduction.xml" xmlns:xi="http://www.w3.org/2001/XInclude"></xi:include>
- <xi:include href="Contexts_and_Attributes.xml" xmlns:xi="http://www.w3.org/2001/XInclude"></xi:include>
- <xi:include href="Targeted_Policy.xml" xmlns:xi="http://www.w3.org/2001/XInclude"></xi:include>
- <xi:include href="Working_With_SELinux.xml" xmlns:xi="http://www.w3.org/2001/XInclude"></xi:include>
- <xi:include href="Managing_Users.xml" xmlns:xi="http://www.w3.org/2001/XInclude"></xi:include>
- <xi:include href="Troubleshooting.xml" xmlns:xi="http://www.w3.org/2001/XInclude"></xi:include>
- <xi:include href="Further_Information.xml" xmlns:xi="http://www.w3.org/2001/XInclude"></xi:include>
+ <xi:include href="Introduction.xml" xmlns:xi="http://www.w3.org/2001/XInclude"></xi:include>
+ <xi:include href="Contexts_and_Attributes.xml" xmlns:xi="http://www.w3.org/2001/XInclude"></xi:include>
+ <xi:include href="Targeted_Policy.xml" xmlns:xi="http://www.w3.org/2001/XInclude"></xi:include>
+ <xi:include href="Working_With_SELinux.xml" xmlns:xi="http://www.w3.org/2001/XInclude"></xi:include>
+ <xi:include href="Managing_Users.xml" xmlns:xi="http://www.w3.org/2001/XInclude"></xi:include>
+ <xi:include href="Troubleshooting.xml" xmlns:xi="http://www.w3.org/2001/XInclude"></xi:include>
+ <xi:include href="Further_Information.xml" xmlns:xi="http://www.w3.org/2001/XInclude"></xi:include>
</chapter>
<xi:include href="Managing_Confined_Services.xml" xmlns:xi="http://www.w3.org/2001/XInclude"></xi:include>
<xi:include href="Encryption_Standards.xml" xmlns:xi="http://www.w3.org/2001/XInclude"></xi:include>
diff --git a/en-US/Yubikey_Neo.xml b/en-US/Yubikey_Neo.xml
index 74c5d7a..69d7570 100644
--- a/en-US/Yubikey_Neo.xml
+++ b/en-US/Yubikey_Neo.xml
@@ -45,18 +45,28 @@ General key info..: [none]
<para><command>lang</command> to set your language (<literal>en</literal> for example).</para>
<para><command>sex</command> to set your gender.</para>
<para><command>quit</command> to quit.</para>
- <para><command>gpg --edit-key <literal>fingerprint</literal></command></para>
- <para><command>addkey</command> to create a new key</para>
- <para><command>RSA (sign only)</command> to create a subkey for signing</para>
- <para><command>save</command> to save the key</para>
- <para><command>quit</command> to quit</para>
+ </section>
+ <section>
+ <title>Creating the key on the Yubikey Neo</title>
+ <para><command>gpg --edit-key <replaceable>key-id</replaceable></command></para>
+ <para><command>addcardkey</command> to generate a new key on the Yubikey Neo</para>
+ <para>Select <option>Signature key</option>.</para>
+ <para>Enter the PIN</para>
+ <para>Unlock your master key</para>
+ <para>Specify the expiration date for your key -- and yes, please set an expiration date. You can always edit the key and </para>
+
+ </section>
+<!--
+ <section>
+ <title>Using gnupg2</title>
<para>We can't write to the card from gpg itself, so let's switch to gpg2. First, make sure that gpg2 can see your
card by running <command>gpg2 --card-status</command>. If it can't see your card, you probably forgot to install the
<package>gnupg2-smime</package> package.</para>
- <para>Run <command> sudo gpg2 --no-default-keyring --keyring ~/.gnupg/pubring.gpg --secret-keyring ~/.gnupg/secring.gpg --edit-key <replaceable>fingerprint</replaceable></command></para>
+ <para>Run <command> sudo gpg2 --no-default-keyring --keyring ~/.gnupg/pubring.gpg --secret-keyring ~/.gnupg/secring.gpg --edit-key <replaceable>key-id</replaceable></command></para>
<para><command>toggle</command> to switch between public key and secret key</para>
<para>Subkeys are numbered starting with 1, so type <command>key <replaceable>2</replaceable></command> to select the 2nd subkey. Now you'll notice a <literal>*</literal> next to the key.</para>
<para><command>keytocard</command> to write the key to the Yubikey Neo.</para>
</section>
+-->
</section>
9 years, 11 months
[securityguide: 1/3] Add a stub for a chapter on using the Yubikey Neo
by Jared K. Smith
commit f90ff2c56c93b4dd3fb04c03774d09151f6eea56
Author: Jared K. Smith <jaredsmith(a)jaredsmith.net>
Date: Fri Mar 21 20:40:40 2014 -0400
Add a stub for a chapter on using the Yubikey Neo
en-US/Yubikey_Neo.xml | 62 +++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 62 insertions(+), 0 deletions(-)
---
diff --git a/en-US/Yubikey_Neo.xml b/en-US/Yubikey_Neo.xml
new file mode 100644
index 0000000..74c5d7a
--- /dev/null
+++ b/en-US/Yubikey_Neo.xml
@@ -0,0 +1,62 @@
+<?xml version='1.0'?>
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+]>
+<section id="sect-Security_Guide-Yubikey_Neo">
+ <title>Yubikey Neo</title>
+ <para />
+ <section>
+ <title>Installing the necessary tools</title>
+ <para><command>sudo yum install libykneomgr pcsc-lite pcsc-tools gnupg2 gnupg2-smime --enablerepo=updates-testing</command></para>
+ <para><command>sudo systemctl start pcscd.service pcscd.socket</command></para>
+ <para><command>sudo systemctl enable pcscd.service pcscd.socket</command></para>
+ <para><command>ykneomgr -a</command>, then copy the first 12 characters of last key to the clipboard.</para>
+ <para><command>ykneomgr -D <replaceable>d27600012401</replaceable></command>, and then it should return with no output. This deletes the version of the OpenPGP applet that is on the card.</para>
+ <para>Grab the latest version of the <literal>.cap</literal> file from <ulink url="http://opensource.yubico.com/ykneo-openpgp/releases.html"/>. For this example, we downloaded <literal>ykneo-openpgp-1.0.5.cap</literal>.</para>
+ <remark>nb to figure out how to query the current version</remark>
+ <para><command>ykneomgr -i /tmp/ykneo-openpgp-1.0.5.cap</command> to install the new version of the OpenPGP applet.</para>
+ <para><command>gpg --card-status</command> to make sure GPG can see and talk to the card.
+ <screen>
+gpg: detected reader `Yubico Yubikey NEO OTP+CCID 00 00'
+Application ID ...: D2760001240102000000000000010000
+Version ..........: 2.0
+Manufacturer .....: test card
+Serial number ....: 00000001
+Name of cardholder: [not set]
+Language prefs ...: [not set]
+Sex ..............: unspecified
+URL of public key : [not set]
+Login data .......: [not set]
+Signature PIN ....: forced
+Key attributes ...: 2048R 2048R 2048R
+Max. PIN lengths .: 127 127 127
+PIN retry counter : 3 3 3
+Signature counter : 0
+Signature key ....: [none]
+Encryption key....: [none]
+Authentication key: [none]
+General key info..: [none]
+</screen>
+ </para>
+ <remark>nb to tell us how to change the mode between yubikey only, gpg-only, or both</remark>
+ <para><command>gpg --card-edit</command> to edit the settings on the card.</para>
+ <para><command>admin</command> to turn on admin mode, do 1 and 3, and set a pin for each. Can be alpha-numeric.</para>
+ <para><command>q</command> to quit.</para>
+ <para><command>name</command> to add your name.</para>
+ <para><command>lang</command> to set your language (<literal>en</literal> for example).</para>
+ <para><command>sex</command> to set your gender.</para>
+ <para><command>quit</command> to quit.</para>
+ <para><command>gpg --edit-key <literal>fingerprint</literal></command></para>
+ <para><command>addkey</command> to create a new key</para>
+ <para><command>RSA (sign only)</command> to create a subkey for signing</para>
+ <para><command>save</command> to save the key</para>
+ <para><command>quit</command> to quit</para>
+ <para>We can't write to the card from gpg itself, so let's switch to gpg2. First, make sure that gpg2 can see your
+ card by running <command>gpg2 --card-status</command>. If it can't see your card, you probably forgot to install the
+ <package>gnupg2-smime</package> package.</para>
+ <para>Run <command> sudo gpg2 --no-default-keyring --keyring ~/.gnupg/pubring.gpg --secret-keyring ~/.gnupg/secring.gpg --edit-key <replaceable>fingerprint</replaceable></command></para>
+ <para><command>toggle</command> to switch between public key and secret key</para>
+ <para>Subkeys are numbered starting with 1, so type <command>key <replaceable>2</replaceable></command> to select the 2nd subkey. Now you'll notice a <literal>*</literal> next to the key.</para>
+ <para><command>keytocard</command> to write the key to the Yubikey Neo.</para>
+ </section>
+
+</section>
9 years, 11 months
[documentation-guide: 1/2] Fix another XML tag, and remove a duplicate section
by Jared K. Smith
commit f6d6f03d8429bfe6c7a0d13fdbfad4179a1974c3
Author: Jared K. Smith <jaredsmith(a)jaredsmith.net>
Date: Wed Mar 26 15:14:31 2014 -0400
Fix another XML tag, and remove a duplicate section
en-US/docbook.xml | 6 +-----
1 files changed, 1 insertions(+), 5 deletions(-)
---
diff --git a/en-US/docbook.xml b/en-US/docbook.xml
index f347dc5..2d675c5 100644
--- a/en-US/docbook.xml
+++ b/en-US/docbook.xml
@@ -148,16 +148,12 @@
supports including multiple file. To include an
additional file into a document, refer to the following
example:
-<screen>>xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="<replaceable>Included_File.xml</replaceable>" /></screen>
+<screen><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="<replaceable>Included_File.xml</replaceable>" /></screen>
When the document is rendered, the included text will
appear as if it were inserted entirely in the main file.
</para>
</section>
- <section>
- <title>Entities: With Great Power Comes Great Responsibility</title>
- <para/>
- </section>
</chapter>
<!--
9 years, 12 months
[documentation-guide] Fix another XML tag
by Jared K. Smith
commit f3e22708224af557209497a6cf8ace448fb4e776
Author: Jared K. Smith <jaredsmith(a)jaredsmith.net>
Date: Wed Mar 26 15:14:31 2014 -0400
Fix another XML tag
en-US/docbook.xml | 6 +-----
1 files changed, 1 insertions(+), 5 deletions(-)
---
diff --git a/en-US/docbook.xml b/en-US/docbook.xml
index f347dc5..2d675c5 100644
--- a/en-US/docbook.xml
+++ b/en-US/docbook.xml
@@ -148,16 +148,12 @@
supports including multiple file. To include an
additional file into a document, refer to the following
example:
-<screen>>xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="<replaceable>Included_File.xml</replaceable>" /></screen>
+<screen><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="<replaceable>Included_File.xml</replaceable>" /></screen>
When the document is rendered, the included text will
appear as if it were inserted entirely in the main file.
</para>
</section>
- <section>
- <title>Entities: With Great Power Comes Great Responsibility</title>
- <para/>
- </section>
</chapter>
<!--
9 years, 12 months
[documentation-guide] Fix a typo and a mis-tagging when talking about entities
by Jared K. Smith
commit fa8c6cf3a3de3be4fbb2b6287c907d23011b5ac3
Author: Jared K. Smith <jaredsmith(a)jaredsmith.net>
Date: Wed Mar 26 15:10:02 2014 -0400
Fix a typo and a mis-tagging when talking about entities
en-US/docbook.xml | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
---
diff --git a/en-US/docbook.xml b/en-US/docbook.xml
index 3a084d7..f347dc5 100644
--- a/en-US/docbook.xml
+++ b/en-US/docbook.xml
@@ -78,10 +78,10 @@
times in a document. Entities are
usually defined early in the document
using the following syntax:
-<screen>>!ENTITY ENTITYNAME "value"></screen>
+<screen><!ENTITY ENTITYNAME "value"></screen>
Entities are then referred to in the
document source with
- <literal>&ENTITYNAME;</literal>. The
+ <literal>&</literal><replaceable>ENTITYNAME</replaceable><literal>;</literal>. The
most common use of entities are for
phrases like the current version of a
product or the product name.
9 years, 12 months