deon/gnuk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add explanation for gnuk-personalization.rst

Browse Source
This commit is contained in:
NIIBE Yutaka
2012-11-12 10:44:44 +09:00
parent b9772265cf
commit f6df7701f9
2 changed files with 26 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
doc/__update_web Normal file
View File

@@ -0,0 +1,3 @@
cd _build
rsync -rntpv html/ atom.fsij.org:/home/fsij/gnuk-doc-html/
rsync -rtpv html/ atom.fsij.org:/home/fsij/gnuk-doc-html/

24
doc/gnuk-personalization.rst
View File

@@ -33,7 +33,22 @@ It shows the status of the card (as same as the output of ``gpg --card-status``)
Then, GnuPG enters its own command interaction mode. The prompt is ``gpg/card>``.
Firstly, I change PIN of card user from factory setting (of "123456"). Note that, only changing PIN of user enables "admin less mode" of Gnuk. Admin password will become same one of user's. ::
In the OpenPGPcard specification, there are two passwords: one is
user-password and another is admin-password. In the specification,
user-password is refered as PW1, and admin-password is refered as PW3.
Note that people sometimes use different words than "password" to
refer same thing, in GnuPG and its applications. For example, the
output explained above includes the word "PIN" (Personal
Identification Number), and the helper program for input is named
"pinentry". Note that it is OK (and recommended) to include
characters other than digits for the case of OpenPGPcard.
Besides, some people sometimes prefer the word "passphrase" to
"password", as it can encourage to have longer string, but it means
same thing and it just refer user-password or admin-password.
Firstly, I change PIN of card user from factory setting (of "123456"). Note that, by only changing user's PIN, it enables "admin less mode" of Gnuk. "Admin less mode" means that admin password will become same one of user's. That is, PW1 = PW3. Note that *the length of PIN should be more than (or equals to) 8* for "admin less mode". ::
gpg/card> passwd
gpg: OpenPGP card no. D276000124010200F517000000010000 detected
@@ -48,6 +63,13 @@ Firstly, I change PIN of card user from factory setting (of "123456"). Note tha
Repeat this PIN: <PASSWORD-OF-GNUK>
PIN changed.
The "admin less mode" is Gnuk only feature, not defined in the
OpenPGPcard specification. By using "admin less mode", there will be
only a sigle password to memorize, and it will be easier if a token
is used by an individual.
(If you want normal way ("admin full mode" in Gnuk's term), that is, user-password *and* admin-password independently, please change admin-password at first. Then, the token works as same as OpenPGPcard specification with regards to PW1 and PW3.)
Secondly, enabling admin command, I put name of mine. Note that I input user's PIN (which I set above) here, because it is "admin less mode". ::
gpg/card> admin