Windows管理Nitrokey Pro使用Gpg4win(https://gpg4win.org/),此工具会自动安装GnuPG,设置Nitrokey Pro信息的时候会用到GnuPG的命令行工具。
GnuPG命令行说明
gpg --card-status 查看智能卡状态
gpg --card-edit 编辑智能卡
fetch 可以从设置的url中获取公钥
admin 显示管理命令
passwd 可以修改PIN与Admin PIN码
gpg --export-ssh-key ************************* 导出ssh用的公钥(符合ssh的规范)
设置记录
默认PIN(用于日常操作,如解锁令牌,签名和加解密等):123456
默认Admin PIN:12345678
重置码:(*******************)用户重置PIN
name: myname
url: http://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0xF83BB3599EF21740 (用ubuntu的速度比较快)
lang: cn
sex: M
login: username
换到其它电脑上使用Nitrokey Pro时候,要先导入对应的公钥,否则gpg无法使用Nitrokey Pro。
如果忘了Nitrokey Pro的密码官方提供了一个工具(CryptoStickReset.exe),可以初始化(很彻底和新买的一样)。
参考
https://raymii.org/s/articles/Nitrokey_Start_Getting_started_guide.html
https://www.nitrokey.com/de/putty
--------------------------------其它--------------------------------
修改信任
$ gpg --edit-key <Uid>
gpg (GnuPG) 1.4.11; Copyright (C) 2010 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
pub 1024D/6EDA5E6F created: 2013-08-29 expires: never usage: SCA
trust: full validity: unknown
sub 1024g/32E0CB1C created: 2013-08-29 expires: never usage: E
[ unknown] (1). <Uid>
gpg> trust
pub 1024D/6EDA5E6F created: 2013-08-29 expires: never usage: SCA
trust: full validity: unknown
sub 1024g/32E0CB1C created: 2013-08-29 expires: never usage: E
[ unknown] (1). <Uid>
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y
pub 1024D/6EDA5E6F created: 2013-08-29 expires: never usage: SCA
trust: ultimate validity: unknown
sub 1024g/32E0CB1C created: 2013-08-29 expires: never usage: E
[ unknown] (1). <Uid>
Please note that the shown key validity is not necessarily correct
unless you restart the program.
gpg> quit
将以有密钥导入到Nitrokey Pro中
$ gpg --edit-key 559C215F
gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
pub 1024D/559C215F created: 2009-05-04 expires: never usage: SC
trust: ultimate validity: ultimate
sub 2048g/5457F4E7 created: 2009-05-04 expires: never usage: E
sub 1024R/E1D9B30D created: 2009-05-13 expires: never usage: S
sub 1024R/EDDA691E created: 2009-05-13 expires: never usage: E
[ultimate] (1). Martin Gollowitzer (Testing environment) <[email protected]>
Command> toggle
sec 1024D/559C215F created: 2009-05-04 expires: never
ssb 2048g/5457F4E7 created: 2009-05-04 expires: never
ssb 1024R/E1D9B30D created: 2009-05-13 expires: never
ssb 1024R/EDDA691E created: 2009-05-13 expires: never
(1) Martin Gollowitzer (Testing environment) <[email protected]>
Command> key 2
sec 1024D/559C215F created: 2009-05-04 expires: never
ssb 2048g/5457F4E7 created: 2009-05-04 expires: never
ssb* 1024R/E1D9B30D created: 2009-05-13 expires: never
ssb 1024R/EDDA691E created: 2009-05-13 expires: never
(1) Martin Gollowitzer (Testing environment) <[email protected]>
Command> keytocard
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
Please select where to store the key:
(1) Signature key
(3) Authentication key
Your selection? 1
You need a passphrase to unlock the secret key for
user: "Martin Gollowitzer (Testing environment) <[email protected]>"
1024-bit RSA key, ID E1D9B30D, created 2009-05-13
gpg: generating new key
gpg: 3 Admin PIN attempts remaining before card is permanently locked
Admin PIN
sec 1024D/559C215F created: 2009-05-04 expires: never
ssb 2048g/5457F4E7 created: 2009-05-04 expires: never
ssb* 1024R/E1D9B30D created: 2009-05-13 expires: never
card-no: 0001 00000229
ssb 1024R/EDDA691E created: 2009-05-13 expires: never
(1) Martin Gollowitzer (Testing environment) <[email protected]>
Command> key 2
sec 1024D/559C215F created: 2009-05-04 expires: never
ssb 2048g/5457F4E7 created: 2009-05-04 expires: never
ssb 1024R/E1D9B30D created: 2009-05-13 expires: never
card-no: 0001 00000229
ssb 1024R/EDDA691E created: 2009-05-13 expires: never
(1) Martin Gollowitzer (Testing environment) <[email protected]>
Command> key 3
sec 1024D/559C215F created: 2009-05-04 expires: never
ssb 2048g/5457F4E7 created: 2009-05-04 expires: never
ssb 1024R/E1D9B30D created: 2009-05-13 expires: never
card-no: 0001 00000229
ssb* 1024R/EDDA691E created: 2009-05-13 expires: never
(1) Martin Gollowitzer (Testing environment) <[email protected]>
Command> keytocard
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
Please select where to store the key:
(2) Encryption key
Your selection? 2
You need a passphrase to unlock the secret key for
user: "Martin Gollowitzer (Testing environment) <[email protected]>"
1024-bit RSA key, ID EDDA691E, created 2009-05-13
gpg: generating new key
sec 1024D/559C215F created: 2009-05-04 expires: never
ssb 2048g/5457F4E7 created: 2009-05-04 expires: never
ssb 1024R/E1D9B30D created: 2009-05-13 expires: never
card-no: 0001 00000229
ssb* 1024R/EDDA691E created: 2009-05-13 expires: never
card-no: 0001 00000229
(1) Martin Gollowitzer (Testing environment) <[email protected]>
Command> save