From 7f80bf0f4c6a3b47609ebc33ecd619d30bbd887c Mon Sep 17 00:00:00 2001
From: Patrick Spek <p.spek@tyil.nl>
Date: Sat, 8 Sep 2018 13:01:25 +0200
Subject: Update "Setting up PGP with a Yubikey"

---
 .../2018-09-04-setting-up-pgp-with-a-yubikey.adoc  | 36 +++++++++++++---------
 1 file changed, 22 insertions(+), 14 deletions(-)

(limited to '_posts')

diff --git a/_posts/2018-09-04-setting-up-pgp-with-a-yubikey.adoc b/_posts/2018-09-04-setting-up-pgp-with-a-yubikey.adoc
index 5dd279a..736efa6 100644
--- a/_posts/2018-09-04-setting-up-pgp-with-a-yubikey.adoc
+++ b/_posts/2018-09-04-setting-up-pgp-with-a-yubikey.adoc
@@ -32,7 +32,11 @@ distribution, some of it might already be installed. Everything not installed
 yet should be installed with your distribution's package manager.
 
 For encrypting the disk and the USB key, you will need `cryptsetup`. To
-generate and use the PGP keys, you will need `gpg`, at least version 2.0.12.
+generate and use the PGP keys, you will need `gpg`, at least version 2.0.12. To
+interface with the Yubikey itself, you'll need `pcsc-lite`, and start the
+service as well. It may be necessary to restart the `gpg-agent` after
+installing `pcsc-lite`, which you can do by simply killing the existing
+`gpg-agent` process. It restarts itself when needed.
 
 To securely remove the temporary data we need, you should make sure you have
 `secure-delete` available on your system as well.
@@ -356,27 +360,31 @@ full control of your identity.
 
 == Storing the private keys on the Yubikey
 
-The Yubikey has key slots for encryption, signing and authentication.
-These need to be set individually, which can be done using `gpg`. First, you
-need to select a key using the `key` command, then store it on the card using
-`keytocard` and finally deselect the key by using the `key` command again.
+The Yubikey has key slots for encryption, signing and authentication.  These
+need to be set individually, which can be done using `gpg`. First, you need to
+select a key using the `key` command, then store it on the card using
+`keytocard` and select a slot to store it in, then finally deselect the key by
+using the `key` command again.
 
 [source]
 ----
 gpg --edit-key $KEYID
 
-> key 1
-> keytocard
-> key 1
+gpg> key 1
+gpg> keytocard
+Your selection? 1
+gpg> key 1
 
-> key 2
-> keytocard
-> key 2
+gpg> key 2
+gpg> keytocard
+Your selection? 2
+gpg> key 2
 
-> key 3
-> keytocard
+gpg> key 3
+gpg> keytocard
+Your selection? 3
 
-> save
+gpg> save
 ----
 
 You can verify whether the keys are available on the Yubikey now using `gpg
-- 
cgit v1.1