Added clearer recovery options

pull/291/head
Wheest 2020-07-25 17:25:45 +01:00 committed by Derek Gaffney
parent 31074ac13d
commit 77394c2773
No known key found for this signature in database
GPG Key ID: 1958E70E8A8B30BD
1 changed files with 8 additions and 1 deletions

View File

@ -2634,7 +2634,7 @@ To enable GnuPG support, one can just use the config file `gpg.rc` provided by m
If PIN attempts are exceeded, the card is locked and must be [reset](https://developers.yubico.com/ykneo-openpgp/ResetApplet.html) and set up again using the encrypted backup.
Copy the following script to a file and run `gpg-connect-agent --run $file` to lock and terminate the card. Then re-insert YubiKey to reset.
Copy the following script to a file and run `gpg-connect-agent -r $file` to lock and terminate the card. Then re-insert YubiKey to reset.
```console
/hex
@ -2664,6 +2664,13 @@ Reset code: NOT SET
Admin PIN: 12345678
```
# Recovery after reset
If for whatever reason you need to reinstate your YubiKey from your master key backup (such as the one stored on an encrypted USB described in [Backup keys](#backup-keys)), follow the following steps in [Rotating keys](#rotating-keys) to setup your environment, and then follow the steps of again [Configure Smartcard](#configure-smartcard).
Before you unmount your backup, ask yourself if you should make another one just in case.
# Notes
1. YubiKey has two configurations: one invoked with a short press, and the other with a long press. By default, the short-press mode is configured for HID OTP - a brief touch will emit an OTP string starting with `cccccccc`. If you rarely use the OTP mode, you can swap it to the second configuration via the YubiKey Personalization tool. If you *never* use OTP, you can disable it entirely using the [YubiKey Manager](https://developers.yubico.com/yubikey-manager) application (note, this not the similarly named older YubiKey NEO Manager).