dede/ykfde
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add backup note

Browse Source
This commit is contained in:
Sandro Keil
2018-09-23 14:44:57 +02:00
parent ffeae64b3b
commit 21e9421996
2 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
book/arch/03-prepare-yubikey.md
View File

@@ -13,7 +13,12 @@ make install
## Prepare 2nd slot
Now it's time to prepare the second slot of your YubiKey for the challenge response authentication. Touch will be also enabled.
Now it's time to prepare the second slot of your YubiKey for the [challenge response authentication](https://wiki.archlinux.org/index.php/yubikey#Challenge-Response "Setup YubiKey Challenge-Response").
Touch will be also enabled. You can also install the package `yubikey-personalization-gui`. It allows for customization of the secret key,
creation of secret key backup and writing the same secret key to multiple YubiKeys which allows for using them interchangeably for creating
same *ykfde* passphrases.
> Securely save the 20 byte length secret key from the output, so you can use it to initialize another YubiKey as backup.
```
ykpersonalize -v -2 -ochal-resp -ochal-hmac -ohmac-lt64 -ochal-btn-trig -oserial-api-visible

2
book/arch/05-install-arch.md
View File

@@ -75,7 +75,7 @@ sed -i "s/#YKFDE_CHALLENGE=/YKFDE_CHALLENGE=$YKFDE_CHALLENGE/g" /etc/ykde.conf
Check that the YubiKey challenge was successfully saved to `/etc/ykde.conf` with `cat /etc/ykde.conf`.
## mkinitcpio
The next step is to prepare the `mkinitcpio.conf` to encrypt the partition at boot. Open the file with
The next step is to prepare the `mkinitcpio.conf` to detect and unlock an encrypted partition at boot. Open the file with
`vi /etc/mkinitcpio.conf` and replace the *HOOKS* line with the following content.
> Don't add `encrypt` hook, because we ues ykfde and respect the order !!!