Merge remote-tracking branch 'wiki/master'

8d7a0ac4 · anarcat · 4ff73083 · c4207d84 · 8d7a0ac4
Verified Commit 8d7a0ac4 authored 1 year ago by anarcat
--- a/howto/yubikey.md
+++ b/howto/yubikey.md
@@ -441,7 +441,8 @@ first PIN:
 This will prompt you for the current PIN. The factory default is
 `123456` (yes, just like the combination on someone's luggage).

-Also set the Admin PIN in that way:
+You will want to also set the Admin PIN, but the default is slightly different
+from the previous one, it is `12345678`:

    gpg/card> passwd
    gpg: OpenPGP card no. [REDACTED] detected
@@ -770,18 +771,21 @@ from the backups.
 
        gpg --import $BACKUP_DIR/public.key

- 3. confirm GnuPG can see the secret keys:
+ 3. confirm GnuPG can not see any secret keys:
 
        gpg --list-secret-keys

-    you should not see any `Card serial no.`, `sec>`, or `ssb>` in
-    there. If so, it might be because GnuPG got confused and still
-    thinks the old key is plugged in.
+    you should not see any result from this command.

 4. then, crucial step, restore the private key and subkeys:

        gpg --decrypt $BACKUP_DIR/gnupg-backup.tar.pgp | tar -x -f - --to-stdout | gpg --import

+ 5. confirm GnuPG can see the secret keys:
+    you should not see any `Card serial no.`, `sec>`, or `ssb>` in
+    there. If so, it might be because GnuPG got confused and still
+    thinks the old key is plugged in.
+
 5. then go through the `keytocard` process again, which is basically:
 
        gpg --edit-key $FINGERPRINT
@@ -793,7 +797,6 @@ from the backups.
        key 1
        keytocard
        key 2
-        key 1
        keytocard

 At this point the new key should be a good copy of the previous