Merge pull request #99 from nixbitcoin/verify-yubikey
Add Verify Yubikey section
This commit is contained in:
commit
fbeeea85a9
|
@ -7,6 +7,7 @@ Keys stored on YubiKey are non-exportable (as opposed to file-based keys that ar
|
||||||
If you have a comment or suggestion, please open an [issue](https://github.com/drduh/YubiKey-Guide/issues) on GitHub.
|
If you have a comment or suggestion, please open an [issue](https://github.com/drduh/YubiKey-Guide/issues) on GitHub.
|
||||||
|
|
||||||
- [Purchase YubiKey](#purchase-yubikey)
|
- [Purchase YubiKey](#purchase-yubikey)
|
||||||
|
- [Verify YubiKey](#verify-yubikey)
|
||||||
- [Live image](#live-image)
|
- [Live image](#live-image)
|
||||||
- [Required software](#required-software)
|
- [Required software](#required-software)
|
||||||
* [Entropy](#entropy)
|
* [Entropy](#entropy)
|
||||||
|
@ -67,6 +68,12 @@ All YubiKeys except the blue "security key" model are compatible with this guide
|
||||||
|
|
||||||
Consider purchasing a pair of YubiKeys, programming both, and storing one in a safe secondary location, in case of loss or damage to the first key.
|
Consider purchasing a pair of YubiKeys, programming both, and storing one in a safe secondary location, in case of loss or damage to the first key.
|
||||||
|
|
||||||
|
# Verify YubiKey
|
||||||
|
|
||||||
|
To confirm your YubiKey is genuine open Chrome and go to [https://www.yubico.com/genuine/](https://www.yubico.com/genuine/). Insert your Yubico device, and click Verify Device to begin the process. Touch the YubiKey when prompted, and if asked, allow it to see the make and model of the device. If you see "Verification complete", your device is authentic.
|
||||||
|
|
||||||
|
This website verifies the YubiKey's device attestation certificates signed by a set of Yubico CAs, and helps mitigate [supply chain attacks](https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/DEFCON-25-r00killah-and-securelyfitz-Secure-Tokin-and-Doobiekeys.pdf).
|
||||||
|
|
||||||
# Live image
|
# Live image
|
||||||
|
|
||||||
It is recommended to generate cryptographic keys and configure YubiKey from a secure environment to minimize exposure. One way to do that is by downloading and booting to a [Debian Live](https://www.debian.org/CD/live/) or [Tails](https://tails.boum.org/index.en.html) image loaded from a USB drive into memory.
|
It is recommended to generate cryptographic keys and configure YubiKey from a secure environment to minimize exposure. One way to do that is by downloading and booting to a [Debian Live](https://www.debian.org/CD/live/) or [Tails](https://tails.boum.org/index.en.html) image loaded from a USB drive into memory.
|
||||||
|
|
Loading…
Reference in New Issue