= YubiKey NEO OpenPGP Applet configuration

== Introduction

To configure the OpenPGP applet on a YubiKey NEO you can use GnuPG.

== Prerequisites

Make sure you have a recent YubiKey NEO firmware version, 3.1.8 or
later; use "lsusb -v" to find out.

Make sure the device is in OTP/CCID or CCID mode, use the YubiKey
personalization tool "ykpersonalize -m82" to switch.

Check that your libccid version is 1.4.10 or later so that
/etc/libccid_Info.plist contains the YubiKey USB PID/VID.

Check that your PCSCD setup is working.  Use "pcsc_scan" to check for
card readers, it should show "Yubikey NEO" somewhere in the output.

You need to use the GnuPG agent with scdaemon, and we recommend using
version 2.0.22 or later for full functionality.

Make sure you have the OpenPGP applet loaded properly.  (You may want
to set a proper Application ID, see herlo's ssh-gpg-smartcard-config
github repository.)  To check the applet version you may run:

....
 $ gpg-connect-agent --hex "scd apdu 00 f1 00 00" /bye 
 D[0000]  01 00 05 90 00                                     .....           
 OK
....

Where "01 00 05" means version 1.0.5.

== Example

The following demonstrate setting all the parameters in the OpenPGP
applet on a YubiKey NEO.

....
user@debian:~$ gpg --card-edit

Application ID ...: D2760001240102000060000000420000
Version ..........: 2.0
Manufacturer .....: unknown
Serial number ....: 00000042
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 0
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]

gpg/card> admin
Admin commands are allowed

gpg/card> passwd
gpg: OpenPGP card no. D2760001240102000060000000420000 detected

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

Your selection? 3
PIN changed.

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

Your selection? 1
PIN changed.

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

Your selection? q

gpg/card> name
Cardholder's surname: Josefsson
Cardholder's given name: Simon

gpg/card> lang
Language preferences: sv

gpg/card> url
URL to retrieve public key: https://josefsson.org/1c5c4717.txt

gpg/card> sex
Sex ((M)ale, (F)emale or space): m

gpg/card> login
Login data (account name): jas

gpg/card> 

Application ID ...: D2760001240102000060000000420000
Version ..........: 2.0
Manufacturer .....: unknown
Serial number ....: 00000042
Name of cardholder: Simon Josefsson
Language prefs ...: sv
Sex ..............: male
URL of public key : https://josefsson.org/1c5c4717.txt
Login data .......: jas
Signature PIN ....: forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 0
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]

gpg/card> quit
user@debian:~$ 
....
