Notes sur la configuration d’une clef yubikey sous Linux.

/etc/udev/rules.d/69-yubikey.rules

ACTION!="add|change", GOTO="yubico_end"

# Udev rules for letting the console user access the Yubikey USB
# device node, needed for challenge/response to work correctly.

# Yubico Yubikey II
ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0010|0110|0111|0116", \
ENV{ID_SECURITY_TOKEN}="1"

LABEL="yubico_end"

/etc/udev/rules.d/70-u2f.rules

ACTION!="add|change", GOTO="u2f_end"

KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120", TAG+="uaccess"

LABEL="u2f_end"

/etc/udev/rules.d/70-yubikey.rules

# Udev rules for letting the console user access the Yubikey USB
# device node, needed for challenge/response to work correctly.

ACTION=="add|change", SUBSYSTEM=="usb", \
  ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0010|0110|0111|0116", \
  TEST=="/var/run/ConsoleKit/database", \
  RUN+="udev-acl --action=$env{ACTION} --device=$env{DEVNAME}"

/etc/udev/rules.d/85-yubikey-screen-lock.rules

SUBSYSTEM=="usb", ACTION=="remove", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}="0111", RUN+="/usr/local/bin/yubikey-screen-lock enable"
SUBSYSTEM=="usb", ACTION=="remove", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0111", RUN+="/etc/init.d/pcscd stop"
#SUBSYSTEM=="usb", ACTION=="add", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0111", RUN+="/usr/local/bin/yubikey-screen-lock disable"
#SUBSYSTEM=="usb", ACTION=="remove", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}="0116", RUN+="/usr/local/bin/yubikey-screen-lock enable"
SUBSYSTEM=="usb", ACTION=="add", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0116", RUN+="/usr/local/bin/yubikey-screen-lock disable"
SUBSYSTEM=="usb", ACTION=="add", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0116", RUN+="/etc/init.d/pcscd start"

/etc/udev/rules.d/99-yubikeys.rules

SUBSYSTEMS=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0111", SYMLINK+="yubikey", OWNER="montfort"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0116", SYMLINK+="yubikey", OWNER="montfort"

udevadm control --reload-rules
udevadm trigger

gpg

kill -0 $(head -n 1 $XDG_RUNTIME_DIR/gpg-agent-info | cut -d: -f2)
gpg-agent --daemon --enable-ssh-support --write-env-file $XDG_RUNTIME_DIR/gpg-agent-info
eval  $($XDG_RUNTIME_DIR/gpg-agent-info)