1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
== Importing and Exporting Data
The yubikey-val database holds client data as well as yubikey counter data
which you can import and export using the provided tools. As it is important
to protect the data, we will show you how to encrypt and decrypt these files
using GnuPG. You will therefor require a private key for both importing as
well as exporting (these can be the same keys, or differnent ones, depending
on if you are importing on the same system as you have exported from).
=== Client Info Data
The client data holds information about the clients that are able to use the
validation service, such as their ID and secret key. This data is stored in
the *clients* table of the database.
The information here covers exporting existing clients to a file, and importing
the clients from that file into another database. For generating clients, see
link:Generating_Clients.html[Generating Clients]
To export client data, you can use the following command (Replace C5B8D4EA with
the key of the recipient of the data):
....
user@val:~$ sudo ykval-export-clients | gpg -a --encrypt -r C5B8D4EA -s > yk-client-info.asc
You need a passphrase to unlock the secret key for
user: "YK-KSM import key"
2048-bit RSA key, ID C5B8D4EA, created 2013-01-28
user@val:~$
....
To import the client data exported above, you can use:
....
user@val:~$ gpg < yk-client-info.asc | sudo ykval-import-clients
You need a passphrase to unlock the secret key for
user: "YK-KSM import key"
2048-bit RSA key, ID 9372DC00, created 2013-01-28 (main key ID C5B8D4EA)
gpg: encrypted with 2048-bit RSA key, ID 9372DC00, created 2013-01-28
"YK-KSM import key"
gpg: Signature made Tue 29 Jan 2013 04:18:21 PM CET using RSA key ID C5B8D4EA
gpg: Good signature from "YK-KSM import key"
Successfully imported clients to database
user@val:~$
....
=== Yubikey Counter Data
The Yubikey counter data holds information about the state of the known
Yubikeys, such as their various counter values. This data is stored in the
*yubikeys* table of the database.
To export Yubikey counter data, you can use the following command (Replace
C5B8D4EA with the key of the recipient of the data):
....
user@val:~$ sudo ykval-export | gpg -a --encrypt -r C5B8D4EA -s > yk-counter-data.asc
You need a passphrase to unlock the secret key for
user: "YK-KSM import key"
2048-bit RSA key, ID C5B8D4EA, created 2013-01-28
user@val:~$
....
To import the counter data exported above, you can use:
....
user@val:~$ gpg < yk-counter-data.asc | sudo ykval-import
You need a passphrase to unlock the secret key for
user: "YK-KSM import key"
2048-bit RSA key, ID 9372DC00, created 2013-01-28 (main key ID C5B8D4EA)
gpg: encrypted with 2048-bit RSA key, ID 9372DC00, created 2013-01-28
"YK-KSM import key"
gpg: Signature made Tue 29 Jan 2013 04:18:21 PM CET using RSA key ID C5B8D4EA
gpg: Good signature from "YK-KSM import key"
Successfully imported yubikeys to database
user@val:~$
....
|
