#Enable the pcsd daemon
sudo systemctl enable pcscd

#Reset gpg admin and regla PIN
ykman openpgp reset

#Otherwise there are commands that are not working
ykman config mode ccid

#change the retries
ykman openpgp access set-retries 11 11 11

#See gpg card status
gpg --card-status

#Edit user specific stuff
gpg --card-edit


#use  kleopatra to export open pgp keys to yubi
#use kleopatra for openpgp work

 
# you can use yubico-piv-tool cli instead of yubikey manager
#use yubikey manager to configure PIV certificates for authentication, digital signatures and key management
#use RSA algorithm for the certificates

#Export certificate from yubikey manager
#Extract public key from certificate with:

openssl x509 -pubkey -noout -in cert.pem  > pubkey.pem

#sign document like:
yubico-piv-tool -a verify-pin --sign -s 9c -H SHA512 -A RSA2048 -i puzzle.pdf -o puzzle.pdf.sig

#check document like:
openssl dgst -sha512 -verify pubkey.pem -signature puzzle.pdf.sig puzzle.pdf

# Dump PIV public keys
ssh-keygen -D /usr/lib/libykcs11.so -e

#Login on ssh server with yubi
ssh -I /usr/lib/libykcs11.so motoras@ctrl-c.club