This is an attempt to do a “quick start” guide for properly generating OpenPGP keys and loading them into your YubiKey NEO on Windows. This isn’t an all-exhaustive guide, and you more advanced users may choose to do things differently than I have demonstrated here. This is my way, and I know it works.
If you’re going to do anything with the OpenPGP functionality of the YubiKey NEO, you need the latest stable of Gpg4win, available here. You also need your NEO in CCID mode. See previous posts on this subject. Also note that the YubiKey NEO only supports 2048-bit keys. Larger keys will not work. Smaller keys may or may not work.
After following this guide, you will have an OpenPGP 2048-bit key pair with sub-keys for encryption and authentication, a revocation certificate, a backup of your keys, and the secret keys loaded on to the appropriate slots on the YubiKey NEO.
YubiCo’s guide to this process is posted here. When I walked through their guide I noticed it was missing some steps. So I wrote this guide to fill in the blanks and be more descriptive.
Generating your initial key pair
Open a command prompt and run:
gpg --expert --gen-key
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(7) DSA (set your own capabilities)
(8) RSA (set your own capabilities)
Your selection? 8
For ‘kind of key’, select 8 (RSA: Set your own capabilities)
Possible actions for a RSA key: Sign Certify Encrypt Authenticate
Current allowed actions: Sign Certify Encrypt
(S) Toggle the sign capability
(E) Toggle the encrypt capability
(A) Toggle the authenticate capability
Now you want to select ‘e’, so that you toggle off the encryption ability off, so that ‘Current allowed’ shows only Sign and Certify. Then select ‘q’ to move on.
Make sure you select a 2048 bit key, and then continue through the wizard to complete your key pair generation.
Take note of your 8-character key ID. You will need it for future steps.
Adding the sub-keys
You need to add two sub-keys; one for encryption, and one for authentication.
From the command line, run (where keyID is your 8-character key ID) :
gpg --expert --edit-key keyID
Select 8 again, just like above, and then toggle abilities so you have an encryption-only key. Make sure you generate a 2048-bit key.
Repeat addkey one last time, and toggle abilities so you have an authentication-only key.
Then q to quit, and y to save changes.
Backing up the keys
Run each of the following commands to backup your public key, secret key, and to create a revocation certificate, where keyID is your 8-character key ID:
gpg --output public.asc -a --export keyID
gpg --output secret.asc -a --export-secret-key keyID
gpg --output revoke.asc -a --gen-revoke keyID
Moving the keys to the YubiKey
Run the following command:
gpg –expert –edit-key keyID
Then type toggle. You have sub-keys 1,and 2, and 0 represents the main key. For each of these sub-keys (1 and 2), type key subkey-number (such as key 1) to toggle handling that key, and then use keytocard to move it to your YubiKey. (after handling key 1, you have to type key 1 again to unselect it before selecting key 2). Keys 1 and 2 will only have one choice where to put them. Afterwards, type key 0 and keytocard it to the signature slot.
card errors: If you get a card error, IO error, or anything like that, quit gpg, saving any changes, quit Kleopatra, quit YubiCo Authenticator (if you’re running it), and then open Task Manager and kill any gpg-agent or gpg-* processes. Run this:
If this comes back with data (and not an error), then run this again and continue:
gpg –expert –edit-key key-ID
Integration with Putty / Pagent: This is something I haven’t explored yet, but this walk-through seems to deal with the topic quite well.
This is a continuation of my previous post on YubiKey.
In order for the most painless “Quick Start” of YubiKey on Windows, you will need a few tools:
First, the YubiKey NEO Manager, available here, will enable you to toggle the various modes (OTP, CCID, U2F) of your YubiKey on and off. Since the YubiKey ships with only OTP mode enabled, you will need this to turn on CCID (SmartCard) and U2F (Fido) mode. This will also let you check and verify the installed apps on your NEO, once you’ve enabled CCID mode. (Important: Check the version of your OpenPGP app. If it is 1.0.9 or lower, read this security advisory and take appropriate action).
Second, the YubiKey Personalization Tool, available here, will enable you to personalize the various configuration slots of your YubiKey. There are two slots available, and slot 1 is programmed with the YubiCo OTP (or RSA key, depending). It is strongly advised not to overwrite slot 1 unless you really know what you are doing. You can program slot 2 for whatever other implementation you would like. Please note that these two slots are independent of the applets that run on the CCID side of the card. Although that may be slightly confusing, it will be clear as you use your key.
Third, the YubiKey NEO contains the YubiOATH applet for generating those familiar 6-digit OTP codes that various websites use as two-factor authentication. Your YubiKey NEO can store many of those 6 digit codes and secrets in the key itself, but it requires the YubiOATH-desktop helper app, available here. This helper app is required because OATH codes are time-based, and the YubiKey has no internal clock. Also, this requires that CCID mode is enabled.
If you have anything to contribute, please do so in the comments below, or contact me using the form.
I have one of the 2nd generation YubiKeys, and I really liked it, but the new YubiKey NEOs have many new features, including PGP, OTP codes, U2F, NFC, etc. I liked the original YubiKey (although there aren’t too many places where you can use it), but the new YubiKey really interested me. So I got myself one.
One of the problems that I ran into was a lack of “Quick start” documentation for the various features of the YubiKey, such as OTP, PGP, etc. The documentation is either too vague, or too complicated.
I’m going to attempt to give some blog posts to help users get start with their YubiKeys in the same manner that I got started with mine, including the various features and such, to help you get up and running as quickly as possible, and with as few headaches as possible.
So, if you’re interested, subscribe and watch for new posts.
If you have an unlocked Windows Phone operating on Cricket Mobile, and are having issues sending or receiving MMS messages, change the settings of your phone to the below.
All Settings > cellular+SIM > View internet APN. Verify the following (ignore unlisted fields):
- APN: ndo
- Auth type: PAP
- IP type: IPv4
If settings differ from the above, go to SIM Settings > Manual Internet APN > edit internet APN, and enter as above. Leave any unlisted fields blank.
Next, tap edit MMS APN, and set as below:
- APN: ndo
- Auth type: PAP
- WAP gateway: proxy.aiowireless.net
- WAP gateway port: 80
- MMSC (URL): http://mmsc.aiowireless.net/
- MMSC port: 80
- Max MMS size: 10240
- IP type: IPv4 < (This setting wasn’t provided by Cricket, but the default of IPv4v6 will not work. It must be IPv4)
These settings were confirmed with Cricket prior to publishing. If you would rather contact Cricket to get the settings directly from them, you may do so.
Windows Phone visual voicemail is currently not supported on Cricket at this time. I recommend YouMail with the ISeeVM app as an alternative.
I’m sorry. Sort of. It’s not me, it’s you.
Amazon.com has been a longstanding favorite online shopping site of mine for quite a while. I have a number of other category-specific sites that I use (NewEgg, etc) for specific merchandise, but Amazon has been my general go-to for quite a while. Unfortunately, the last order I placed never made it to my door, and a little research has shown that not only is this a fairly common issue, but for me, it’s going to cause a huge issue with future orders. More than I’m comfortable with.
So my last order never made it to my door. When Amazon provide the tracking number, they provided a tracking number starting with TBA and a carrier of AMZN_US. There’s absolutely nowhere to track this package. And what’s laughable is they state AMZN_US as the carrier for Amazon Fresh.
After one “delayed” update, I wrote Amazon asking for tracking information one more time and instead of giving me any information, they gave me a partial refund. I wrote them again after it was updated to “delivered,” and they gave me a refund. No more questions asked.
After doing a bit of web-searching, it turns out that to save shipping costs, Amazon bulk ships to local warehouses and has couriers run the deliveries. That’s a bit of an issue, as my address doesn’t show correctly on any map. Apple maps, Google maps, Garmin GPS, nowhere. Anywhere you look will give you the wrong location. USPS, FedEx, UPS all get boxes to my door just fine. They know where the place is, but if you go by GPS you’ll never find it. I figured the courier would have called me, but no.
Amazon offered to replace the order via 2-day delivery, but Amazon Prime members have the same complaint — that packages aren’t making it to their doors. So that’s unreliable for me as well.
If Amazon would simply ship via a common carrier, each and every time, it would get delivered no problem. Or if they gave me a choice as to which carrier I wanted to use. No choice on carrier, just on delivery time. And since 2-day shipping is still sometimes run by courier, the “choice” is irrelevant.
I found out later that if you give a PO Box address, Amazon will ship via USPS. Great! Wonderful! I go out and get a PO Box, and put together another order for something I need for work, plus a few small other things to meet the add-on item requirement, and then I see this message as I’m going through checkout:
“Sorry, this item can’t be shipped to your selected address.”
That’s for two of the four items on my order. Not all the add-on items, only some of them. The two physically smallest things on my order can’t be shipped to a PO Box. They’re all shipped by Amazon.
So, Amazon, you can’t deliver a consistent shopping experience for me. Time to shop elsewhere.
First, a little background. I was on a Skype call a short time ago and noticed that Skype would randomly zoom in and zoom out during the call. It seemed to happen at random, and I couldn’t figure out why, nor could I find any way of controlling it.
My Asus T100’s camera does have a user-controllable zoom, but it is zoomed all the way out when this is happening. It does not have face-following, a feature commonly blamed for this issue in Skype.
Here’s a shot of the Video Settings dialog in Skype, for anyone interested.
After some digging around the web, I’ve found a logical chain of forum posts that seem to indicate what the issue is, and point to a potential fix.
First, this blog post from another user who had the same issue, and he worked around it by installing and using ManyCam. This did work to resolve the issue, but requires ManyCam be running and adds the extra resources that it requires. If you decide to go this route, I strongly recommend areful reading during the ManyCam installer. It’s full of add-ons.
Second, this thread on yCombinator suggests a few things: 1) That lack of bandwidth is causing Skype to switch the camera to a lower resolution, resulting in the zoom; and that 2) lack of movement in portions of the cameras image is causing it to zoom. Theory 1 seems more plausible.
Third, this post on the Skype forums suggests that Skype’s video resolution can be forced by editing an xml file. Quoted with edits:
It’s impossible to change either the capture or stream video resolution in the Skype GUI. But the capture resolution can be changed by adding for example this:<Video> <CaptureWidth>1280</CaptureWidth> <CaptureHeight>960</CaptureHeight> </Video>
directly under the
<Lib>tag in %AppData%\Skype\shared.xml. The other supported resolutions also work. Check that it works from Call -> Call Technical Info.
Of course, make sure that you are forcing a resolution that your camera supports, that your PC has enough processing power to support, and that you have sufficient bandwidth for. Otherwise, you will experience undesirable effects. 640×480 is a good choice for many. 1280×720 would require a webcam capable of 720p HD capture. A 1.2 MP camera could give a resolution of 1280×960.
I used 1280×960 above as my camera is 1.2 megapixel. However, in my Call Technical Info, my camera is capturing at 1280×720, and zoom is correct. In one instance the camera zoomed in, and the Call Technical Info showed that it was capturing at 240×360. The zoom is definitely connected to the capture resolution, but changing the xml settings does not guarantee that Skype will force the resolution under all (or any) circumstances.
I’m also going to add that this is directly targeted at Skype for Desktop, not the Windows 8 app. If you are able to try this, please let me know your results.
(I realize this is far from being a new thing, but I also know that some people don’t know how to do this, so I’m going to explain this for today’s lucky 10,000.)
I have a lot of very useful bookmarks, as I’m sure many of you readers do as well. I also tend to use more than one web browser. It’s a huge pain to constantly export/import bookmarks across browsers, back up favorites before re-installing an OS, etc. What if you could just have your favorites saved to disk, and use them however and whenever you wanted? That would be great.
Firefox and Chrome both have features where you can sync your bookmarks to their cloud services, but that only works with that one browser.
So, actually, you can save them to disk. And I’m not talking about saving the page to disk (via file > save). No. Not that. That saves the whole page and all of the content to your disk. No. I’m talking about saving just the link. Not in a text file, but in a simple file you can double-click to open in your web browser.
Sounds awesome, right? It is.
So here’s how you do it. In your favorite web browser, just locate the page favicon (that’s what that little icon next to the web address is called. It’s a favicon.) and drag it to your desktop, or other such folder. Screenshots below for Internet Explorer and Chrome:
Now you can save those files anywhere you want, even such places such as Dropbox, OneCloud, etc. Even a USB stick.
OneDrive users: If your link does something unexpected when you double-click on it (like trying to print), make sure it’s an Offline file. Right-click your link and select Make available offline. You can select multiple files and do this to many at once, or even an entire folder.
If you have an XBox 360 hooked up to your TV over HDMI, you very well may experience popping, crackling, or static sounds while playing games.
It took me a bit of Googling to find the solution to this problem. Most people think it’s bad HDMI ports, cables, interference, or other. When in fact, I found the simplest solution (and the correct one) was to go into the console settings, under sound, and notice that the XBox by default is configured for Dolby 5.1 surround sound. On a 2-speaker system, this is not correct and will result in distorted sound. Change this setting to digital stereo and that will solve the issue.
The Windows “Backup and Restore” utility that was present in the control panel in Windows 7 could easily do full-system bare-metal backup and restore. Unfortunately, this tool was removed from the control panel in Windows 8.
However, it looks like that tool is still present on the hard drive and can be used. Here’s how to find it.
Click Start, and in the search box, type SDCLT.EXE . Right-click the and click Run As Administrator.
As always, a test restore is good practice.
Comments are welcomed below!