Clarify significance of the age identity file
Replaces str4d/age-plugin-yubikey#122.
This commit is contained in:
@@ -52,7 +52,12 @@ YubiKey:
|
||||
|
||||
## Configuration
|
||||
|
||||
There are two ways to configure a YubiKey as an `age` identity. You can run the
|
||||
`age-plugin-yubikey` identities have two parts:
|
||||
- The secret key material, which is stored inside a YubiKey.
|
||||
- An age identity file, which contains information that an age client can use to
|
||||
figure out which YubiKey secret key should be used.
|
||||
|
||||
There are two ways to configure a YubiKey as an age identity. You can run the
|
||||
plugin binary directly to use a simple text interface, which will create an age
|
||||
identity file:
|
||||
|
||||
@@ -78,6 +83,14 @@ Once an identity has been created, you can regenerate it later:
|
||||
$ age-plugin-yubikey --identity [--serial SERIAL] --slot SLOT
|
||||
```
|
||||
|
||||
To use the identity with an age client, it needs to be stored in a file. When
|
||||
using the above programmatic flags, you can do this by redirecting standard
|
||||
output to a file. On a Unix system like macOS or Ubuntu:
|
||||
|
||||
```
|
||||
$ age-plugin-yubikey --identity --slot SLOT > yubikey-identity.txt
|
||||
```
|
||||
|
||||
## Usage
|
||||
|
||||
The age recipients contained in all connected YubiKeys can be printed on
|
||||
|
||||
Reference in New Issue
Block a user