The yubikey-val database holds client data as well as yubikey counter data which you can import and export using the provided tools. As it is important to protect the data, we will show you how to encrypt and decrypt these files using GnuPG. You will therefor require a private key for both importing as well as exporting (these can be the same keys, or differnent ones, depending on if you are importing on the same system as you have exported from).
The client data holds information about the clients that are able to use the validation service, such as their ID and secret key. This data is stored in the clients table of the database.
The information here covers exporting existing clients to a file, and importing the clients from that file into another database. For generating clients, see Generating Clients
To export client data, you can use the following command (Replace C5B8D4EA with the key of the recipient of the data):
user@val:~$ sudo ykval-export-clients | gpg -a --encrypt -r C5B8D4EA -s > yk-client-info.asc You need a passphrase to unlock the secret key for user: "YK-KSM import key" 2048-bit RSA key, ID C5B8D4EA, created 2013-01-28 user@val:~$
To import the client data exported above, you can use:
user@val:~$ gpg < yk-client-info.asc | sudo ykval-import-clients
You need a passphrase to unlock the secret key for
user: "YK-KSM import key"
2048-bit RSA key, ID 9372DC00, created 2013-01-28 (main key ID C5B8D4EA)
gpg: encrypted with 2048-bit RSA key, ID 9372DC00, created 2013-01-28
"YK-KSM import key"
gpg: Signature made Tue 29 Jan 2013 04:18:21 PM CET using RSA key ID C5B8D4EA
gpg: Good signature from "YK-KSM import key"
Successfully imported clients to database
user@val:~$
The Yubikey counter data holds information about the state of the known Yubikeys, such as their various counter values. This data is stored in the yubikeys table of the database.
To export Yubikey counter data, you can use the following command (Replace C5B8D4EA with the key of the recipient of the data):
user@val:~$ sudo ykval-export | gpg -a --encrypt -r C5B8D4EA -s > yk-counter-data.asc You need a passphrase to unlock the secret key for user: "YK-KSM import key" 2048-bit RSA key, ID C5B8D4EA, created 2013-01-28 user@val:~$
To import the counter data exported above, you can use:
user@val:~$ gpg < yk-counter-data.asc | sudo ykval-import
You need a passphrase to unlock the secret key for
user: "YK-KSM import key"
2048-bit RSA key, ID 9372DC00, created 2013-01-28 (main key ID C5B8D4EA)
gpg: encrypted with 2048-bit RSA key, ID 9372DC00, created 2013-01-28
"YK-KSM import key"
gpg: Signature made Tue 29 Jan 2013 04:18:21 PM CET using RSA key ID C5B8D4EA
gpg: Good signature from "YK-KSM import key"
Successfully imported yubikeys to database
user@val:~$