closes drduh#19 Multiple Yubikeys and mac dependencies

* Adding part descriping how to use multiple Yubikey with same keyset.
* Changed from `ykpers` to `ykman` as it is more feature complete.
* Added `pinentry-mac` which is preferable as it works with GUI.

README.md

@@ -14,49 +14,50 @@ If you have a comment or suggestion, please open an [issue](https://github.com/d
 
 - [Purchase YubiKey](#purchase-yubikey)
 - [Install required software](#install-required-software)
-  - [Install - Linux](#install---linux)
-  - [Install - macOS](#install---macos)
+    - [Install - Linux](#install---linux)
+    - [Install - macOS](#install---macos)
 - [Creating keys](#creating-keys)
-  - [Create temporary working directory for GPG](#create-temporary-working-directory-for-gpg)
-  - [Create configuration](#create-configuration)
-  - [Create master key](#create-master-key)
-  - [Save Key ID](#save-key-id)
-  - [Create subkeys](#create-subkeys)
-    - [Signing key](#signing-key)
-    - [Encryption key](#encryption-key)
-    - [Authentication key](#authentication-key)
-  - [Check your work](#check-your-work)
-  - [Export keys](#export-keys)
-  - [Back up everything](#back-up-everything)
-  - [Configure YubiKey](#configure-yubikey)
-  - [Configure smartcard](#configure-smartcard)
-    - [Change PINs](#change-pins)
-    - [Set card information](#set-card-information)
-  - [Transfer keys](#transfer-keys)
-    - [Signature key](#signature-key)
-    - [Encryption key](#encryption-key-1)
-    - [Authentication key](#authentication-key-1)
-  - [Check your work](#check-your-work-1)
-  - [Export public key](#export-public-key)
-  - [Finish](#finish)
+    - [Create temporary working directory for GPG](#create-temporary-working-directory-for-gpg)
+    - [Create configuration](#create-configuration)
+    - [Create master key](#create-master-key)
+    - [Save Key ID](#save-key-id)
+    - [Create subkeys](#create-subkeys)
+        - [Signing key](#signing-key)
+        - [Encryption key](#encryption-key)
+        - [Authentication key](#authentication-key)
+    - [Check your work](#check-your-work)
+    - [Export keys](#export-keys)
+    - [Back up everything](#back-up-everything)
+    - [Configure YubiKey](#configure-yubikey)
+    - [Configure smartcard](#configure-smartcard)
+        - [Change PINs](#change-pins)
+        - [Set card information](#set-card-information)
+    - [Transfer keys](#transfer-keys)
+        - [Signature key](#signature-key)
+        - [Encryption key](#encryption-key)
+        - [Authentication key](#authentication-key)
+    - [Check your work](#check-your-work)
+    - [Export public key](#export-public-key)
+    - [Finish](#finish)
 - [Using keys](#using-keys)
-  - [Create GPG configuration](#create-gpg-configuration)
-  - [Import public key](#import-public-key)
-  - [Insert YubiKey](#insert-yubikey)
-  - [GnuPG](#gnupg)
-    - [Trust master key](#trust-master-key)
-    - [Encryption](#encryption)
-    - [Decryption](#decryption)
-    - [Signing](#signing)
-    - [Verifying signature](#verifying-signature)
-  - [SSH](#ssh)
-    - [Update configuration](#update-configuration)
-    - [Replace ssh-agent with gpg-agent](#replace-ssh-agent-with-gpg-agent)
-    - [Copy public key to server](#copy-public-key-to-server)
-    - [Connect with public key authentication](#connect-with-public-key-authentication)
-  - [Requiring touch to authenticate](#requiring-touch-to-authenticate)
+    - [Create GPG configuration](#create-gpg-configuration)
+    - [Import public key](#import-public-key)
+    - [Insert YubiKey](#insert-yubikey)
+    - [GnuPG](#gnupg)
+        - [Trust master key](#trust-master-key)
+        - [Encryption](#encryption)
+        - [Decryption](#decryption)
+        - [Signing](#signing)
+        - [Verifying signature](#verifying-signature)
+    - [SSH](#ssh)
+        - [Update configuration](#update-configuration)
+        - [Replace ssh-agent with gpg-agent](#replace-ssh-agent-with-gpg-agent)
+        - [Copy public key to server](#copy-public-key-to-server)
+        - [Connect with public key authentication](#connect-with-public-key-authentication)
+    - [Requiring touch to authenticate](#requiring-touch-to-authenticate)
+    - [Using multiple Yubikeys for same GPG-keyset](#using-multiple-yubikeys-for-same-gpg-keyset)
 - [Troubleshooting](#troubleshooting)
-  - [Yubikey OTP Mode and cccccccc....](#yubikey-otp-mode-and-cccccccc)
+    - [Yubikey OTP Mode and cccccccc....](#yubikey-otp-mode-and-cccccccc)
 - [References](#references)
 
 # Purchase YubiKey
@@ -1201,6 +1202,27 @@ To require a touch for the signing and encrypting keys as well:
 
 The Yubikey will blink when it's waiting for the touch.
 
+## Using multiple Yubikeys for same GPG-keyset
+
+To use multiple Yubikeys (backup etc.) with same GPG-keyset repeat part [Transfer keys](#transfer-keys) for each additional key.
+When executing `gpg --card-status` the inserted Yubikeys serial number will be associated to the secret stub-keys. If another Yubikey with different serial number is used after that this error will be showned:
+
+`Please insert the car with serialn number: [Assosiated serial number]`
+
+The way around this is to remove the old assisiation by deleting the files holding it and run `gpg --card-status` again. To make this handy use the script below when connected a new Yubikey. The script need to be configured to match your key and having correct path to the `gpg` executeable. The key filename can be found by using `gpg --with-keygrip -K`, look for "keygrip =" and compare it to files found in `~/.gnupg/private-keys-v1.d/`
+
+```
+#!/bin/bash
+{
+    rm -f $HOME/.gnupg/private-keys-v1.d/0C558EE519B341230EF65701417EA4F28923C8A9.key
+    rm -f $HOME/.gnupg/private-keys-v1.d/A990724831E335742BCC8AA9250E84DC3BFE57B1.key
+    rm -f $HOME/.gnupg/private-keys-v1.d/0FBBC5529516A105C72C69BB56D7B5AA458A82EE.key
+    killall ssh-agent gpg-agent
+    /usr/local/bin/gpg --card-status
+    ssh-add -L
+} &> log.txt
+```
+
 # Troubleshooting
 
 - If you don't understand some option, read `man gpg`.