• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..03-May-2022-

build-aux/H24-Apr-2018-15,83412,297

contrib/H24-Apr-2018-540381

doc/H24-Apr-2018-13094

m4/H24-Apr-2018-10,4979,539

tests/H03-May-2022-2,7742,016

ykcore/H03-May-2022-3,3732,147

.gitignoreH A D04-Oct-20162.7 KiB156155

.travis.ymlH A D26-Oct-2015719 2726

69-yubikey.rulesH A D27-Nov-2014340 117

70-yubikey.rulesH A D27-Nov-2014378 96

AUTHORSH A D29-Jan-2016530 2617

COPYINGH A D10-Jan-20141.6 KiB3126

ChangeLogH A D24-Apr-2018139.7 KiB5,0442,824

INSTALLH A D17-Feb-201615.4 KiB371289

Makefile.amH A D11-Dec-20175.9 KiB185111

Makefile.inH A D03-May-202254.2 KiB1,4291,247

NEWSH A D24-Apr-201818.1 KiB610369

READMEH A D11-Dec-20178.2 KiB286217

aclocal.m4H A D20-Apr-201843.5 KiB1,2271,117

build-and-test.shH A D24-Oct-20171.1 KiB4637

configureH A D20-Apr-2018522.9 KiB17,67114,896

configure.acH A D20-Apr-20188.5 KiB244212

hmac.cH A D09-Jan-20145.9 KiB23362

libykpers-1.mapH A D20-Apr-20186.5 KiB282262

sha-private.hH A D03-Feb-2014901 3011

sha.hH A D03-Feb-20149.5 KiB262136

sha1.cH A D03-Feb-201412.1 KiB428189

sha224-256.cH A D03-Feb-201417.2 KiB591242

sha384-512.cH A D03-Feb-201435.8 KiB1,037560

usha.cH A D03-Feb-20146.1 KiB256121

ykchalresp.1H A D29-Sep-20163.8 KiB144119

ykchalresp.1.adocH A D09-Sep-20162.2 KiB8351

ykchalresp.cH A D18-Jan-20188.7 KiB373298

ykinfo.1H A D29-Sep-20163.2 KiB132107

ykinfo.1.adocH A D09-Sep-20161.7 KiB7445

ykinfo.cH A D16-Jan-20187.5 KiB337279

ykpbkdf2.cH A D01-Jan-19703.1 KiB9857

ykpbkdf2.hH A D01-Jan-19702.1 KiB5621

ykpers-1.pc.inH A D24-Jun-2013293 1210

ykpers-args.cH A D20-Apr-201828.6 KiB977860

ykpers-args.hH A D03-May-20222.3 KiB6021

ykpers-json.cH A D03-May-20229.9 KiB326259

ykpers-json.hH A D01-Jan-19701.8 KiB4812

ykpers-nojson.cH A D19-Apr-20131.7 KiB4812

ykpers-version.cH A D01-Jan-19703.6 KiB13173

ykpers-version.hH A D20-Apr-20183 KiB9115

ykpers-version.h.inH A D01-Jan-19703.1 KiB9180

ykpers.cH A D20-Apr-201830.3 KiB1,201992

ykpers.hH A D01-Jan-19709.2 KiB214144

ykpers4mac.mkH A D04-Oct-20165.9 KiB11379

ykpers4win.mkH A D04-Oct-20164.1 KiB10063

ykpers_lcl.cH A D23-Oct-20176.2 KiB8953

ykpers_lcl.hH A D01-Jan-19703.4 KiB9855

ykpersonalize.1H A D24-Apr-201816.4 KiB597570

ykpersonalize.1.adocH A D24-Apr-201813.3 KiB420263

ykpersonalize.cH A D20-Apr-201811.6 KiB455382

README

1Installation of the Yubikey Personalization package
2===================================================
3
4Yubikey Personalization
5-----------------------
6
7The YubiKey Personalization package contains a library and command
8line tool used to personalize (i.e., set a AES key) YubiKeys.
9
10Documentation
11-------------
12
13The complete reference manual on the YubiKey is required reading if
14you want to understand the entire picture and what each parameter
15does.  Download it from http://www.yubico.com/
16
17Dependencies
18------------
19
20Getting and installing dependencies depends on your operating systems,
21we give example for some flavours.  If you know how to install
22dependencies on other systems, let us know.  Debian hints should apply
23to Debian derivatives as well, including Ubuntu.
24
25Yubico-c is needed, see: https://developers.yubico.com/yubico-c/
26
27  Debian:           apt-get install libyubikey-dev
28  Fedora:           dnf install libyubikey-devel
29
30Pkg-config simplify finding other dependencies, see:
31http://www.freedesktop.org/wiki/Software/pkg-config
32
33  Debian:           apt-get install pkg-config
34
35Yubikey-personalization depends on libusb or libusb-1, so you will
36have to get it.  We recommend using libusb-1.
37
38  Debian libusb-1:  apt-get install libusb-1.0-0-dev
39  Debian libusb:    apt-get install libusb-dev
40  Fedora:           dnf install libusb-devel
41
42The JSON library is an optional dependency, see:
43https://github.com/json-c/json-c/wiki
44
45  Debian:           apt-get install libjson0-dev
46
47You need json-c version 0.10 or later to get pretty printing of JSON
48output.  This project will build with version 0.9 too, but will not
49pretty print the JSON output.
50
51License
52-------
53
54The project is licensed under a BSD license.  See the file COPYING for
55exact wording.  For any copyright year range specified as YYYY-ZZZZ in
56this package note that the range specifies every single year in that
57closed interval.
58
59Building from Git
60-----------------
61
62Skip to the next section if you are using an official packaged
63version.
64
65You may check out the sources using Git with the following command:
66
67-----------
68  git clone https://github.com/Yubico/yubikey-personalization.git
69-----------
70
71This will create a directory 'yubikey-personalization'.  Enter the directory:
72
73-----------
74  cd yubikey-personalization
75-----------
76
77
78When building from source Yubikey-personaliztion depends on link:http://asciidoc.org/INSTALL.html[asciidoc] to build its manpage.
79
80Autoconf, automake and libtool must be installed.
81
82Generate the build system using:
83
84-----------
85  autoreconf --install
86-----------
87
88Building
89--------
90
91The build system uses Autoconf, to set up the build system run:
92
93-----------
94  ./configure
95-----------
96
97Then build the code, run the self-test and install the binaries:
98
99-----------
100  make check install
101-----------
102
103Using
104-----
105
106WARNING: By using this tool you will destroy the AES key in your
107YubiKey.  This prevents it from being useful against Yubico's
108validation server.  It is possible to upload a new AES key to Yubico,
109using a random YubiKey prefix, to restore it.  But it is not possible
110to get back your old yubikey prefix if you decide to re-program your
111YubiKey.
112
113IMPORTANT: When running any of the utils that need to access the YubiKey
114you will either need to run as root, or you will have to have made sure
115that the current user has permission to access the device. These
116permissions can be set up by copying the udev rules files
117(https://github.com/Yubico/yubikey-personalization/blob/master/69-yubikey.rules[69-yubikey.rules]
118and https://github.com/Yubico/yubikey-personalization/blob/master/70-yubikey.rules[70-yubikey.rules]) to /etc/udev/rules.d/
119
120With that out of the way, here is how you would program a YubiKey with
121an all-zero AES key and a dummy prefix:
122
123-----------
124$ ./ykpersonalize -1 -ofixed=cccccccccccc -a00000000000000000000000000000000
125Firmware version 1.3.1 Touch level 9840 Program sequence 10
126Configuration data to be written to key configuration 1:
127
128fixed: m:cccccccccccc
129uid: h:000000000000
130key: h:00000000000000000000000000000000
131acc_code: h:000000000000
132ticket_flags: APPEND_CR
133config_flags:
134
135Commit? (y/n) [n]: y
136$
137-----------
138
139Using the "ykparse" tool from the yubico-c package, you can check that
140the OTPs are correct.  For example:
141
142-----------
143$ ykparse 00000000000000000000000000000000 ccccccccccccdkrkedgchtlfefghcekefhlifbchijrd
144warning: overlong token, ignoring prefix: cccccccccccc
145Input:
146  token: dkrkedgchtlfefghcekefhlifbchijrd
147          29 c9 32 50 6d a4 34 56 03 93 46 a7 41 06 78 c2
148  aeskey: 00000000000000000000000000000000
149          00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150Output:
151          00 00 00 00 00 00 01 00 53 ea 63 00 6f 9e c4 24
152
153Struct:
154  uid: 00 00 00 00 00 00
155  counter: 1 (0x0001)
156  timestamp (low): 59987 (0xea53)
157  timestamp (high): 99 (0x63)
158  session use: 0 (0x00)
159  random: 40559 (0x9e6f)
160  crc: 9412 (0x24c4)
161
162Derived:
163  cleaned counter: 1 (0x0001)
164  modhex uid: cccccccccccc
165  triggered by caps lock: no
166  crc: F0B8
167  crc check: ok
168$
169-----------
170
171To program a YubiKey in static mode, you use the -ostatic-ticket flag
172as follows:
173
174-----------
175$  ./ykpersonalize -1 -ofixed=cccccccccccc -a00000000000000000000000000000000 -ostatic-ticket
176Firmware version 1.3.1 Touch level 9856 Program sequence 11
177Configuration data to be written to key configuration 1:
178
179fixed: m:cccccccccccc
180uid: h:000000000000
181key: h:00000000000000000000000000000000
182acc_code: h:000000000000
183ticket_flags: APPEND_CR
184config_flags: STATIC_TICKET
185
186Commit? (y/n) [n]: y
187$
188-----------
189
190To program a YubiKey in static mode with a strongly looking password
191(i.e., also containing numeric and upper case letters), you use the
192-ostatic-ticket flag together with -ostrong-pw1 and -ostrong-pw2 (note
193YubiKey 2.0 only!) as follows:
194
195-----------
196$  ./ykpersonalize -1 -ofixed=cccccccccccc -a00000000000000000000000000000000 -ostatic-ticket -ostrong-pw1 -ostrong-pw2
197Firmware version 2.0.0 Touch level 1792 Program sequence 3
198Configuration data to be written to key configuration 1:
199
200fixed: m:cccccccccccc
201uid: h:000000000000
202key: h:00000000000000000000000000000000
203acc_code: h:000000000000
204ticket_flags: APPEND_CR
205config_flags: STATIC_TICKET|STRONG_PW1|STRONG_PW2
206
207Commit? (y/n) [n]: y
208$
209-----------
210
211Alternatively on a YubiKey 2.0, you can program the second configuration, which
212defaults to be the static key configuration:
213
214-----------
215$  ./ykpersonalize -2 -ofixed=cccccccccccc -a00000000000000000000000000000000
216Firmware version 2.0.0 Touch level 1792 Program sequence 3
217Configuration data to be written to key configuration 2:
218
219fixed: m:cccccccccccc
220uid: h:000000000000
221key: h:00000000000000000000000000000000
222acc_code: h:000000000000
223ticket_flags: APPEND_CR
224config_flags: STATIC_TICKET|STRONG_PW1|STRONG_PW2
225
226Commit? (y/n) [n]: y
227$
228-----------
229
230To program a YubiKey with a lock code (to prevent others from easily
231reprogramming it), you use the -oaccess= flag as follows:
232
233-----------
234$ ./ykpersonalize -1 -ofixed=vvvecdcedvjj -a00000000000000000000000000000000 -oaccess=001100001100
235Firmware version 2.0.0 Touch level 1792 Program sequence 3
236Configuration data to be written to key configuration 1:
237
238fixed: m:vvvecdcedvjj
239uid: h:000000000000
240key: h:00000000000000000000000000000000
241acc_code: h:001100001100
242ticket_flags: APPEND_CR
243config_flags:
244
245Commit? (y/n) [n]: y
246$
247-----------
248
249To re-program a YubiKey that has a lock code set, you use the
250-cXXX.. flag as follows:
251
252-----------
253$ ./ykpersonalize -1 -c001100001100 -ofixed=vvvecdcedvjj -a00000000000000000000000000000000 -oaccess=001100223300
254Firmware version 2.0.0 Touch level 1792 Program sequence 3
255Configuration data to be written to key configuration 1:
256
257fixed: m:vvvecdcedvjj
258uid: h:000000000000
259key: h:00000000000000000000000000000000
260acc_code: h:001100223300
261ticket_flags: APPEND_CR
262config_flags:
263
264Commit? (y/n) [n]: y
265$
266-----------
267
268To disable the lock code on a YubiKey, program it with a lock code set
269to zeros.  For example:
270
271-----------
272$ ./ykpersonalize -1 -c001100001133 -ofixed=vvvecdcedvjj -a00000000000000000000000000000003 -oaccess=000000000000
273Firmware version 2.0.0 Touch level 1792 Program sequence 7
274Configuration data to be written to key configuration 1:
275
276fixed: m:vvvecdcedvjj
277uid: h:000000000000
278key: h:00000000000000000000000000000000
279acc_code: h:000000000000
280ticket_flags: APPEND_CR
281config_flags:
282
283Commit? (y/n) [n]: y
284$
285-----------
286