We need to program the YubiKey using the YubiKey configuration utility. The YubiKey configuration utility (Yubico Personalization Tool v2.0 (Beta) ) and the user guide is available for download from the following link:http://www.yubico.com/developers/personalization/
In order to streamline the process for users who want to program their own AES keys in YubiKeys and still have a working key online Yubico have changed the process of handling AES Keys at the online validation server.
The summary of steps that we need to follow to change the YubiKey to OTP mode so that we can upload the AES Key and again validate the OTP with the online Yubico validation server is as follows:
1) Start the YubiKey configuration utility
2) From the "Select task" screen, select "Create a dynamic YubiKey configuration(OTP mode)" from "Programming the YubiKey" section
3) Select "Use a public identity" and set the desired length to 6. If you want to validate your OTP with the Yubico online validation server, you need to upload your new AES key and other details to the online Yubico validation server. The AES Key upload functionality is available at the following link:
The AES Key upload functionality requires the YubiKey Public ID aka public identity (first 12 characters of the OTP also known as YubiKey prefix) to start with "vv". To achieve this, please reprogram your YubiKey with the Public ID which start with "ff". For example, the YubiKey programmed with the Public ID "ff8598af0497" will generate a OTP with "vvjgkjlvcfki" prefix.
4) Select "Use a private identity" and enter the desired value in hex encoded format. Note down the selected hex encoded value as it is required while uploading the AES Key.
5) Select the desired AES Key and enter it in hex encoded format. Note down the selected hex encoded value as it is required while uploading the AES Key.
6) Do not select the following options from "Specify output parameters" screen if you want to validate the OTP with the online Yubico validation server. All other options are optional.
a) Send a TAB Character first
b) Send a (reference) string of all Modhex characters before the fixed part
c) Send a TAB character between the fixed part and the OTP part
d) Send a TAB character after the OTP part
e) Add a short delay before sending the OTP part
f) Add a short delay after sending the OTP part
g) Mix upper- and lower case
h) Mix characters and numeric digits
i) Send a special character as prefix
7) Specify the protection password if you want
8) From the "Programming", select the "Write to configuration 1" if you want to change the configuration 1 to OTP mode or " Write to configuration 2 (YubiKey 2 only)" option if you want to change the configuration 2 to OTP mode and click on "Run"
Once, you have reprogrammed the YubiKey, use the following link to upload the AES key:http://www.yubico.com/developers/aeskeys/
We need to provide the following information to the AES Key upload page:
1) "Your e-mail address:" :- Enter your Email address
2) "Serial number:" :- Enter the serial number of the YubiKey, printed on the sleeve of the YubiKey. If you don't know or don't have access to the serial number, enter 0 (numeric zero) here
3) "YubiKey prefix:" :- Enter the first 12 characters of the OTP generated from the reprogrammed YubiKey
4) "Internal identity:" :- Enter the hex encoded value of private identity
5) "AES Key:" :- Enter the hex encoded value of AES Key
6) "OTP from the YubiKey:" :- Enter OTP from YubiKey
We hope this helps!