Yubico Forum

Hi,

I'm a first time yubikey user. I'm planing to use yubikey together with Truecrypt and Fastmail. I have played around with Personalization Tool and read the User guide. I want to use Specify configuration protection for both configuration 1 and 2. But if I use Create a dynamic configuration (OTP) I loose my ability to use Yubico validation server. Have I missed something?

YubiKey 2.X has two configuration slots which work independently and can be reprogrammed separately.

When the YubiKey 2.X is shipped, it's first configuration slot is factory reprogrammed for OTP mode (which works with online Yubico OTP validation server) and the second configuration slot is left blank i.e. not programmed.

If you touch and hold the YubiKey button between 1-3 seconds before releasing, the first configuration slot will emit the password (based on slot 1 configuration). And if you touch and hold the YubiKey button about 4-5 seconds before releasing, the second configuration slot will emit the password (based on slot 2 configuration). In case if you happen to touch and hold it longer for more than 5 seconds, the touch button indicator will flash rapidly without emitting any password.

You can reprogram your YubiKey to static password mode without erasing the factory reprogrammed OTP mode.For this you need to select the "Write to configuration 2 (YubiKey 2 only)" option from the "Programming" screen of the latest YubiKey configuration utility as shown in following image:



This way you can use the OTP emitted from the configuration slot 1 (factory reprogrammed) with fastmail and the static password emitted from the configuration slot 2 with TrueCrypt.

Please note that by reprogramming the YubiKey, previously stored configuration data is wiped out and the new configuration data is written to the YubiKey. If you reprogrammed the factory reprogrammed configuration slot 1 to OTP mode then you won't be able to validate the OTP emitted from the configuration slot 1 with the online Yubico OTP validation server by default. However, in order to streamline the process for users who want to program their own AES keys in YubiKeys and still have a working key online we have changed the process of handling AES Keys at the online validation server.

You will have to use a YubiKey configuration utility to program your own AES key into a YubiKey and then upload the same AES key(s) to the server (to be used online) using the following link:

http://www.yubico.com/developers/aeskeys/

The step by step instructions to upload the AES Key is available at the following forum link:

viewtopic.php?f=6&t=447&p=1928#p1928

We hope this helps!

Thanks for your answer! I missed to question what to do if I want to have a identical backup yubikey. I have programmed two yubikeys with the same data, but is having problem with "Replayd_otp". Is it a good thing to have two identical yubikeys? I think I must have a backup.

Regarding creating a backup YubiKey, please refer to the forum post given below:

viewtopic.php?f=6&t=513

We hope this helps!