Yubico Forum

I had previously posed this question in another thread -- viewtopic.php?f=35&t=2722 -- but never received a definitive answer.

So I'm trying again here w/ a more "descriptive" Subj line

Question: Is it possible to config-protect a "Challenge-Reply" configuration in Slot 2 WITHOUT changing / over-writing the previously-entered "Secret Key" ?

I've tried several times but have been unsuccessful on each attempt.

you go into settings press update settings and there you can set the protection.

I think I figured out what's going on here. Firmware 4.3.4 and 4.3.5 there was a bug that didn't allow updating configuration protection on the slot credentials. 4.2.6-4.3.3 work, as do 4.3.6 and newer. When I responded on the other thread I'm speaking from experience (works). When my colleague responded on the support case that was referred to on the other post, he was testing on 4.3.4 because he wasn't sure (hence the two different answers).

So on a 4.3.4 or 4.3.5 firmware YK4, you need to reprogram the credential in order to set an access code. If you have the configuration log (csv file), you can simply choose the same settings in the Personalization Tool and set the access code during programming. Just remember... forgetting an access code after setting one means there's no way to make changes to that slot anymore (or enable/disable modes - OTP/CCID/U2F).

how does that last part even make sense? the config protection applies to slot 1 or 2, but the modes the Yubi acts in are neither related to the slots to nor the personalization tool in the first place.

My1:

Thank you so much!

I'd never investigated that innocuous little button down there at the bottom of the page w/ the grayed-out text.

It was EXACTLY what I was looking for.

Thanks again,

Cheers,

Chris:

A sincere "Thank You" for the extra clarifications re: potentially differing behaviors based on firmware versions.

Cheers,