Yubico Forum
https://forum.yubico.com/

[QUESTION] - What do I lose by overwriting factory slot 1?
https://forum.yubico.com/viewtopic.php?f=16&t=1620
Page 1 of 1

Author:  henris [ Sat Nov 22, 2014 8:59 pm ]
Post subject:  [QUESTION] - What do I lose by overwriting factory slot 1?

Hi,


I have just bought a Yubikey standard (firmware 2.4.2) and I was reading the documentation, where even for "first time users" it is always mentioned not to overwrite the slot 1 factory configuration.

1 ) I was wondering what services are factory-associated to this config

2 ) what exactly do I lose if I overwrite it ?

3 ) Can't I just create a new Yubico OTP config using the personalization tool and upload it to Yubico? (there is even a button!)

4 ) I also read somewhere in the forum something about the credentials not being CC and becoming VV, what does this mean?


Thanks in advance!

Author:  DavidW [ Sun Nov 23, 2014 11:38 am ]
Post subject:  Re: [QUESTION] - What do I lose by overwriting factory slot

New retail Yubikeys come from the factory with a Yubico OTP credential in slot 1. The VIP is a little different - that has a Symantec VIP credential in slot 1 and a Yubico OTP credential in slot 2.

You cannot back up these factory credentials - the whole point of Yubikey is that the secret part of the credential cannot be extracted from the key. If you overwrite them, they are lost permanently.


The factory Yubico OTP credential starts with cc and encodes the serial number of the key, which is laser etched on the back. Only the factory can create credentials starting with cc.

It is possible for a user to create a Yubico OTP credential, which will start with vv. vv credentials are not guaranteed to work everywhere.


You are only recommended to overwrite the factory personalisation if you are sure you have no use for it.

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/