Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 8:16 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 5 posts ] 
Author Message
PostPosted: Sat Jan 08, 2011 2:34 am 
Offline

Joined: Sat Jan 08, 2011 2:06 am
Posts: 3
I reprogrammed config 1 a couple times to try different scenarios and now the configuration utility shows I have valid configurations but the Device serial number shows Serial number read failure.

I did not think the serial number was connected to the programming of the key but a fixed identifer.

The OTP function works on the demo website but instead of the 6 digit serial that was originally shown, it now shows a string of 15 numbers. Anyone know if it's possible to restore the serial number to match the printed number on the key? It doesn't seem to hinder the function at this point.

Thanks!


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Sat Jan 08, 2011 8:47 pm 
Offline
Site Admin
Site Admin

Joined: Wed May 28, 2008 7:04 pm
Posts: 263
Location: Yubico base camp in Sweden - Now in Palo Alto
It may be that the serial number visibility flags are not set, which is the default behavior in the configuration tool. Then the keys works exactly as pre-2.2 keys, i.e. hardware serial number cannot be read.

The serial number is always visible for a non-configured device. When one or both configurations are written, the visibility is an logical OR function between both configuration's visibility flags, i.e. if any of them are set, the serial number becomes visible.

Please let me know if this resolved the issue.

With the best regards,

JakobE
Hardware- and firmware guy @ Yubico


Top
 Profile  
Reply with quote  
PostPosted: Mon Jan 10, 2011 3:29 am 
Offline

Joined: Sat Jan 08, 2011 2:06 am
Posts: 3
Thanks for the tip. Here is what I did. First I ordered two keys (firmware 2.2.2) so I have one untouched that indicates Config 1 valid and the correct serial number is displayed when I choose 'Type and firmware check' in the configuration utility (2.2.1 Build Nov 16 2010 23:53:47). When I use it on the demo login server, at the bottom of the screen it shows the identity string and decimal (Yubikey serial number).

I took my 2nd key that gave the error and wiped both configurations. The firmware check showed it was unconfigured and the correct serial number was now displayed. I completed the process of 'Configure a Yubikey for upload to the Yubico server' and now the OTP function works normally with the newly created configuration 1. However the firmware check returns Config 1 valid and 'Serial number read failure'. I configured slot 2 as a standard Yubikey and also uploaded it the Yubico server. Now the firmware check says 'Configs 1+2 valid' and Serial number read failure.

So my untouched Yubikey displays the serial number and the demo website reads the serial number from the key when it displays the information at the bottom of the page. My second key no longer displays the serial number when either or both configs are valid (I did try wiping config 1 and only having config 2 valid with the same result). The demo website validates the Yubikey but at the bottom of the page after decimal it shows a string of numbers like 281935932733236 instead of the actual serial number. This number always starts with 28 but changes each time I reprogam the Yubikey so I don't know what it represents.

The function of the key does not seem damaged but I'm wondering about the 'permanence' of the serial number and if the demo website can display the serial number than is it possible for a future validation check to involve the serial number that my key no longer provides correctly? Is it safe to assume that once the Yubico factory installed config 1 is changed that the serial number display will no longer work?

Thanks!


Top
 Profile  
Reply with quote  
PostPosted: Mon Jan 10, 2011 4:10 am 
Offline

Joined: Sat Jan 08, 2011 2:06 am
Posts: 3
After writing the previous reply I went back and created a static password in config 2 and saw that you could choose between 3 check boxes for different Serial # visibility options. I chose all 3 and put a static password in config 2 and now the serial number is displayed on the firmware check screen. The choices regarding serial # visibility are not available when a person chooses the Quick Link to configure a Yubikey for upload to the Yubico server. The display of the serial number on the demo server authentication screen is still incorrect though. It still shows a string of numbers starting with 28 where my untouched Yubikey shows the true serial number.


Top
 Profile  
Reply with quote  
PostPosted: Tue Jan 11, 2011 2:44 pm 
Offline
Site Admin
Site Admin

Joined: Wed May 28, 2008 7:04 pm
Posts: 263
Location: Yubico base camp in Sweden - Now in Palo Alto
Sorry for a slow action in this matter.

The upload function did not set the visibility flag. This has now been corrected and an updated version of the configuration tool has been uploaded to our personalization web page.

Thanks for reporting this issue.

Regards,

JakobE
Hardware- and firmware guy @ Yubico


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group