Yubico Forum

After reading the security advisory warning about the OpenPGP applets prior to 1.0.10 having a possible critical security flaw in authentication with the user's PIN, how are end users supposed to update the OpenPGP applet if the Yubikey NEO that they have are in the production category instead of the development one. I do not believe, after reading several articles on the forums and on the website, that end users are able to perform applet updates as the cardmanager keys are kept solely by Yubico. Will Yubico be releasing said cardmanager keys or will there be a route to replace said key with one that comes with the updated applet version?

Yay! I wasn't the only person to ask the same question without looking at recent posts!

Effectively this same question was already asked in the past two days by testic and halstead and me.

After speaking with Chris from Yubico Support, Yubico is sending me a replacement Yubikey NEO with the updated openPGP applet and asking me to send my old unit in. This whole process took only around 30 minutes and a few emails to verify information and provide a solution. I want to commend the fine people, and specifically Chris, over at Yubico Support. They were very efficient in responding to my help ticket and provided a great support experience! Provided below is information pertaining to production level NEO devices.

It's great that they're willing to do a token swap, and Yubico's support is fantastic (Chris replied to me in 12 minutes!), but...

Sending in a token with my private key and a known vulnerability on it seems like a bad idea.

I'm fortunate enough to have 2 pieces of the old YK NEO (non U2F) developer edition, and I'm comfortable loading my own applets. But even then, as I understand it, if you reload an applet you lose the private keys contained in it. By design it's impossible to extract the private key from the applet, which means if your private key is in a vulnerable applet, it translates to a potentially messy key-rotation problem (depending on how much data you have encrypted under that key).

I think Yubico is still getting their response together. My optimistic reading of the "replacement policy" posted yesterday looks like they might well end up not asking for the old Neos to be sent back. It's not like my battered old Neo is going to be refurbishable or anything. Just track that they aren't sending multiple free replacements against one vulnerable Neo.

I'm going to wait a few more days for the plan to shake out. If it ends up being a swap... before I send it in I would do a "generate new PGP keys" series on the old device, random-write the OTPs, etc. Probably *should* revoke the subkeys that are currently on my Neo... but definitely overwriting them before I send it in. Honestly, if it's a swap situation, I might consider just buying a whole new Neo and keeping the current one for non-PGP functions.

On the PGP side, there's been a debate on whether it's better to generate the public-private pair on the Neo (which means the private key is hopefully irretrievable) or generate them on a trusted device and push the private to the Neo. Both on-Neo and off-Neo generation are supported by the Neo (in recent models). I went with the latter. I have an otherwise junk laptop that has all networking components removed. I use it (and an encrypted volume) to store my PGP master and subkeys. After a keyring backup, I then can push the subkeys to the Neo (warning, pushing keys to the Neo with PGP/GPG wipes them from the computer's keyring... thus the backup step). I also use my "airgap" laptop for various yubikey configuration utils, signing other peoples' PGP keys with my master, and some other security bits.

The strongest advantage of the PGP key pushed-from-the-computer is that I could still, with some effort, be able to decrypt things encrypted to that subkey. Even if I lost the Neo, and even if I revoke the subkey.

In any event, I'll still have to update the sites/services that are using the OTP and U2F modes, since those codes simply won't be portable between devices (and I can't overwrite the U2F in any event).

YubiKey neo has limited size of the key that it can store.
Thus I have a stronger (offline) master GPG key, generate subkeys on that machine and push them to yubikey.
I have backup of my subkeys, and can easily revoke and rotate them without loosing web of trust.
Originally I thought this as a rotation measure, and well now I really have a reason to rotate those subkeys off