Yubico Forum

simple guide is there one?

I can make it 32 chars on 2 keys same.

How can I make it 16 chars?

step by step video would be good?

YubiKey 2.X has two configuration slots. When the YubiKey 2.X is shipped, it's first configuration slot is factory programmed for OTP mode (which works with online Yubico OTP validation server) and the second configuration slot is left blank i.e. not programmed. The two configuration slots of the YubiKey work independently and each can be independently reconfigured into OTP or static password mode.

You can use the latest Yubico configuration utility (version 2.2) to reprogram the second configuration slot of your YubiKey. That will allow you to use your 1st configuration slot with Yubico servers and the second slot for your other purposes (TrueCrypt in your case).The latest Yubico configuration utility and the user guide can be downloaded from the following link:

http://www.yubico.com/personalization-tool

YubiKey 2.x can be reprogrammed for two types of static password modes, first is long static password mode and other is scan code mode. And in both modes two YubiKeys can be reprogrammed to emit the same static password.

1) Long static password mode:

The latest YubiKey 2.x provides an interesting feature called "Strong password policy" where we can program the YubiKey to generate very long static passwords with upper, lower case letters, numbers and an "!" special character. We need to use the new Yubico configuration utility to utilize this feature.

For using this feature and reprogramming two YubiKeys with the same long static password follow the steps given below:


1. Insert the first YubiKey to the USB port and start the YubiKey Configuration Utility
2. Select the "Create a static YubiKey configuration (password mode)" from the Select task screen
3. Choose "Advanced" mode and select the appropriate number of characters
4. Select "Use a public identity" and from the "Public ID string update scheme" select "Fixed value" and click on "Single rand" button. Copy the value which is populated in the "Public ID string" and click on Next
5. Select "Use a private identity" and from the "Private ID string update scheme" select "Fixed value" and click on "Single rand" button. Copy the value which is populated in the "ID string" and click on Next
6. From the "Key update scheme" select "Fixed value" and click on "Single rand" button. Copy the value which is populated in the "Key (128) bits" and click on Next
7. From the "Specify output parameters" screen, select the options provided under the "Strong password policy" and remember which options are selected
8. From the "Specify configuration protection" screen, select the appropriate option
9. From the Programming screen, select "Write to configuration 2 (YubiKey 2 only)" and click on Run
10. Now, insert the another YubiKey
11. Select the "Create a static YubiKey configuration (password mode)" from the Select task screen
12. Choose "Advanced" mode and select the appropriate number of characters
13. Select "Use a public identity" and from the "Public ID string update scheme" select "Fixed value" and provide the value which was copied while reprogramming the first YubiKey and click on Next
14. Select "Use a private identity" and from the "Private ID string update scheme" select "Fixed value" and provide the value which was copied while reprogramming the first YubiKey and click on Next
15. From the "Key update scheme" select "Fixed value" and provide the value which was copied while reprogramming the first YubiKey and click on Next
16. From the "Specify output parameters" screen, select the options provided under the "Strong password policy" which were selected while reprogramming the first YubiKey
17. From the "Specify configuration protection" screen, select the appropriate option
18. From the Programming screen, select "Write to configuration 2 (YubiKey 2 only)" and click on Run


Please also note that the static password emitted from the YubiKey when configured in "Advanced" static YubiKey configuration mode cannot be set by the user. The Static password is generated as a result of an encryption function involving the AES key and YubiKey parameters.

2) Scan code mode:

You can use the "Scan code mode" feature available under the static YubiKey configuration of the YubiKey configuration utility to program the YubiKey 2.0 to emit your own password (of up to 16 characters in YubiKey 2.1.2 and up to 38 characters in YubiKey 2.2) containing alphanumeric characters.

For reprogramming two YubiKeys with the same Scan code mode static password follow the steps given below:


1. Insert the first YubiKey to the USB port and start the YubiKey Configuration Utility
2. Select the "Create a static YubiKey configuration (password mode)" from the Select task screen
3. Select the "Scan code mode" option
4. In the same screen enter your desired password in the "Scan code input" field and remember this password
5. From the "Specify output parameters" screen, select the appropriate parameters (All parameters are optional)
6. From the "Specify configuration protection" screen, select the appropriate option
7. From the Programming screen, select "Write to configuration 2 (YubiKey 2 only)" and click on Run
8. Now, insert the another YubiKey
9. Select the "Create a static YubiKey configuration (password mode)" from the Select task screen
10. Select the "Scan code mode" option
11. In the same screen enter the same password that you have used while reprogramming the first YubiKey in the "Scan code input" field
12. From the "Specify configuration protection" screen, select the appropriate option
13. From the Programming screen, select "Write to configuration 2 (YubiKey 2 only)" and click on Run

We hope this helps!

Hi samir: I followed your tutorial with a 2.2.x yubikey, but still doesnt quite do static password, in fact it does generate a very long strong password, but only around the first 32 chars are static, all the rest are random.. I did checked if it was programmed correctly and what is emitting is NOT an OTP.

For example :

First long press

!N62Jlcdcrftutftrtbfgkrblenrntbdlcgbtdfiddcrj

second long press

!N62Jlcdcrftubffrnfthuvffgdtlfregghuccbrcjvec

(I dont care if this passwords are made public )

Meh, I tried again, but this time, first deleting the 2nd configuration and then following the steps and it worked, it doesnt work overwritting though.

It seems to be a bug in the personalization tool-.

Nice, thanks for the help, but this text guide posted above looks very dangerous to me.

I just got my yubikey and I want to keep slot 1 as it is, and reconfigure slot 2 for a statis password.
But I'm too afraid to accidently override slot 1 with something I can't recover from.
Seems like it's very easyily done to overwrite the OTP factory default password... I don't even dare to click on 'set static password' in the tool...

The guides and userguides all explain things that I don't see on the personalization tool... I really need some clear, simple help on setting a static password on slot 2.

Can anyone help to point me to a video, or clear user guide?

greetings
strim