We received recently a question over email where a customer was asking whether he can validate the OTPs from his reprogrammed YubiKey with the online Yubico OTP validation server again.
The answer is...
When the YubiKey 2 is shipped from Yubico, the first configuration slot of the YubiKey is factory programmed to OTP mode and the AES Key is uploaded to the YubiKey OTP validation sever so that once the YubiKey is received, you can by default start validating the YubiKey OTP with the online Yubico OTP validation server. The second configuration slot is left blank i.e. not programmed.
Please note that once the configuration slot one of the YubiKey is reprogrammed, the factory default configuration is overwritten. As the Yubico OTP validation server does not have any record of the newly reprogrammed AES Key, it can not validate the OTP emitted from the reprogrammed YubiKey. You can always reprogram the second configuration slot using the YubiKey configuration tool if you don't want to overwrite the factory default configuration.
However, In order to streamline the process for users who want to program their own AES keys in YubiKeys and still have a working key online we have changed the process of handling AES Keys at the online validation server. Now users can reprogram their YubiKey in OTP mode with their own AES Key, upload the new AES Key to the YubiKey OTP validation server and start validating the OTP from the reprogrammed YubiKey once again with the Yubico OTP validation server. The AES Key upload functionality is available at the following link:
http://www.yubico.com/developers/aeskeys/The step by step instructions for uploading the AES Key to the online Yubico OTP validation server is available at the following forum link:
viewtopic.php?f=2&t=402&p=1754We hope this helps!