Yubico Forum

Hello all,
I'm a server admin and would like to secure some IT infrastructure using the Yubikey NEO as a second factor and also to store PGP key information using the OpenPGP SmartCard functionality.
I am fully blind and therefore use a screen reader, a piece of software that announces on-screen text using synthetic speech and allows the user to navigate the system with keyboard commands only. Since I'm using Mac OS on the client side, I'm also using VoiceOver, which is a screen-reader built into the operating system. Most applications are accessible and usable out of the box using screen reading software such as VoiceOver, however there are also some applications which have accessibility problems or are totally inaccessible. This is unfortunately the case with the Yubikey NEO Manager, which I currently have no access to because VoiceOver cannot detect the user interface elements. Most likely this is because NEO Manager might use an older version of the QT framework, since only some newer versions have some accessibility support. On the other hand, the Yubikey Personalization Tools, which I have downloaded from the App Store, are mostly accessible. Thus, I was able to setup my NEO for 2-factor auth, but this doesn't give me access to the SmartCard functionalities or the U2F functionality which I'd also like to use. So I was wondering, is there any other way in which I could do this? For example, is there a command line interface which I could use, or any testing build of NEO Manager that uses a current version of QT?
Thanks a lot in advance for any ideas / suggestions!
Regards,
Robin

YubiKey NEO Manager (and some of our other GUI tools) are written in Python, using the PySide bindings for Qt. At the moment PySide only supports Qt4, but there is work on PySide2, which will support Qt5. Once that is released and stable, I think we would want to move to it and Qt5, which hopefully will make these tools accessible. In the meantime, there should be command line tools that do everything that the NEO Manager does. Probably not a single tool that covers everything, but a combination of tools that together provide all the functionality. For what you're talking about specifically, U2F and smart card functionality: U2F should be supported out of the box, assuming you have a YubiKey NEO 3.3.0 or newer. CCID mode (which is required for smart card access) is disabled by default, but can be enabled by using the ykpersonalize command line tool. If you're going to be using all three modes (OTP, CCID and U2F) then you will want to run the command:

ykpersonalize -m 86

to put the YubiKey in a composite mode where all three transports are open. Once that is done you should be able to use gpg to setup the OpenPGP keys, and so on.

Hey Dain,
thanks a lot for your response and the help, greatly appreciated!
I had previously downloaded the ykpersonalize tool, but wasn't sure about what exactly I needed to do to get SmartCard functionality up and running. Running it with the -m 86 option did the trick though and GPG has successfully detected the card, so now I'm definitely good to go! Also, I wasn't aware of the situation with Python and the QT framework, thanks for sharing this info with me as it is very interesting. I hope QT 5 support will become available soon, though I understand that as of now it is beyond your control when exactly this will be the case.
All the best,
Robin