Here’s how to program slot 2 of the Yubikey, and then swap slots 1 and 2, using the Cross-platform Yubikey Personalization Tool:
|
Danger, Will Robinson!
As delivered, the configuration in slot 1 of the Yubikey allows the Yubikey to authenticate against the Yubico cloud authentication service. Once deleted from the Yubikey, it cannot be recreated as was. Specifically, one cannot recreate a public id (and corresponding AES key) beginning with Modhex Our aim – for now, anyway – is to completely preserve the as-delivered configuration of slot 1 – not to delete it! – and to save it in slot 2. Please proceed with the appropriate amount of caution! |
Start the tool: yubikey-personalization-gui&
Select Yubico OTP Mode, then Quick
We’ll just accept whatever randomized values are suggested here – though feel free to Regenerate.
(By the way: there is an advantage to using a public id which starts with Modhex vv (i.e. Hex FF) as this page produces, rather than a completely random public id (as is available via the Advanced configuration page): for user-generated keys, only those starting with Modhex vv can be uploaded to the Yubico cloud authentication service.)
Select Configuration Slot 2
Unhide values, and take a note of the Public Identity, the Private Identity, and the Secret Key.
(Comment: The ‘Private Identity’ is not significant, and – when using Yubikeys in standard Yubico OTP mode, as we are – plays no role in the authentication process. It might just as well be set to all zeroes.)
Select Write Configuration:
The configuration will be written to the key, and also to a log file which you will be asked to nominate.
To now swap the contents of Slots 1 and 2:
Select Settings
Select Update Settings...
Select Swap
Now, try using your Yubikey.
You should find that Slot 1 emits a OTP corresponding to the new public id just defined, and Slot 2 emits an OTP corresponding to the pre-existing factory-defined public id.