Skip to Content

Yubikey

NEO

dnf install ykpers -y
ykpersonalize -m82

Unplug and replug it back in and it should be usable as a smartcard.

NFC / HTTP Auth

dnf install ykpers -y
ykpersonalize -n https://api.stelfox.net/sessions/yknfc?t=

This will hit the API with a URL like:

https://api.stelfox.net/session/yknfc?t=ccccccuddclhrkuvurcufviveulljleihvreukifegjh

The API can then return a token that for accessing additional functionality.

Resetting

This will wipe all keys, user, and admin pins on the card.

This requires scdaemon and gpg-agent to be working and able to connect to the smartcard. It needs to be plugged into the computer and requires GPG version 2.0.22 or later. On yubikeys prior to the YubiKey4 check the version and confirm it’s version 1.0.6 or later using the following command:

gpg-connect-agent --hex "scd apdu 00 f1 00 00" /bye

You’ll get back a line that looks like:

D[0000]  01 00 06 90 00

Indicating version 1.0.6. To reset the applet create a file with the following contents:

/hex
scd serialno
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 e6 00 00
scd apdu 00 44 00 00
/echo Card has been successfully reset.
/bye

And cat it into gpg-connect-agent like so:

cat FILE | gpg-connect-agent

Using as a RNG source

This may allow me to use the yubikey’s hardware RNG to generate entropy on my host:

https://github.com/infincia/TokenTools

Vulnerability

A vulnerability was published around YubiKey NEOs use as smartcards and Yubico’s response is top notch. I recommend following the steps in checking on your key to see if you’re affected.