Donate Coffee

🟣Minimal Version

Provides the same instructions as in the parent guide "Setting up a New Key", however, contains a list of straight to the point commands for people who already know how to enter them.

Open Command Prompt, Terminal, or Powershell:

PIV -> PIN RETRIES Docs

ykman piv access set-retries 5 5

PIV -> CHANGE PIN Docs

default: 123456

ykman piv access change-pin

PIV -> CHANGE PUK Docs

default: 12345678

ykman piv access change-puk

PIV -> MANAGEMENT KEY Docs

default: 010203040506070801020304050607080102030405060708

PIV -> IMPORT KEYS TO SLOT

PIV -> RESET

If you mess up and want to reset PIV:

GPG -> PIN RETRIES Docs

GPG -> CHANGE PIN

default USER PIN: 123456

default ADMIN PIN: 12345678

GPG -> PERSONAL INFORMATION

Type each command in the list below. Enter the information requested after you type each one:

GPG -> TOUCH POLICIES

GPG -> SIGNATURE PIN

GPG -> KDF-SETUP

To enable KDF, you must enable this before any GPG keys are imported on your Yubikey. If you import GPG keys before enabling KDF and attempt to enable KDF later; you will receive the error:

gpg: error for setup KDF: Conditions of use not satisfied

To enable KDF after you have already imported GPG keys means that you'll need to reset your GPG interface and start over.

GPG -> RESET

If you mess up and want to reset GPG:

OTP -> NO ENTER

Halts Yubikey from automatically pressing "Enter" each time slot 1 or 2 is pressed.

YKMAN -> CHANGE-LOCK-CODE

At present time, there appears to be NO way to reset this if you forget the code. You will be completely unable to ever change settings on your Yubikey again. Use at your own risk.

A lock code may be used to protect the application configuration. The lock code must be a 32 characters (16 bytes) hex value.

GENERATE NEW CODE

SPECIFY NEW LOCK CODE

PreviousSetting up a New KeyNextSecuring Your Credentials

Last updated

Was this helpful?