How to Generate a Single YubiKey Configuration
If you are already using a YubiKey with an existing service, the following steps will overwrite the stored secret for that service. Note: Every time you open the Yubico OTP tab, a new Public Identity, Private Identity and Secret Key will be generated, but these are not written to the token unless you select Write Configuration. There is no way to read your existing Public Identity, Private Identity and Secret Key off the token once it has been written.
Each YubiKey has two slots. The first slot is used to generate the passcode when the YubiKey button is touched for between 0.3 and 1.5 seconds and released. The second slot is used if the button is touched for between 2 and 5 seconds. When the YubiKey is shipped, its first configuration slot is factory programmed for the YubiCloud OTP service, and its second configuration slot is blank.
To create or overwrite a slot's configuration:
- Start the YubiKey Personalization Tool. If you don’t have it installed, you can download it from Yubico's website(link is external).
- Insert the YubiKey into your computer's USB port.
- Wait for the Personalization Tool to recognize the YubiKey.
- Click Yubico OTP Mode.
- Click Quick.
- Select Configuration Slot 1 (or Configuration Slot 2, if Slot 1 is already being used by another service).
- Click Regenerate.
- Uncheck Hide Values.
- Copy the following information:
- Serial Number (in decimal format): ex. 01231337
- Private Identity: ex. 0c 87 99 55 78 ee
- Secret Key to add the YubiKey: ex. a4 d0 93 a9 bd 09 e1 24 e9 17 b6 72 03 56 a1 3b
- List the Serial Number, Private Identity and Secret Key, separated by commas, in the following format, to be provided to the Help Desk:
ex. 01231337, 0c 87 99 55 78 ee, a4 d0 93 a9 bd 09 e1 24 e9 17 b6 72 03 56 a1 3b
- (Note: You may want to save this information, along with the Public Identity, somewhere safe, as you will need it if you use this YubiKey with other services in the future.)
- Click Write Configuration