rel:: [[Computer Security MOC|Computer Security]] # yubikey ### Personalization Tool - [download link](https://www.yubico.com/products/services-software/download/yubikey-personalization-tools/) - [ykman](https://docs.yubico.com/software/yubikey/tools/ykman/) ### yubikey spam fix **NOTE:** Normal U2F click functionality will still work after this, we're just removing the Yubico OTP and HOTP configs from the device. 1. Launch "Personalization Tool" 1. Go to `Tools` tab 1. Select `Delete Configuration` 1. Select `Configuration Slot 1` 1. Select `Delete` 1. Programming Status on the right should now be `Not configured` after `delete` 1. Open up a text editor and click the button on the token to see if any random U2F strings pop out. ### Using yubikey for GPG and SSH 1. [DataDog/yubikey](https://github.com/DataDog/yubikey) 2. turn off tap friction; anyone that has to do anything in batch like bulk downloading something over ssh or rebasing a bunch of commits ... yeah. It's arguably theatre and having to re-enter the pin periodically with private keys on the yubikey is still much better security than having them on disk. Save the taps. ```bash ykman openpgp keys set-touch sig off # git signing ykman openpgp keys set-touch enc off ykman openpgp keys set-touch aut off git config --unset gpg.program # remove nag wrapper around gpg ``` 3. To enable GPG and SSH agents in env (see [[Computer Security MOC#Keychain Management With funtoo/keychain|keychain]]) ```bash function yon() { export GPG_TTY="$(tty)" export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh" gpgconf --launch gpg-agent echo UPDATESTARTUPTTY | gpg-connect-agent eval `keychain --quiet --eval --agents gpg,ssh --inherit any 2>/dev/null` } ```