YubiKey Provisioning¶
Use the Yubikey Personalization Tool to create the keys.
- Select “Yubico OTP”
- Select “Advanced”
- Check “Configuration Slot 1”
- Check “Program Multiple Keys”
- Check “Automatically program Yubikeys when inserted”
- From the Drop down menu select “Increment Identity; Randomize secrets”
- Click Generate for “Public Identity”, “Private Identity” and “Secret Key”
Insert a Key and provision it, you will get a question where to store the logfile, choose an appropriate place and keep inserting and removing the keys watching that the number correspond too your expected number of keys.
Once done with all keys you will have a log file looking to something similar to:
Yubico OTP,2020-10-16 - 11:26,1,rhbrtubrlkjc,9ace257569c7,fd21ea4f99151eefff8ad82274d9ff6c,,,0,0,0,0,0,0,0,0,0,0
Yubico OTP,2020-10-16 - 11:26,1,rhbrtubrlkjd,9ace257569c7,fd21ea4f99251eefff8ad82274d9ff6c,,,0,0,0,0,0,0,0,0,0,0
Yubico OTP,2020-10-16 - 11:26,1,rhbrtubrlkje,9ace257569c7,fd21ea4f99351eefff8ad82274d9ff6c,,,0,0,0,0,0,0,0,0,0,0
Yubico OTP,2020-10-16 - 11:26,1,rhbrtubrlkjf,9ace257569c7,fd21ea4f99451eefff8ad82274d9ff6c,,,0,0,0,0,0,0,0,0,0,0
...
Trim this file to remove everything prior to the 1, so it resembles the below format.
1,rhbrtubrlkjc,9ace257569c7,fd21ea4f99151eefff8ad82274d9ff6c,,,0,0,0,0,0,0,0,0,0,0
1,rhbrtubrlkjd,9ace257569c7,fd21ea4f99251eefff8ad82274d9ff6c,,,0,0,0,0,0,0,0,0,0,0
1,rhbrtubrlkje,9ace257569c7,fd21ea4f99351eefff8ad82274d9ff6c,,,0,0,0,0,0,0,0,0,0,0
1,rhbrtubrlkjf,9ace257569c7,fd21ea4f99451eefff8ad82274d9ff6c,,,0,0,0,0,0,0,0,0,0,0
Then add a first line containing # ykksm 1, so the result looks like:
# ykksm 1
1,rhbrtubrlkjc,9ace257569c7,fd21ea4f99151eefff8ad82274d9ff6c,,,0,0,0,0,0,0,0,0,0,0
1,rhbrtubrlkjd,9ace257569c7,fd21ea4f99251eefff8ad82274d9ff6c,,,0,0,0,0,0,0,0,0,0,0
1,rhbrtubrlkje,9ace257569c7,fd21ea4f99351eefff8ad82274d9ff6c,,,0,0,0,0,0,0,0,0,0,0
1,rhbrtubrlkjf,9ace257569c7,fd21ea4f99451eefff8ad82274d9ff6c,,,0,0,0,0,0,0,0,0,0,0
Then this file is ready for provisioning into the HSM, using the menu option Manage the YubiHSM settings
Note
Ensure the resulting file only has linefeeds (LF, ASCII code 10) as line termination.