...
- YubiKey 4 and newer
- Yubikey Manager
- Download direct from Yubico: https://www.yubico.com/support/download/yubikey-manager/#h-downloads
- Windows
- Mac
- Linux
Process
Attestation
- Insert YubiKey
- Open a Terminal and/or PowerShell.
Windows: Run the following to adding the Yubikey Manager
Click on Applications and then click on PIV
Change PIN if Yubikey is fresh out of the box or it's been defaulted
Note skip to step 4 (Enrollment) if Yubikey is already initialized
- Click on Configure PINs
- Click Change PIN and then check Use default (if it is default).
Fill in the blanks.
Finish with changing PIN by clicking on Change PIN
- Click on Change PUK and then check Use default (if it is default).
Fill in the blanks.
Finish with changing PUK by clicking on Change PUK
- Click on Change Management Key and then check Use default (if it is default).
Fill in the blanks.
Finish with changing the key by clicking on FinishYou can check Protect with PIN to not need the Management Key for future
cli tools to environment PATH
Note Note: you must close and re-open your terminal for these to be picked up
Code Block #Machine Wide (must be run with Administrative priviliges) $newPath = "$env:ProgramFiles\Yubico\Yubikey Manager;" + [Environment]::GetEnvironmentVariable("PATH", [EnvironmentVariableTarget]::Machine) [Environment]::SetEnvironmentVariable("PATH", $newPath, [EnvironmentVariableTarget]::Machine) #User Level $newPath = "$env:ProgramFiles\Yubico\Yubikey Manager;" + [Environment]::GetEnvironmentVariable("PATH", [EnvironmentVariableTarget]::User) [Environment]::SetEnvironmentVariable("PATH", $newPath, [EnvironmentVariableTarget]::User)
Run the following command to attest the certificate in slot 9a
Code Block ykman piv keys attest 9a <path to save attested certificate>- Upload <path to save attested certificate> to appropriate location/persons.