ykinfo

Display all information from YubiKey

$ ykinfo -a

$ ykinfo -s -q

$ ykinfo -c

ykinfo [OPTIONS]

-h, --help
    Display help message and exit.

-V, --version
    Print version information and exit.

-d, --debug
    Enable debug output for more detailed information during operation.

-v, --verbose
    Enable verbose output.

-s, --short
    Display only essential information: serial number, firmware version, and OTP type.

-q, --quiet
    Suppress headers and only print the requested information, suitable for scripting.

-t, --token
    Print information about the token in a format suitable for scripting, often key-value pairs.

-m, --monitor
    Continuously monitor for changes in YubiKey status (e.g., insertion or removal).

-u, --device=NUMBER
    Specify which YubiKey device to use when multiple are connected, by its device number (e.g., 0, 1).

The ykinfo command is a utility from the YubiKey Personalization Tools suite designed to query and display various details about a connected YubiKey device.

It provides essential information such as the YubiKey's serial number, firmware version, device capabilities, and configuration status (e.g., whether OTP, challenge-response, or static password slots are programmed). This command is particularly useful for quickly verifying a YubiKey's identity, checking its basic health, or understanding its current settings without altering them.

ykinfo can interact with the YubiKey over USB, typically via CCID or HID protocols. It's an indispensable tool for YubiKey administrators and users who need to confirm device specifics or troubleshoot common issues. While more comprehensive tools like ykman exist, ykinfo offers a simple and focused way to retrieve key device data.

ykinfo requires the yubikey-personalization package to be installed on the system.

Proper permissions (e.g., via udev rules) are necessary for the user to access USB devices like the YubiKey. Without correct permissions, the command may not detect connected devices or may report permission errors.

The exact output and supported features might vary slightly depending on the specific YubiKey model (e.g., YubiKey 5, YubiKey 4, YubiKey NEO) and its firmware version.

When run without options, ykinfo typically displays:
Serial Number: A unique identifier for the YubiKey.
Firmware Version: The version of the firmware running on the device.
OTP Capabilities: Information about the YubiKey's One-Time Password (OTP) generation capabilities.
Configuration Slot Status: Indicates whether configuration slots (Slot 1 and Slot 2) are programmed or empty.
Formfactor: The physical form factor of the YubiKey (e.g., USB-A, USB-C, Nano).

For ykinfo to function correctly, the user often needs read/write access to the YubiKey's USB device file. This is typically managed through udev rules (e.g., 69-yubikey.rules). If you encounter 'permission denied' errors, ensure your user is part of the appropriate group (e.g., plugdev or users) or that udev rules are correctly configured to grant access to YubiKeys.

The ykinfo command is part of the original YubiKey Personalization Tools, a collection of utilities developed by Yubico to manage and configure YubiKey devices.

It has been a foundational tool for querying YubiKey status since the early days of YubiKey adoption. While newer, more comprehensive tools like ykman have emerged as the primary interface for YubiKey management in recent years, ykinfo remains a simple, standalone utility for quick informational lookups, often maintained for compatibility and its focused functionality.

ykpersonalize(1), ykman(1), yubico-piv-tool(1), oath-tool(1)