ykpersonalize

Show YubiKey status

$ ykpersonalize -v

$ ykpersonalize -1

$ ykpersonalize -2 -ochal-resp -ochal-hmac

$ ykpersonalize -2 -ostatic-ticket

$ sudo ykpersonalize -m 86

$ ykpersonalize -1 -a[hex_key]

$ ykpersonalize -oaccess=[hex_code]

ykpersonalize [options]

ykpersonalize configures YubiKey hardware tokens from Yubico. It can program the two configuration slots with various authentication modes including Yubico OTP, HMAC-SHA1 challenge-response, and static passwords.
Each YubiKey has two slots: slot 1 activates on short touch, slot 2 on long touch. Slots can be independently configured for different use cases like OTP authentication and disk encryption.
Access codes can protect configuration from unauthorized changes. The tool requires direct USB access to the YubiKey.

-1 / -2

Program slot 1 or slot 2.

Set AES key (hex encoded).

Current access code to unlock.

Set new access code.

Enable challenge-response mode.

Use HMAC-SHA1 for challenge-response.

Enable static password mode.

Set USB mode (OTP, CCID, etc.).

Verbose output.

Auto-confirm operations.

Programming overwrites existing slot configuration. Access codes prevent reconfiguration without the code. Some operations require root. Superseded by ykman for newer features.

ykpersonalize was developed by Yubico as part of the yubikey-personalization package for configuring YubiKey tokens. While still functional, Yubico now recommends ykman (YubiKey Manager) for newer YubiKey models and features.

ykman(1), ykchalresp(1), ykinfo(1)