Rechercher une page de manuel

Chercher une autre page de manuel:


Langue: en

Autres versions - même langue

Version: August 2009 (fedora - 01/12/10)

Section: 1 (Commandes utilisateur)


ykpersonalize - personalize Yubikey OTP tokens


ykpersonalize [-1 | -2] [-sfile] [-ifile] [-axxx] [-cxxx] [-ooption] [-v] [-h]


Set the AES key, user ID and other settings in a Yubikey. For the complete explanation of the meaning of all parameters, see the reference manual:

change the first configuration. This is the default and is normally used for true OTP generation. In this configuration, TKTFLAG_APPEND_CR is set by default.
change the second configuration. This is for Yubikey II only and is then normally used for static key generation. In this configuration, TKTFLAG_APPEND_CR, CFGFLAG_STATIC_TICKET, CFGFLAG_STRONG_PW1, CFGFLAG_STRONG_PW2 and CFGFLAG_MAN_UPDATE are set by default.
save configuration to file instead of key. (if file is -, send to stdout)
read configuration from file. (if file is -, read from stdin)
A 32 char hex value (not modhex) of a fixed AES key to use.
A 12 char hex value (not modhex) to use as access code for programming. NOTE: this does NOT SET the access code, that's done with -oaccess=.
change configuration option. Possible option arguments are
Salt to be used for key generation. If none is given, a unique random one will be generated.
The public modhex identity of key, 0-16 characters long. It's possible to give the identity in hex as well, just prepend the value with `h:'.
The uid part of the generated ticket, in hex. Must be 12 characters long.
New hex access code to set. Must be 12 characters long.
Set/clear ticket flag, see the section `Ticket flags'
Set/clear ticket flag, see the section `Configuration flags'
always commit without prompting
Be more verbose

Ticket flags

Send a tab character as the first character. This is usually used to move to the next input field.
Send a tab character between the fixed part and the one-time password part. This is useful if you have the fixed portion equal to the user name and two input fields that you navigate between using tab.
Send a tab character as the last character.
Add a half-second delay before sending the one-time password part.
Add a half-second delay after sending the one-time password part.
Send a carriage return after sending the one-time password part.
Yubikey 2.0 firmware and above
When written to configuration 1, block later updates to configuration 2. When written to configuration 2, prevent configuration 1 from having the lock bit set.
Yubikey 2.1 firmware and above
Set OATH-HOTP mode rather than Yubikey mode. In this mode, the token functions according to the OATH-HOTP standard.

Configuration flags

[-]send-ref Send a reference string of all 16 modhex characters before the fixed part. This can not be combined with the strong-pw2 flag.
Add a 10ms delay between key presses.
Add a 20ms delay between key presses.
Output a fixed string rather than a one-time password. The password is still based on the AES key and should be hard to guess and impossible to remember.
Yubikey 1.x firmware only
Send the one-time password rather than the fixed part first.
Allow trigger through HID/keyboard by pressing caps-, num or scroll-lock twice. Not recommended for security reasons.
Yubikey 2.0 firmware and above
Limit the length of the static string to max 16 digits. This flag only makes sense with the -ostatic-ticket option.
Upper-case the two first letters of the output string. This is for compatibility with legacy systems that enforce both uppercase and lowercase characters in a password and does not add any security.
Replace the first eight characters of the modhex alphabet with the numbers 0 to 7. Like strong-pw1, this is intended to support legacy systems.
Enable user-initiated update of the static password. Only makes sense with the -ostatic-ticket option.
Yubikey 2.1 firmware and above
When set, generate an 8-digit HOTP rather than a 6-digit one.
When set, the first byte of the fixed part is sent as modhex.
When set, the first two bytes of the fixed part is sent as modhex.
When set, the fixed part is sent as modhex.


When using OATH-HOTP mode, the key that is shared with the server consists of the AES key plus the first four bytes (eight hex characters) of the UID. The token identifier is defined by the fixed prefix.


Report ykpersonalize bugs in laURL: L rathe issue tracker


The laURL: L raykpersonalize home page
Yubikeys can be obtained from laURL: L raYubico
14:34 Combien y at-il de fille sur la tribune en ce moment ?? (sans
compter les loutres)
14:41 Y'a pas de filles dans la tribune parceque c'est l'heure de la