Tools and Troubleshooting¶
YubiKey Manager (ykman)¶
The YubiKey Manager is a tool for configuring all aspects of YubiKeys in the 5 series and for determining the model of key and the firmware it runs. It has both a graphical interface and a command line interface. Being cross-platform, it runs on Windows, macOS, and Linux. Some of the more advanced options are only available through the command line. See the YubiKey Manager (ykman) CLI Guide.
Graphical User Interface (GUI)¶
The graphical user interface of the YubiKey Manager provides an easy-to-use method of performing basic configuration tasks of the YubiKey 5 Series, including:
- Displaying information about the YubiKey(s) connected to the computer.
- Enabling or disabling applications per physical interface.
- Setting or changing the FIDO2 PIN, as well as resetting the FIDO application.
- Managing the credentials in the OTP application.
Command Line Interface (CLI)¶
Using ykman’s CLI, you can do everything that the GUI can and more. This includes, but is not limited to:
- Enabling or disabling applications and prevent unauthorized changes by setting a lock code.
- Managing the credentials in the PIV / Smart Card application, including resetting them.
- Managing and generating OTPs from the credentials in the OATH application, including resetting the application.
- Resetting the OpenPGP application and setting the OpenPGP touch policy.
For usage information and examples for ykman, see the YubiKey Manager (ykman) CLI Guide.
Yubico Authenticator is used to manage credentials on the OATH application and display the OTPs generated by the YubiKey. Yubico Authenticator is required in order to generate OTPs for OATH-TOTP credentials as the YubiKey does not contain a battery and thus cannot track time. It is open source, cross-platform, and runs on Windows, macOS, Linux, and Android. The Android version of Yubico Authenticator can communicate with YubiKeys over NFC or USB.
YubiKey Smart Card Minidriver¶
The YubiKey Smart Card Minidriver extends the PIV / Smart Card application on the YubiKey on Windows, facilitating deployment and management. Key benefits include:
- Enrollment of the YubiKey using standard Windows utilities.
- Auto-enrollment, enabling user self-provisioning of a YubiKey and automatic renewal.
- Multiple authentication certificates on one YubiKey.
- Changing of the PIN from the Ctrl+Alt+Del menu.
- Unblocking of the PIN using the PUK at the Windows logon screen.
To get started with the YubiKey Smart Card Minidriver, see the deployment guide
For use with YubiKeys in the 5 Series, version 4.0 or later of the minidriver is required.