The YubiKey Manager (ykman) is a cross-platform application for configuring any YubiKey. It provides an easy way to perform the most common configuration tasks on a YubiKey, such as:
- Displaying the serial number and firmware version of a YubiKey
- Configuring a FIDO2 PIN
- Resetting the FIDO applications
- Configuring the OTP application. A YubiKey has two slots (Short Touch and Long Touch). This tool can configure a Yubico OTP credential, a static password, a challenge-response credential or an OATH HOTP credential in either or both of these slots.
- Manage certificates and PINs for the PIV application
- Swap the credentials between two configured slots
- Enable and disable USB and NFC interfaces
It has both a graphical user interface (GUI) and a command line interface (CLI). Some of the more advanced options are only available through the command line.
In other words, ykman is a Python 3.6 (or later) library and command line tool for configuring a YubiKey.
This guide contains the instructions for using both the YubiKey Manager’s Command Line Interface (CLI) and its graphical user interface (GUI).
- For the GUI, see Using the YubiKey Manager GUI in this guide.
- For the CLI, see all the rest of this guide. The commands are organized by protocol; all the CLIs that do not relate specifically to a particular protocol are listed in Base Commands.
The YubiKey firmware is separate from the YubiKey itself in the sense that it is put onto each YubiKey in a process separate from the manufacture of the physical key. Nonetheless, it can be neither removed nor altered. Yubico periodically updates the YubiKey firmware to take advantage of features and capabilities introduced into operating systems (OSs) such as Windows, etc., as well as to enable new YubiKey features.
The firmware version on a YubiKey therefore determines whether or not a feature or a capability is available to that YubiKey. The quickest and most convenient way to determine your YubiKey’s firmware version is to use the YubiKey Manager tool.
General and Windows and MacOS¶
To download the full graphical application, which also includes the command line tool, go to the YubiKey Manager page on developers.yubico.com. That page also contains installation instructions and aids.
YubiKey Manager can be installed independently of platform by using
pip (or equivalent):
pip install --user yubikey-manager
On Linux platforms you will need
pcscd installed and running to be able to communicate with a YubiKey over the SmartCard interface. Additionally, you may need to set permissions for your user to access YubiKeys via the HID interfaces.
Some of the libraries used by yubikey-manager have C-extensions, and may require additional dependencies to build, such as
swig and potentially