Using the YubiKey Manager GUI

This chapter describes how to use the YubiKey Manager GUI. For full functionality we strongly recommend using Yubico Authenticator instead of the YubiKey Manager.

The YubiKey Manger GUI is a quick, convenient way to find out what firmware your YubiKey has and/or to reset it. If you are using the YubiKey Manager and do not find the options you want, check the ykman CLI or the Yubico Authenticator.

Launch YubiKey Manager GUI on Windows

Windows Launch using GUI

1. Open the Start menu panel, locate and click the YubiKey Manager app.

2. Optionally, right-click the YubiKey Manager icon and select, Pin to Start or Pin to taskbar.

   

Windows Launch using CLI

To launch from the command line 64 bit system:

C:\>"C:\Program Files\Yubico\YubiKey Manager\ykman-gui.exe"

To launch from the command line 32 bit system:

C:\>"C:\Program Files (x86)\Yubico\YubiKey Manager\ykman-gui.exe"

Debug Logging Mode

To launch ykman with debug logging enabled, add the following to the execution command:

--log-level DEBUG --log-file %USERPROFILE%\Desktop\ykman-log.txt

For example:

C:\>"C:\Program Files (x86)\Yubico\YubiKey Manager\ykman-gui.exe"
   --log-level DEBUG --log-file %USERPROFILE%\Desktop\
   ykman-log.txt

Launch YubiKey Manager GUI on MacOS

1. Open Launchpad, locate and click the YubiKey Manager icon.

2. Optionally, right-click the YubiKey Manager icon in the task bar and select Options > Keep in Dock.

   

YubiKey Manager GUI Version

To identify the version of the YubiKey Manager GUI:

1. Launch the YubiKey Manager.

2. Click About in the upper right corner of the GUI. The version is displayed in a popup box.

   

View YubiKey Firmware Version

1. Launch the YubiKey Manager, GUI version.

2. At the YubiKey Manager prompt, insert your YubiKey and touch.

   

   If your YubiKey is already connected, the YubiKey Manager Home tab is displayed.

   Note that the tool only reads a single YubiKey at a time, so if you have multiple keys connected, it might not be evident which one YubiKey Manager is identifying.

3. View the listed YubiKey firmware version.

   When your YubiKey credential is accepted YubiKey Manager opens the Home tab and lists the accepted YubiKey firmware:

   • YubiKey series (e.g., YubiKey 5)
   • Firmware (e.g., 5.4.X)
   • Images of the various form factors within that series.
   

Managing Applications

YubiKey Manager can be used to check which applications are enabled on which interface and to enable or disable each application on each physical interface.

View Available Interfaces

The Interfaces tab displays your key’s form factor (for example, USB), and the interfaces it has. Use the Interfaces tab to configure what is available on that key. For example, you can disable the interfaces/applications by deselecting the respective checkboxes.

View YubiKey Enabled Applications

1. Launch the YubiKey Manager, GUI version.

2. Insert the YubiKey whose applications you want to manage.

3. View available applications. Select the Applications tab.

   

Enable and Disable Applications

1. Launch the YubiKey Manager, GUI version.

2. Insert the YubiKey whose applications you want to manage.

3. View available applications. Select the Interfaces tab.

   A checkbox with a tick is shown next to each enabled applications.

4. Enable to disable applications for the YubiKey.

   1. Select the checkbox to enable an application.
   2. Unselect the checkbox to disable an application.
   3. Click Save Interfaces.
   

Note

For the YubiKey 5Ci, any modifications made to the applications over the USB interface also apply to the applications over Lightning®.

Locking

Once the desired applications have been selected, a lock code can be set to prevent changes to the set of enabled applications. This is done using the ykman CLI ykman config set-lock-code. The lock code is 16 bytes presented as 32 hex characters. For more information, see ykman config set-lock-code [OPTIONS].

Configure YubiKey Slot on YubiKey

1. Launch the YubiKey Manager, GUI version.

2. Insert the YubiKey whose applications you want to manage.

3. Select application to configure.

   1. Select the Applications tab.
   2. Select from the displayed list of applications.

4. Select the YubiKey slot to configure. Click the slot Configure button.

   

5. Complete the configuration options. These are specific to each application type.

Resetting FIDO2 Function

Resetting the key is not the same as unblocking it. Because resetting the FIDO2 function returns the key to its beginning state when it has no PIN, you must set a new PIN and enroll the key again after resetting it.

1. Remove your YubiKey if it is still connected to your machine, then launch ykman and insert your key.

   

2. Click on the word Applications at the top of that tab. A list of menu options appears. The specific options depend on the key.

   

3. Select FIDO2. The FIDO2 page appears.

   

4. Click the Reset FIDO button. The Reset FIDO confirmation popup appears.

   

5. Click Yes. Everything on the key is removed: the PIN (if set) is deleted. The Remove and re-insert your YubiKey! prompt appears.

   

6. Remove and re-insert your YubiKey. The Touch your YubiKey prompt appears, and the green LED flashes.

   

7. Touch your YubiKey. The message “FIDO applications have been reset” appears at the bottom of the Applications page.

8. Remove the key in preparation for re-enrolling it.

---

Click for Yubico Support.