Using the YubiKey Manager GUI

The YubiKey Manager’s (ykman’s) graphical user interface (GUI) is a quick, convenient way to find out what firmware your YubiKey has and/or to reset it - unless you prefer to use ykman’s CLI. Note that the CLI has more options, so if you do not find what you want in the GUI, check to see if the CLI has it.

Checking Firmware Version

Launch the YubiKey Manager App and connect your YubiKey if it is not already connected. Note that the tool will only read a single YubiKey at a time, so if you have multiple keys connected, it might not be evident which one the tool is identifying.

ykman opens the Home tab by default, displaying the following:

  • YubiKey series (e.g., YubiKey 5)
  • Firmware (e.g., 5.4.X)
  • Images of the various form factors within that series.
_images/ykman-4.3.7.png

YubiKey Manager GUI, Home tab

Managing Applications

Enabling/Disabling

ykman can be used to check which applications are enabled on which interface and to enable or disable each application on each physical interface.

To find out which applications are enabled, select the Interfaces tab. A checkbox with a tick is shown next to each enabled applications. To change which applications are enabled, use the checkboxes to select the ones you want enabled and click Save Interfaces.

Note

For the YubiKey 5Ci, any modifications made to the applications over the USB interface will also apply to the applications over Lightning®.

Locking

Once the desired applications have been selected, a lock code can be set to prevent changes to the set of enabled applications. This is done using the ykman CLI ykman config set-lock-code. The lock code is 16 bytes presented as 32 hex characters. For more information, see ykman config set-lock-code [OPTIONS].

Managing Interfaces

The Interfaces tab displays your key’s form factor (e.g., USB), and the interfaces it has. Use the Interfaces tab to configure what is available on that key. For example, you can disable the interfaces by deselecting the respective checkboxes.

Resetting FIDO2 Function

Resetting the key is not the same as unblocking it. Because resetting the FIDO2 function returns the key to its beginning state when it has no PIN, you must set a new PIN and enroll the key again after resetting it.

Step 1:

Remove your YubiKey if it is still connected to your machine, then launch ykman and insert your key.

_images/ykman-4.3.7.png
Step 2:

Click on the word Applications at the top of that tab. A list of menu options appears. The specific options depend on the key.

_images/ykman-applications-options-list.png
Step 3:

Select FIDO2. The FIDO2 page appears.

_images/ykman-FIDO2-page.png
Step 4:

Click the Reset FIDO button. The Reset FIDO confirmation popup appears.

_images/ykman-reset-fido-confirmation.png
Step 5:

Click Yes. Everything on the key is removed: the PIN (if set) is deleted. The Remove and re-insert your YubiKey! prompt appears.

_images/ykman-remove-and-reinsert-your-yubikey.png
Step 6:

Remove and re-insert your YubiKey. The Touch your YubiKey prompt appears, and the green LED flashes.

_images/ykman-touch-your-yubikey.png
Step 7:

Touch your YubiKey. The message “FIDO applications have been reset” appears at the bottom of the Applications page.
Step 8:

Remove the key in preparation for re-enrolling it.

To get in touch with Yubico Support, click here.