- This should only be done if you purchased the token independently or token’s PUK has been locked
- If you have previously purchased the token from us, you should check your old order for the PIN, PUK, and management key. You can contact support for assistance on this.
- On Yubikey 5 FIPS, if there are multiple options for algorithms on the management key, you should select aes-256.
Process to Re-Initialize (Restore Defaults on) the YubiKey FIPS Token
- Yubico Yubikey Manager – https://www.yubico.com/products/services-software/download/yubikey-manager/
- Yubico YubiKey FIPS Token (Token)
- Download and install the YubiKey Manager. (note: Modern Windows computers will use x64; x86 is for older, 32-bit computers.
- Open the YubiKey Manager and insert the Token.
- Navigate to Applications > PIV > Reset PIV, when prompted confirm the action by clicking “yes”. This will remove ALL certificates stored on the Yubikey.
4. After a brief processing time, the YubiKey Manager will display a notice that the action was successful and the token is now reset to defaults. You may now configure your PIN.
Process to Configure PINs on Yubico YubiKey FIPS Token
- Download Yubico Yubikey Manager
- Yubico YubiKey FIPS Token
- Open YubiKey Manager and insert the Token into a USB slot on the computer.
- Navigate to Applications > PIV > Configure PINs.
- Select “Change PIN” and then check the “use default” checkbox.
- Generate a new PIN of at least 6 characters.
- Record the PIN in a secure location. Take note that you will need the PIN to use the token with signing documents or code. Also, you will have a sole record of the PIN and SSL.com will not be able to help you recover it if it gets lost.
- Enter the PIN into the New PIN field of the YubiKey Manager and then re-enter the PIN into the Confirm New PIN field. Select Change PIN to lock-in the changes.
- You will then be redirected back to the PIV menu. From Applications > PIV > Configure PINs, select Change PUK.
- Check the box for Use Default.
- Generate your PUK of at least 6 characters
- Record the PUK in a secure location. Take note that you will need the PUK to reset it if it ever becomes lost or you forget it. Take note also that this is the only record of the PUK and SSL.com will not be able to help you recover it if you lose it.
- Enter the PUK into the New PUK field of the YubiKey Manager and then re-enter the PUK into the Confirm New PUK field. Finally, select Change PUK to lock-in the changes.
- Provided that there are no error messages you will be redirected back to the PIV menu. Next, perform the following operation to change the Management Key:
From Applications > PIV > Configure PINs, select Change Management Key.
- Check the box for Use Default.
- Click the Generate button to generate a new 48 character Management Key. Highlight the key and press Ctrl-C to copy it.
- Record the Management Key in a secure location. Take note that you will need the Management Key for all certificate activity on the token, such as generation of a CSR or installing an S/MIME certificate. Take note also that you have the sole record of the Management Key and ssl.com will not be able to help you recover it if you lose it.
- Once the Management Key has been recorded in the proper location, press Finish to save the changes and update the token. You have now reset the PIN/PUK/Management Key on the Yubico YubiKey FIPS Token.
If you are interested in learning how to generate a key pair and attestation certificate on your Yubikey, check out this article.