Background

The YubiKey can be reprogrammed using our personalization tools. This is typically done when you host your own  validation server, or when the YubiKey is used in static password mode. Note that re-programming your YubiKey will overwrite the AES key and the YubiKey prefix, and you cannot undo this action!

If you have re-programmed your YubiKey and want to use your YubiKey on services that uses Yubico’s validation server, you may upload your new AES key to us. Please understand that for replay protection to work you can only use your YubiKey with one server. Thus, in order to allow our server to properly detect OTP replays you must not use the YubiKey against another server.

Required

  • YubiKey Hardware
  • Personalization Tool

How to upload AES Key

User Guide (pdf)

Keys uploaded to us must use a 12 modhex characters prefix beginning with ‘vv’. The reason for this is to avoid collisions with existing YubiKeys. Choose the rest of the prefix randomly. Allocation is done on a first come first serve basis, so if the YubiKey prefix you chose is already in use, you will get an error message. If you chose prefixes randomly this is unlikely to happen.

The simplest and safest way is to re-program your YubiKey another time using a ‘vv’ prefix and upload the AES key to our server (and not use the AES keys anywhere else).

Proceed to our AES Key Upload Page