The YubiKey can be reprogrammed using our personalization tools. This is typically done when you host your own validation server, or when the YubiKey is used in static password mode. Note that re-programming your YubiKey will overwrite the AES key and the YubiKey prefix, and you cannot undo this action!
If you have re-programmed your YubiKey and want to use your YubiKey on services that uses Yubico’s validation server, you may upload your new AES key to us. Please understand that for replay protection to work you can only use your YubiKey with one server. Thus, in order to allow our server to properly detect OTP replays you must not use the YubiKey against another server.
- YubiKey Hardware
- Personalization Tool
How to upload AES Key
User Guide (pdf)
Keys uploaded to us must use a 12 modhex characters prefix beginning with ‘vv’. The reason for this is to avoid collisions with existing YubiKeys. Choose the rest of the prefix randomly. Allocation is done on a first come first serve basis, so if the YubiKey prefix you chose is already in use, you will get an error message. If you chose prefixes randomly this is unlikely to happen.
The simplest and safest way is to re-program your YubiKey another time using a ‘vv’ prefix and upload the AES key to our server (and not use the AES keys anywhere else).
Please note: It takes up to 15 minutes for an uploaded identity to become valid on our validation servers. Please wait at least 15 minutes before testing an uploaded identity.
'vv' prefix credentials are not guaranteed to have the same availability as production 'cc' prefix credentials. Yubico reserves the right to invalidate any 'vv' prefix credential on the Yubico validation service (YubiCloud) at any time for any reason including if the credential appears as not loaded onto a genuine YubiKey.