Expanding YubiKey Keyboard Support

July 24, 2013 3 minute read

Hi. We’ve had a few queries about using the YubiKey with various keyboard layouts, so we thought we’ll spend some time describing the different methods available to do that.

Like a USB keyboard, YubiKeys work via inputting scan codes as opposed to actual characters. This means that when you type, the keyboard only sends the key number, or “scan code”, which the computer then translates depending on your keyboard settings.

This presents an issue as there are many different keyboard layouts in use in the world today. In order to mitigate the problem, the YubiKey only uses modhex (MODified HEXadecimal for short) characters, which are characters which are mapped to by the same scan codes in almost all keyboard layouts. If your chosen keyboard layout is not one of those covered by the modhex system (like Dvorak, etc), your YubiKey might not be able to output the characters correctly. If this is true for you, here are 3 ways to resolve the issue.

Option 1

Our recommended “best practice” is to switch to a US standard keyboard layout when entering the OTP and switching back when done. When properly configured this is quick and convenient – in a Windows environment, for example, pressing alt+shift (to switch the input language) and ctrl+shift (to switch the keyboard layout) can allow one to quickly switch to an alternative layout.

Keyboard_Screenshot_1

The screenshot above shows a sample configuration of a US standard keyboard layout and a US dvorak keyboard layout.

Option 2

If you are trying to output digits (0-9) with the French AZERTY keyboard layout, you can simply use the press the shift key while using the YubiKey or set the flag in personalization tool to use the numeric keypad instead (for firmware 2.3 onwards).

The screenshot above shows where the flag setting in the personalization tool is.

Option 3

If neither of this is possible for you, another solution would be to modify the scanmap used by your YubiKey NEO. This feature requires a YubiKey NEO and the command line version of the Cross-Platform Personalization Tool. Your YubiKey NEO will only work properly on the keyboard layout that you modified it for – if you modified it for a dvorak keyboard layout, for example, it can only be used on the dvorak keyboard layout.

The YubiKey uses the following alphabet:

cbdefghijklnrtuvCBDEFGHIJKLNRTUV0123456789\t\r

The scan map is the 1 byte scan code for each of those characters. So for a US standard keyboard layout (and the YubiKey default), the scanmap is:
06050708090a0b0c0d0e0f111517181986858788898a8b8c8d8e8f9195979899271e1f202122232425262b28

To set the scanmap, use the -S argument of the ykpersonalize tool and then affix the desired scanmap after. Shown below are some examples.

Simplified US Dvorak:
0c110b071c180d0a0619130f120e09378c918b879c988d8a8699938f928e89b7271e1f202122232425269e2b28

French AZERTY:
06050708090a0b0c0d0e0f111517181986858788898a8b8c8d8e8f9195979899a79e9fa0a1a2a3a4a5a6382b28

Turkish QWERTY (with a dotless i instead of usual i):
06050708090a0b340d0e0f111517181986858788898a8b8c8d8e8f9195979899271e1f202122232425269e2b28

Note that you must remove any whitespace present in these examples before using the values. Leaving the argument empty will reset the scanmap to the YubiKey’s default.

The screenshot above shows a YubiKey NEO’s scanmap being configured for the dvorak keyboard layout.

Interested to know more? Head to our technical forum.

Enjoy using your YubiKey!

Share this article:

Recommended content

Thumbnail

Combating ransomware attacks on your enterprise

What do a PC manufacturer, a meat supplier and a mental health clinic have in common? They have all been victims of ransomware attacks. They’re not alone. Ransomware attacks grew by over 485% in 2020, leveraging the new ransomware-as-a-service (RaaS) model of profit-sharing in exchange for ransomware tools.  One of the most infamous recent ransomware ...

Thumbnail

Top five pitfalls companies should avoid when rolling out a passwordless strategy

Given the number of breaches in the news today where passwords were at the root of the problem, many companies are now exploring the benefits of a secure passwordless future. Secure passwordless logins not only bring cost efficiencies and a more frictionless user login experience into the organization, but deliver the security that is necessary ...

Thumbnail

Yubico brings the YubiKey to the .NET ecosystem with its new desktop SDK

In continuation with our mission to bring strong authentication to the world, Yubico is excited to announce that integrating the YubiKey into your .NET application or workflow will now be easier than ever before. This is enabled with the introduction of the new YubiKey SDK for Desktop. With this Desktop SDK, you can now add ...

Thumbnail

Built-in FIDO authenticators and YubiKeys are making the internet safer for all

In 2007, Yubico set out to protect as many people as possible by making secure login easy and available for everyone. We are happy Apple has joined Yubico, Google, and Microsoft on this journey by implementing W3C WebAuthn/FIDO compatible platform authenticators and are pleased to say that now all major platforms have adopted the standards ...