Hi. We’ve had a few queries about using the YubiKey with various keyboard layouts, so we thought we’ll spend some time describing the different methods available to do that.
Like a USB keyboard, YubiKeys work via inputting scan codes as opposed to actual characters. This means that when you type, the keyboard only sends the key number, or “scan code”, which the computer then translates depending on your keyboard settings.
This presents an issue as there are many different keyboard layouts in use in the world today. In order to mitigate the problem, the YubiKey only uses modhex (MODified HEXadecimal for short) characters, which are characters which are mapped to by the same scan codes in almost all keyboard layouts. If your chosen keyboard layout is not one of those covered by the modhex system (like Dvorak, etc), your YubiKey might not be able to output the characters correctly. If this is true for you, here are 3 ways to resolve the issue.
Option 1
Our recommended “best practice” is to switch to a US standard keyboard layout when entering the OTP and switching back when done. When properly configured this is quick and convenient – in a Windows environment, for example, pressing alt+shift (to switch the input language) and ctrl+shift (to switch the keyboard layout) can allow one to quickly switch to an alternative layout.
The screenshot above shows a sample configuration of a US standard keyboard layout and a US dvorak keyboard layout.
Option 2
If you are trying to output digits (0-9) with the French AZERTY keyboard layout, you can simply use the press the shift key while using the YubiKey or set the flag in personalization tool to use the numeric keypad instead (for firmware 2.3 onwards).
The screenshot above shows where the flag setting in the personalization tool is.
Option 3
If neither of this is possible for you, another solution would be to modify the scanmap used by your YubiKey NEO. This feature requires a YubiKey NEO and the command line version of the Cross-Platform Personalization Tool. Your YubiKey NEO will only work properly on the keyboard layout that you modified it for – if you modified it for a dvorak keyboard layout, for example, it can only be used on the dvorak keyboard layout.
The YubiKey uses the following alphabet:
cbdefghijklnrtuvCBDEFGHIJKLNRTUV0123456789\t\r
The scan map is the 1 byte scan code for each of those characters. So for a US standard keyboard layout (and the YubiKey default), the scanmap is:
06050708090a0b0c0d0e0f111517181986858788898a8b8c8d8e8f9195979899271e1f202122232425262b28
To set the scanmap, use the -S argument of the ykpersonalize tool and then affix the desired scanmap after. Shown below are some examples.
Simplified US Dvorak:
0c110b071c180d0a0619130f120e09378c918b879c988d8a8699938f928e89b7271e1f202122232425269e2b28
French AZERTY:
06050708090a0b0c0d0e0f111517181986858788898a8b8c8d8e8f9195979899a79e9fa0a1a2a3a4a5a6382b28
Turkish QWERTY (with a dotless i instead of usual i):
06050708090a0b340d0e0f111517181986858788898a8b8c8d8e8f9195979899271e1f202122232425269e2b28
Note that you must remove any whitespace present in these examples before using the values. Leaving the argument empty will reset the scanmap to the YubiKey’s default.
The screenshot above shows a YubiKey NEO’s scanmap being configured for the dvorak keyboard layout.
Interested to know more? Head to our technical forum.
Enjoy using your YubiKey!
