Enabling YubiKey NEO’s OpenPGP Applet: Step-by-Step Guide

Yubico Team

Yubico Team

3 minute read

In this post, we will take you through the steps to enable the YubiKey NEO’s OpenPGP applet on a production YubiKey NEO. YubiKey NEOs are currently shipped with an OpenPGP applet already installed but disabled. You will need to enable the Applet functionality of the YubiKey NEO before you can use the OpenPGP applet.

To do this, you will need to use the command line interface (CLI) version of the YubiKey Personalization Tool. If you are not familiar with using command line tools, this applet is probably not for you. To download ykpersonalize please click here.

Once you have installed the ykpersonalize software, insert your YubiKey NEO and you can check the version with the ykinfo -v command – which shows version: 3.0.1 for our YubiKey NEO. To enable your YubiKey NEO’s Smartcard interface (CCID), enter the command ykpersonalize -m82 as:

The -m option is the mode command. To see the different modes, enter ykpersonalize –help. Mode 82 (in hex) enables the YubiKey NEO as a composite USB device (HID + CCID) and allows OTPs to be emitted while in use as a smart card.  Once you have changed the mode, you need to re-boot the YubiKey – so remove and re-insert it.

Now our NEO App: OpenPGP is visible we can use the gpg program to set-up a new smart card: gpg –card-edit and then enter the admin command to enable admin commands. The command to create a new set of public/private key pairs is generate.  You should see something like:

Note the default PINs as you will need to enter them into the pop ups – e.g.:

Once you enter the Admin and User PINs, gpg will ask you for various settings. Once you select Okay the YubiKey NEO will work for between 1 minute and 3 minutes to generate 3 key pairs. It took our YubiKey NEO 1 minute 40 seconds.

WARNING: You cannot backup the secret keys – so if you lose the YubiKey NEO, re-generate another key pair or other lose the key pair there is no way to retrieve it! When you encrypt a file, make sure you have a plain text backup.

It is recommended to backup the Public key – we often use the Export Certificates to Server function in Kleopatra to do this. This is our screen:

The public keys and private key stubs are automatically loaded into the gpg database; we are running Kleopatra – so before completing, Kleopatra showed my soft keys:

And afterwards Kleopatra shows the YubiKey NEO with the SmartCard icon:

With details:

We can now select my YubiKey NEO to sign and encrypt files e.g.:

The source code for the YubiKey NEO OpenPGP app is available here.

,
Talk to our teamTalk to our team

Share this article:
  • Introducing the Yubico Academy: Enabling partners for a phishing-resistant futureAt Yubico, strong partnerships are fundamental to a more secure digital world. Our commitment goes beyond providing leading security keys; it’s about actively fostering the growth of our valued partners through impactful enablement programs. A cornerstone is the Yubico Academy, featuring our comprehensive certification program.  This program enables our partners’ teams to become Yubico experts, […]Read more
  • AI is booming — but proving you’re human matters more than everIf you walked the show floor at the RSA Conference this year, you probably noticed the same thing I did: Artificial Intelligence (AI) is everywhere. Agentic AI. AI in threat detection. AI in firewalls. AI in identity management. AI-generated demos. AI everything. The energy around AI was undeniable, and we’re seeing real innovation, efficiency gains […]Read moreAIArtificial IntelligencephishingRSAC
  • Ditching passwords for good: Celebrating the inaugural World Passkey DayHave you ever been stuck in a relationship with someone who constantly lets you down, exposes your secrets, and leaves you vulnerable? Odds are you cut your losses, packed up your things and moved on. Today is the day to do the same with your passwords: say goodbye forever! The reality is a majority of […]Read morepasskeyspasswordlessWorld Passkey Day
  • Digital security’s unique role in protecting our environmentAs sustainability expands to include social, economic, and technological challenges, cybersecurity has emerged as a top global threat – with cybercrime projected to cost $12 trillion this year. Stolen credentials and phishing account for 80% of breaches. At Yubico, making the world more secure is just part of how we care for the world around […]Read moreCSREarth DaySecure It ForwardSustainability