Requirements

This guide will show you how to configure your YubiKeys to unlock your pwSafe. To do so, you will need the following:

Setting Up Your YubiKey

  1. Install the YubiKey Personalization Tool if you have not already done so and run it.
  2. Click Settings.
  3. Select the check box for Button at startup and API call, and then click Save.
    OTP_settings1
  4. Click Challenge-Response in the top navigation bar, then click HMAC-SHA1.
  5. Select the configuration slot that you want to program. These instructions assume that you want to use the second configuration slot, which is empty by default.
  6. Select the options to Require user input and Variable input.
  7. To generate your secret key, click Generate. Copy this key and keep it in a secure location.
  8. Click Write Configuration.
    OTP_settings2
  9. If you want to make a backup YubiKey (highly recommended), insert another YubiKey and repeat steps 5 to 8 with the same Secret Key (instead of generating a new one, copy and paste it from your backup).

How to Enable pwSafe and YubiKey

Before using the YubiKey, you’ll need to activate pwSafe’s YubiKey support optional feature.

To activate YubiKey support in pwSafe:

  1. Insert the YubiKey into a USB slot on your Mac system.
  2. When prompted, select the check box to Use YubiKey, and then click OK.
    pwSafe1
  3. When prompted, click the option to Buy for price or Restore Purchase.
    pwSafe2

Using Your YubiKey

If you already have a YubiKey-enabled safe:

Make sure to select the check box to Use YubiKey before entering the password. When you click OK, you have 15 seconds to touch your YubiKey, so that it calculates the actual safe encryption key.
pwSafe3

If you are creating a new safe or changing a safe password:

Before you proceed, be sure you create a backup YubiKey. Before proceeding with creating a new safe or changing a safe password, you will also have the option to create a new YubiKey secret. If you choose this option, your YubiKey’s second configuration slot will be erased and a new secret will be stored in it. Note that if you do, you will not be able to use that YubiKey to access any service you might have configured to use its second configuration slot, including any other safes. To continue, make sure to select the check box to Use YubiKey” and click OK.
pwSafe4

Creating a Backup Copy of your pwSafe YubiKey

To create a backup copy of your YubiKey, select Safe > Prepare YubiKey. You can then you’ll be able to initialize another YubiKey with the same secret of the current safe. It is highly recommended that you have a backup YubiKey, so that the loss of your primary YubiKey will not prevent you from ever accessing your passwords in pwSafe.
pwSafe5